| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: PUP.RewardsArcade in RegistrierungsschluesselWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.03.2013, 09:55
| #1 |
 |  PUP.RewardsArcade in Registrierungsschluessel Hallo Foren-Helfer, ich habe eher zufällig einen Malewarescan mit dem Programm " Malwarebytes Anti-Malware " durchführen lassen. Ich hatte bisher keine Probleme / Auffälligkeiten / Symptome mit meinem PC. Einzig erwähnenswert wäre hier eine PC-Startdauer von ~4min, inklusive Windowsstart. Bei dem Maleware-Scan wurden 7 infizierte Registrierungsschluessel und 2 infizierte Dateien gemeldet. Avira Free Antivir hat bei einem vollständigen Systemsuchlauf, inklusive Rootkit- und Bootsektorensuche, keine Bedrohungen gefunden. Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.09.09 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 RK :: ROBERT-PC [Administrator] 09.03.2013 18:57:55 mbam-log-2013-03-09 (18-57-55).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P Deaktivierte Suchlaufeinstellungen: Durchsuchte Objekte: 455534 Laufzeit: 3 Stunde(n), 25 Minute(n), 57 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 7 HKCR\CLSID\{597A9974-8CB0-4f41-B61F-ED065738A397} (PUP.RewardsArcade) -> Keine Aktion durchgeführt. HKCR\TypeLib\{60BE6B2E-F2F5-4404-AA1E-4381D4A6EEA2} (PUP.RewardsArcade) -> Keine Aktion durchgeführt. HKCR\Interface\{6427058B-217C-4C7F-A6CE-C7934C0BDCEB} (PUP.RewardsArcade) -> Keine Aktion durchgeführt. HKCR\RewardsArcade.BHO.1 (PUP.RewardsArcade) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 D:\Downloads\installer_driver_philips_pcvc720k_40_webcam_98_Deutsch_Deutsch.exe (PUP.SmsPay.pns) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Downloads\MKVPlayerSetup.exe (PUP.Adware.RKN) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Aufgrund der Meldungen habe ich die infizierten Dateien in Quarantäne gestellt und diese auch gänzlich gelöscht. Die infizierten Registrierungsschluessel habe ich beim nächsten Scan in Quarantäne gestellt. Im Zuge der Erstellung des Themas und des Erbittens Eurer Hilfe habe ich die in "Für alle Hilfesuchenden!" erwähnten Schritte hoffentlich mit aller Korrektheit und Vollständigkeit durchgeführt. Die Forums-Regeln sind mir bekannt. defogger_disable.txt: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:18 on 14/03/2013 (RK)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 14.03.2013 17:23:05 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\RK\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16521) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,25 Gb Available Physical Memory | 62,85% Memory free 3,98 Gb Paging File | 3,13 Gb Available in Paging File | 78,56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 65,00 Gb Total Space | 1,97 Gb Free Space | 3,03% Space Free | Partition Type: NTFS Drive D: | 46,69 Gb Total Space | 2,79 Gb Free Space | 5,97% Space Free | Partition Type: NTFS Computer Name: ROBERT-PC | User Name: RK | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.14 09:01:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\RK\Desktop\OTL.exe PRC - [2013.02.12 16:47:53 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2013.02.12 16:44:28 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2013.02.12 16:44:12 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2013.02.12 16:44:10 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.01.29 18:13:12 | 001,668,224 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Mouse and Keyboard Center\ipoint.exe PRC - [2013.01.29 18:13:12 | 001,093,744 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Mouse and Keyboard Center\itype.exe PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012.07.17 14:49:00 | 001,713,904 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2012.07.17 14:49:00 | 000,194,304 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.06.17 21:56:44 | 000,370,176 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe ========== Modules (No Company Name) ========== MOD - [2012.11.29 22:59:32 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll ========== Services (SafeList) ========== SRV - [2013.03.08 14:02:35 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.12 16:47:53 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.02.12 16:44:12 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.17 14:49:00 | 001,713,904 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2012.01.07 13:28:17 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2012.01.04 12:32:36 | 000,718,888 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2011.12.29 09:58:24 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Disabled | Stopped] -- C:\Windows\System32\stacsv.exe -- (STacSV) SRV - [2011.08.19 09:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.03.09 11:18:06 | 001,060,864 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME) SRV - [2011.03.09 11:16:56 | 000,484,352 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC) SRV - [2011.03.09 11:07:54 | 000,238,592 | ---- | M] (WDC) [Disabled | Stopped] -- C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService) SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.02.26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - [2012.12.11 16:45:12 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.12.11 16:45:12 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.11.26 18:05:22 | 000,064,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) DRV - [2012.11.14 11:36:26 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2012.08.23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012.08.23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2012.01.09 16:28:20 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2012.01.09 16:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2012.01.09 16:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2012.01.09 16:28:20 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2012.01.09 16:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2012.01.09 16:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2011.12.29 09:58:31 | 000,074,240 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86) DRV - [2011.12.29 09:58:31 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86) DRV - [2011.12.29 09:58:25 | 000,325,120 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2011.08.19 09:26:50 | 004,334,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) DRV - [2011.08.19 09:26:46 | 000,315,808 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS) DRV - [2011.03.06 22:33:38 | 000,045,440 | ---- | M] (Siano) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smsbda.sys -- (smsbda) DRV - [2011.02.16 16:52:46 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM) DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.03.23 13:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2009.07.13 23:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2008.08.26 08:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007.08.03 05:36:10 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP) DRV - [2007.07.27 11:46:06 | 000,251,680 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acehlp10.sys -- (acehlp10) DRV - [2007.07.27 09:13:08 | 000,330,144 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV10.sys -- (acedrv10) DRV - [2007.04.23 13:29:00 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony) DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) DRV - [2005.02.23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\RK\Desktop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 81 7E A8 0C E2 C3 CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {553852A3-665D-47A0-8DB6-15C1A116880D} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{553852A3-665D-47A0-8DB6-15C1A116880D}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz= IE - HKCU\..\SearchScopes\{E84F4033-D7CD-486E-A589-8AA5CCAAAF7F}: "URL" = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: nosquint%40urandom.ca:2.1.6 FF - prefs.js..extensions.enabledAddons: %7Bdaf44bf7-a45e-4450-979c-91cf07434c3d%7D:1.5.8 FF - prefs.js..extensions.enabledAddons: %7B8AA36F4F-6DC7-4c06-77AF-5035170634FE%7D:2012.09.13 FF - prefs.js..extensions.enabledAddons: %7B4cc4a13b-94a6-7568-370d-5f9de54a9c7f%7D:2.1 FF - prefs.js..extensions.enabledAddons: %7B9AA46F4F-4DC7-4c06-97AF-5035170634FE%7D:5.2 FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68 FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.6.110 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\Windows\DOWNLO~1\NpFv530.dll (1 mal 1 Software GmbH) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012.12.02 20:51:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 14:02:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.08 14:02:24 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 14:02:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.08 14:02:24 | 000,000,000 | ---D | M] [2012.09.18 11:28:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RK\AppData\Roaming\mozilla\Extensions [2013.03.03 17:49:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RK\AppData\Roaming\mozilla\Firefox\Profiles\ukmzecrj.default\extensions [2013.03.03 17:49:47 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\RK\AppData\Roaming\mozilla\Firefox\Profiles\ukmzecrj.default\extensions\donottrackplus@abine.com [2012.11.19 13:34:20 | 000,113,112 | ---- | M] () (No name found) -- C:\Users\RK\AppData\Roaming\mozilla\firefox\profiles\ukmzecrj.default\extensions\nosquint@urandom.ca.xpi [2013.02.04 15:53:08 | 000,023,709 | ---- | M] () (No name found) -- C:\Users\RK\AppData\Roaming\mozilla\firefox\profiles\ukmzecrj.default\extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}.xpi [2013.02.21 17:01:15 | 000,115,869 | ---- | M] () (No name found) -- C:\Users\RK\AppData\Roaming\mozilla\firefox\profiles\ukmzecrj.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2013.03.03 17:49:45 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\RK\AppData\Roaming\mozilla\firefox\profiles\ukmzecrj.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012.10.18 10:22:04 | 000,115,263 | ---- | M] () (No name found) -- C:\Users\RK\AppData\Roaming\mozilla\firefox\profiles\ukmzecrj.default\extensions\{daf44bf7-a45e-4450-979c-91cf07434c3d}.xpi [2013.02.12 06:55:59 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\RK\AppData\Roaming\mozilla\firefox\profiles\ukmzecrj.default\extensions\donottrackplus@abine.com\chrome\content\ff\view_expiry.js [2012.11.03 12:50:18 | 000,002,344 | ---- | M] () -- C:\Users\RK\AppData\Roaming\mozilla\firefox\profiles\ukmzecrj.default\searchplugins\askcom.xml [2013.03.08 14:02:14 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.12.02 20:51:52 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX [2013.03.08 14:02:36 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.12.09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - Startup: C:\Users\RK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Outlook 2007.lnk = C:\Windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleNetIDList = 1 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1362648753484 (MUCatalogWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 1.7.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 10.17.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F561} hxxp://download.flatcast.net/objects/NpFv530.dll (Flatcast Viewer 5.3) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 134.169.172.1 134.169.9.150 134.169.9.151 134.169.9.152 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0DCC2B62-5BFD-4AFA-825A-6D910F509E47}: DhcpNameServer = 134.169.172.1 134.169.9.150 134.169.9.151 134.169.9.152 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F2D7BDB-400D-48E6-8345-874DFFA9A04D}: DhcpNameServer = 134.169.9.152 134.169.9.151 134.169.9.150 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{345905ec-6ce7-11e1-b28c-0013a9c0c8e8}\Shell - "" = AutoRun O33 - MountPoints2\{345905ec-6ce7-11e1-b28c-0013a9c0c8e8}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\{a12bd357-541d-11e2-86ad-0013a9c0c8e8}\Shell - "" = AutoRun O33 - MountPoints2\{a12bd357-541d-11e2-86ad-0013a9c0c8e8}\Shell\AutoRun\command - "" = H:\unlock.exe autoplay=true O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.14 09:01:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\RK\Desktop\OTL.exe [2013.03.12 23:15:28 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll [2013.03.09 18:26:12 | 000,000,000 | ---D | C] -- C:\Users\RK\AppData\Roaming\Malwarebytes [2013.03.09 18:25:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.09 18:25:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.09 18:25:44 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.03.09 18:25:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.03.08 23:45:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2013.03.08 14:02:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.03.07 10:40:09 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache [2013.03.06 10:54:29 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.03.05 15:36:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.02.28 14:15:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.02.28 14:15:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2013.02.27 13:29:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center [2013.02.27 13:28:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center [2013.02.27 13:23:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.02.27 13:22:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.02.26 14:26:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013.02.14 01:24:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2 [2013.02.13 10:56:29 | 000,000,000 | ---D | C] -- C:\Windows\de [2013.02.13 10:49:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition [2013.02.13 10:47:39 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live [2013.02.13 10:40:20 | 000,000,000 | ---D | C] -- C:\Users\RK\AppData\Local\Windows Live [2013.02.13 10:39:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live [1 C:\Users\RK\*.tmp files -> C:\Users\RK\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.14 17:21:04 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.14 17:20:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.14 17:19:49 | 1603,084,288 | -HS- | M] () -- C:\hiberfil.sys [2013.03.14 17:18:24 | 000,000,000 | ---- | M] () -- C:\Users\RK\defogger_reenable [2013.03.14 17:01:34 | 000,482,463 | ---- | M] () -- C:\Users\RK\Desktop\FLT_9EMUQP2481_0.pdf [2013.03.14 16:53:38 | 000,013,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.14 16:53:38 | 000,013,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.14 16:29:32 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.14 14:30:07 | 001,149,657 | ---- | M] () -- C:\Users\RK\Desktop\Elektroauto – Wikipedia.pdf [2013.03.14 09:30:54 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2013.03.14 09:02:58 | 000,377,856 | ---- | M] () -- C:\Users\RK\Desktop\gmer_2.1.19155.exe [2013.03.14 09:01:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\RK\Desktop\OTL.exe [2013.03.14 09:01:13 | 000,050,477 | ---- | M] () -- C:\Users\RK\Desktop\Defogger.exe [2013.03.14 08:26:54 | 000,657,910 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.03.14 08:26:54 | 000,619,146 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.03.14 08:26:54 | 000,131,250 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.03.14 08:26:54 | 000,107,466 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.03.14 00:38:36 | 000,684,626 | ---- | M] () -- C:\Users\RK\Desktop\Für alle Hilfesuchenden Was muss ich vor der Eröffnung eines Themas beachten - Trojaner-Board.pdf [2013.03.12 23:15:28 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll [2013.03.05 18:40:52 | 000,572,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.02.27 15:55:54 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs [2013.02.14 14:43:19 | 000,007,168 | ---- | M] () -- C:\Users\RK\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.02.13 10:49:07 | 000,000,020 | ---- | M] () -- C:\Windows\èù¥ [1 C:\Users\RK\*.tmp files -> C:\Users\RK\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.14 17:18:24 | 000,000,000 | ---- | C] () -- C:\Users\RK\defogger_reenable [2013.03.14 17:01:28 | 000,482,463 | ---- | C] () -- C:\Users\RK\Desktop\FLT_9EMUQP2481_0.pdf [2013.03.14 14:30:04 | 001,149,657 | ---- | C] () -- C:\Users\RK\Desktop\Elektroauto – Wikipedia.pdf [2013.03.14 09:30:54 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2013.03.14 09:02:56 | 000,377,856 | ---- | C] () -- C:\Users\RK\Desktop\gmer_2.1.19155.exe [2013.03.14 09:01:12 | 000,050,477 | ---- | C] () -- C:\Users\RK\Desktop\Defogger.exe [2013.03.14 00:38:35 | 000,684,626 | ---- | C] () -- C:\Users\RK\Desktop\Für alle Hilfesuchenden Was muss ich vor der Eröffnung eines Themas beachten - Trojaner-Board.pdf [2013.02.13 10:56:03 | 000,001,251 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk [2013.02.13 10:55:41 | 000,001,320 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk [2013.02.13 10:49:06 | 000,000,020 | ---- | C] () -- C:\Windows\èù¥ [2012.12.03 18:13:33 | 000,016,098 | ---- | C] () -- C:\Windows\German2.ini [2012.08.24 15:49:07 | 000,000,351 | ---- | C] () -- C:\Users\RK\Spiele - Verknüpfung.lnk [2012.08.19 23:35:19 | 000,007,168 | ---- | C] () -- C:\Users\RK\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.03 17:11:54 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2012.05.01 09:04:19 | 000,004,096 | -H-- | C] () -- C:\Users\RK\AppData\Local\keyfile3.drm [2012.04.22 21:06:23 | 000,017,408 | ---- | C] () -- C:\Users\RK\AppData\Local\WebpageIcons.db [2012.04.16 17:33:31 | 000,000,173 | ---- | C] () -- C:\Users\RK\AppData\Local\msmathematics.qat.RK [2012.04.05 15:49:54 | 000,180,008 | ---- | C] () -- C:\Windows\SETUP1.EXE [2012.03.02 17:20:08 | 000,007,600 | ---- | C] () -- C:\Users\RK\AppData\Local\Resmon.ResmonCfg [2012.01.08 22:13:51 | 000,245,528 | ---- | C] () -- C:\Windows\hpoins19.dat [2012.01.08 22:13:51 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat [2011.12.29 11:18:44 | 000,125,426 | ---- | C] () -- C:\Windows\cgmxp32.ini [2011.12.28 16:20:41 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.12.28 16:14:26 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2011.12.28 16:14:26 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2011.12.26 18:55:58 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll [2011.08.19 09:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll [2011.08.19 09:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll [2011.08.19 09:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe [2011.08.12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2011.07.26 06:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.01.26 23:49:11 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\DVDVideoSoft [2013.01.15 23:03:49 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\FileZilla [2012.01.09 11:32:33 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\Leadertech [2012.08.19 23:38:09 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\Nokia [2012.08.19 20:51:43 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\Nokia Suite [2012.09.18 11:37:42 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\Opera [2012.02.28 10:10:10 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\PC Suite [2013.02.13 09:38:39 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\Swiss Academic Software [2012.01.11 17:01:46 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\Sync App Settings [2013.03.14 00:35:59 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\temp [2012.02.01 08:42:27 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\Trillian ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 14.03.2013 17:23:05 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\RK\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 1,25 Gb Available Physical Memory | 62,85% Memory free
3,98 Gb Paging File | 3,13 Gb Available in Paging File | 78,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 65,00 Gb Total Space | 1,97 Gb Free Space | 3,03% Space Free | Partition Type: NTFS
Drive D: | 46,69 Gb Total Space | 2,79 Gb Free Space | 5,97% Space Free | Partition Type: NTFS
Computer Name: ROBERT-PC | User Name: RK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DefaultOutboundAction" = 1
"DefaultInboundAction" = 1
"DoNotAllowExceptions" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0079B8EF-A4E2-4862-96F4-F29C00490744}" = dir=out | app=%programfiles%\digital publishing\isrs1_16_689518\set.exe |
"{0273A601-5074-4EA1-A0EB-CB93792189AB}" = dir=out | app=%programfiles%\windows live\photo gallery\wlxvideocameraautoplaymanager.exe |
"{034EADA1-C349-48C3-ABD3-7140A2591315}" = dir=out | app=%programfiles%\google\update\download\{430fd4d0-b729-4f61-aa34-91526481799d}\1.3.21.115\googleupdatesetup.exe |
"{037B8C48-3A7A-4C0A-AE0A-3E699D7711FD}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\videomanager.exe |
"{043A57E5-78E6-4BF2-8085-2F06265D1790}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\conversionhandler.exe |
"{04CA5362-B4F9-44C6-9B65-FD62DD091BB1}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\pcsync2.exe |
"{04CD64A7-28FA-48FB-B71D-90DFBA406298}" = dir=out | app=%programfiles%\ea sports\fussball manager 09\shortcuteditor_inst.exe |
"{0546E6A3-D209-407C-A1C6-C5C4ED862E18}" = dir=out | app=%programfiles%\microsoft mouse and keyboard center\itype.exe |
"{05D2FCD1-8442-4FBF-A855-E733040B5633}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\getconnected.exe |
"{073181B5-E6C9-4847-8803-10506DAD49D3}" = dir=out | app=%programfiles%\microsoft mouse and keyboard center\mousinfo.exe |
"{0A1E443B-D8FA-4BDF-A018-AB86C878BD0E}" = dir=out | app=%programfiles%\microsoft mouse and keyboard center\touchmousepractice.exe |
"{0AFA7149-7067-409B-A04A-9A10419BF2EE}" = dir=out | app=%programfiles%\sigmatel\c-major audio\setup.exe |
"{0C665A56-4AA6-424A-86C5-FF744C8AAC8C}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\connectionmanager.exe |
"{0CDE49E1-A8C4-4144-BAB1-799BEF0BFB7A}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\pcsynclv.exe |
"{0EE57F5F-37D7-4E2B-9226-6C86BDA8EA5D}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\onetouchaccess.exe |
"{0F951987-3A50-4662-BA89-8F8847A8BC16}" = dir=out | app=%programfiles%\common files\hewlett-packard\scanjet\bin\hpsjrreg.exe |
"{10189993-0D07-41E0-9B11-FDC4C745D910}" = dir=out | app=%programfiles%\hp\hp software update\hpwucli.exe |
"{1097A53B-C01F-459D-BF4D-B2381988DEC9}" = dir=out | app=%programfiles%\common files\nokia\mpapi\mpapi3s.exe |
"{110B43CC-925E-4A75-99F7-3CE212A1BCD7}" = dir=out | app=%programfiles%\gs\gs9.00\bin\gswin32c.exe |
"{1110A76C-09F4-4735-9BD9-71EDF40365A5}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\communicationcentre.exe |
"{14599659-A902-43A2-A23D-8AF8060B7FC0}" = dir=out | app=%programfiles%\microsoft games\freecell\freecell.exe |
"{15184DF7-4C4D-4416-8A3F-40077CC5DD56}" = dir=out | app=%programfiles%\hp\temp\{b61ed343-0b14-4241-999c-490cb1a20da4}\setup\hpzrcv01.exe |
"{1862159F-C8FF-4B1E-8A22-E92E6713D148}" = dir=out | app=%programfiles%\paint.net\pdnrepair.exe |
"{1C733848-A55B-404F-82BD-C22128465777}" = dir=out | app=%programfiles%\sun\sun odf plugin for microsoft office 3.2\program\sweb.exe |
"{1D2B556E-E6ED-44DE-A4DD-41E31752D590}" = dir=out | app=%programfiles%\data becker\weihnachts-druckerei\dbupdatechecker.exe |
"{1FBE7388-1878-484D-ACF2-78508BB3F9A0}" = dir=out | app=%programfiles%\windows media player\wmpshare.exe |
"{2410FF93-CCF2-479F-BF5B-C036744AE0C9}" = dir=out | app=%programfiles%\microsoft mouse and keyboard center\ipoint.exe |
"{27E946EE-CFA0-45EC-9565-931544EB4466}" = dir=out | app=%programfiles%\windows live\photo gallery\wlxalbumdownloadwizard.exe |
"{28B907FB-3D2B-46C3-99D2-649AB4042D17}" = dir=out | app=%programfiles%\data becker\weihnachts-druckerei\updchecker.exe |
"{28E414B8-7477-4B11-ADC9-21381958E2E7}" = dir=out | app=%programfiles%\windows live\photo gallery\wlxquicktimecontrolhost.exe |
"{2B383911-75DE-4125-A3C0-8B379898D560}" = dir=out | app=%programfiles%\windows media player\wmpsideshowgadget.exe |
"{2C8AB345-5908-446B-AB33-5D54E1C11048}" = dir=out | app=%programfiles%\windows media player\wmpdmc.exe |
"{2CC348DD-18A9-49EA-BD62-2AA1E251DEA8}" = dir=out | app=%programfiles%\windows live\photo gallery\wlxtranscode.exe |
"{2D2C77D7-8ADD-40A5-9DF0-1DA9C284222B}" = dir=out | app=%programfiles%\ea sports\fifa 09\support\fifa 09_code.exe |
"{2DE75529-7D14-4B2E-8FC4-0930D74EE96F}" = dir=out | app=%programfiles%\common files\dvdvideosoft\fixcomponentssilent.exe |
"{2E31EB50-99E9-46DB-A1F7-AEDFA68BBDCC}" = dir=out | app=%programfiles%\microsoft games\solitaire\solitaire.exe |
"{2F53687F-F82F-4B2C-87A9-810DA94DD1DB}" = dir=out | app=%programfiles%\digital publishing\kte_16_689498\set.exe |
"{32FB258C-19D5-4681-93CE-23499C653910}" = dir=out | app=%programfiles%\allway sync\bin\syncappw.exe |
"{33369236-BED9-4683-AC43-9E15D881AA5E}" = dir=out | app=%programfiles%\logitech\ereg\ereg.exe |
"{333F2ED6-A086-4203-8E6C-05A1C9EA845E}" = dir=out | app=%programfiles%\windows live\photo gallery\wlxphotoacquirewizard.exe |
"{33586279-F8DF-4554-99B5-D84007358C58}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\connectionmanager.exe |
"{394343B5-7993-4AE3-AB4C-07A652163D0F}" = dir=out | app=%programfiles%\windows live\photo gallery\wlxvideoacquirewizard.exe |
"{3ADADFC8-3AE0-4DE1-B902-E31AD5734E6E}" = dir=out | app=%programfiles%\windows media player\wmprph.exe |
"{3C590437-E664-4DE9-BACD-7D3962D63FA3}" = dir=out | app=%programfiles%\windows live\contacts\wlcomm.exe |
"{3D4C55AE-B41E-4578-B6A6-A48F03D246F5}" = dir=out | app=%programfiles%\hp\temp\{b61ed343-0b14-4241-999c-490cb1a20da4}\setup\hpzpnp01.exe |
"{3D9C77C5-5332-4F61-8AF9-95D2E66ECDC4}" = dir=out | app=%programfiles%\gs\gs9.00\bin\gswin32.exe |
"{3DDB5EC0-DC3A-4D37-A41F-9064D1C983DE}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\applicationinstaller.exe |
"{3E9EB27E-4CD0-40B2-9F47-A2CD608F13B2}" = dir=out | app=%programfiles%\windows live\photo gallery\wlxphotogallery.exe |
"{3EFA3DBC-F26B-457C-9195-9D8F32011A5E}" = dir=out | app=%programfiles%\activision\thps2\thps2setup.exe |
"{3FC91082-6B2A-4A64-86AE-D637ED9FDCFB}" = dir=out | app=%programfiles%\microsoft mathematics\mathapp.exe |
"{414357ED-8F80-4CE2-8687-D13E471B5091}" = dir=out | app=%programfiles%\windows live\photo gallery\wlxcodechost.exe |
"{4C2121E2-DE58-4329-BBDB-FE41F19D20FE}" = dir=out | app=%programfiles%\windows live\installer\wlarp.exe |
"{4CE7E69C-34B2-4F5A-9B72-A4038A03A91F}" = dir=out | app=%programfiles%\microsoft mouse and keyboard center\btwizard.exe |
"{536928D9-3BB2-4A10-808D-58581864DE3F}" = dir=out | app=%programfiles%\winamp\uninstwa.exe |
"{53B8D633-64CE-4F69-803D-E37BD68B7701}" = dir=out | app=%programfiles%\windows media player\wmpenc.exe |
"{540EBCEF-956D-4256-A6F1-4374636DC748}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\onetouchaccess.exe |
"{55C08F72-E253-4965-96DD-CE471DB3DF20}" = dir=out | app=%programfiles%\microsoft silverlight\5.1.10411.0\agcp.exe |
"{56051BF7-7162-40B3-B87B-4AEEBE06F793}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\pcsync2.exe |
"{56680FC8-EF51-421A-B42E-DCD8C094768D}" = dir=out | app=%programfiles%\windows media player\wmlaunch.exe |
"{5908627A-93CD-4CCE-975C-09FB5BA38CFC}" = dir=out | app=%programfiles%\digital publishing\isrs1_16_689518\!isrs1.exe |
"{5913C5C3-3646-42B6-9F49-27A0BD6AC277}" = dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{59F05DB9-8B87-45AD-9741-B044A81F4594}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5C30B6CF-6C43-4956-A6CE-4E8BC0076E7D}" = dir=out | app=%programfiles%\google\update\download\{eeaab3af-8e11-491f-be19-5fb80c829945}\googleupdatesetup.exe |
"{5EE0DA65-1EFA-45D4-99F9-5BCCA689CE85}" = dir=out | app=%programfiles%\logitech\lws\webcam software\lws.exe |
"{5F619AE8-02B7-46DF-B467-47FB44250A8E}" = dir=out | app=%programfiles%\hp\temp\{b61ed343-0b14-4241-999c-490cb1a20da4}\setup\hpzmsi01.exe |
"{60752969-11C3-4D66-930C-D93F60C89695}" = dir=out | app=%programfiles%\microsoft mathematics\conversiontool.exe |
"{6158158D-B770-4587-AE4C-3E72D5BC8613}" = dir=out | app=%programfiles%\windows live\installer\wlstartup.exe |
"{644F8532-F9F7-4E91-B243-7C85E25EDB37}" = dir=out | app=%programfiles%\windows live\installer\langselector.exe |
"{64925DB3-5082-4415-889F-9714C9A44616}" = dir=out | app=%programfiles%\ea sports\fussball manager 09\directx\dxsetup.exe |
"{65BE358A-F1E6-4A83-9074-9737997C6640}" = dir=out | app=%programfiles%\ea sports\fussball manager 09\shortcuteditor_uninst.exe |
"{66097F35-AC8F-4BB1-B3DF-D398BEBB50C4}" = dir=out | app=%programfiles%\windows live\installer\wlsettings.exe |
"{665BA24B-9178-4ECE-81B0-6C996A8AB8C1}" = dir=out | app=%programfiles%\arcsoft\totalmedia 3.5\tvpi.exe |
"{684E9CE2-37DC-4452-8E7E-5539A061C227}" = dir=out | app=%programfiles%\microsoft silverlight\4.1.10329.0\agcp.exe |
"{6AB8E713-8E3B-48C4-B5F9-8283C749F807}" = dir=out | app=%programfiles%\google\update\googleupdate.exe |
"{6F307793-BEC9-420A-B88E-46F710489567}" = dir=out | app=%programfiles%\difx\270581355a767bf1\dpinst32.exe |
"{71CD78B6-AC38-485F-8A29-F52E95D6C1BE}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\conversionhandler.exe |
"{7205C0E1-DB31-403C-8FD6-19791D7A0D3F}" = dir=out | app=%programfiles%\logitech\lws\webcam software\camerahelpershell.exe |
"{7482FEE6-EF09-4BC1-9EB2-449D08887B48}" = dir=out | app=%programfiles%\microsoft silverlight\4.1.10329.0\coregen.exe |
"{76F7A2F2-7A05-4AE3-B658-486ABDB6C878}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\contentcopier.exe |
"{774DDA47-C338-4D23-A201-941EC7084CE0}" = dir=out | app=%programfiles%\common files\borland shared\bde\bdeadmin.exe |
"{7894F630-FAB1-4BCA-9B5B-6DE3376B6924}" = dir=out | app=%programfiles%\paint.net\updatemonitor.exe |
"{7939DCB3-9E02-448A-B3BF-55E9016D9099}" = dir=out | app=%programfiles%\logitech\lws\webcam software\launcher_main.exe |
"{7B552D93-3E67-4F09-BC8A-E51FEFFE863B}" = dir=out | app=%programfiles%\microsoft games\mahjong\mahjong.exe |
"{7B9D42DB-4ADB-4759-AC1E-C8345135B7EE}" = dir=out | app=%programfiles%\common files\logishrd\wuapp32.exe |
"{7C9CA0E4-BF2A-49BF-BDD8-5FD180140529}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\pcsynclv.exe |
"{7CAB45A9-B07D-4577-BE47-B27FD48F92A7}" = dir=out | app=%programfiles%\logitech\lws\webcam software\motiondetection.exe |
"{7E33C7F2-D8A7-4A93-BEAA-5A25D50095B1}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\videomanager.exe |
"{7F88B92B-342E-4B73-97F1-02D010A38F95}" = dir=out | app=%programfiles%\rainlendar2\rainlendar2.exe |
"{826BC003-D6A3-4D96-B92C-596A9479D212}" = dir=out | app=%programfiles%\paint.net\setupngen.exe |
"{82A1E441-9567-4857-833C-70B5EFA75301}" = dir=out | app=%programfiles%\microsoft silverlight\4.1.10329.0\silverlight.configuration.exe |
"{840467FE-789E-40E4-94E1-51DB3EECD0BC}" = dir=out | app=%programfiles%\ea sports\fifa 09\fifa09.exe |
"{842C5A14-6376-46DE-926D-3D15ECA48A87}" = dir=out | app=%programfiles%\hp\digital imaging\{b61ed343-0b14-4241-999c-490cb1a20da4}\setup.exe |
"{8583CCCF-939F-4584-979C-B3049987E06C}" = dir=out | app=%programfiles%\common files\dvdvideosoft\fixcomponents.exe |
"{861F0389-B226-422A-B3BA-1DCBD1D1B255}" = dir=out | app=%programfiles%\sun\sun odf plugin for microsoft office 3.2\program\unopkg.exe |
"{88C4E078-8825-40D7-8675-BF9F2E1B8EF9}" = dir=out | app=%programfiles%\sun\sun odf plugin for microsoft office 3.2\program\smath.exe |
"{89CD7F1A-38F8-48CC-8FF2-B71590B56239}" = dir=out | app=%programfiles%\nokia\connectivity cable driver\setupextcmb.exe |
"{8CC2A0F0-F5F8-4B6F-8B35-F20F1BEE0CA9}" = dir=out | app=%programfiles%\ea sports\fifa 09\support\earegister.exe |
"{8CFD21C5-CC02-4ADA-A752-29DA758E7DEB}" = dir=out | app=%programfiles%\microsoft games\hearts\hearts.exe |
"{8EA5AFC0-17C4-49D8-8473-857871392636}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\imagestore.exe |
"{92543C76-1252-4DAC-B7AA-54E47CC31F63}" = dir=out | app=%programfiles%\microsoft games\spidersolitaire\spidersolitaire.exe |
"{9486A45A-C8AF-4ACB-9B5A-5B39CD7555FB}" = dir=out | app=%programfiles%\sun\sun odf plugin for microsoft office 3.2\program\rebasegui.exe |
"{95ED97C4-735D-4969-9ABF-DA4484F56834}" = dir=out | app=%programfiles%\common files\dvdvideosoft\freestudiomanager.exe |
"{978C1F79-CC11-4D1E-90EC-47670A6DE634}" = dir=out | app=%programfiles%\ea sports\fifa 09\support\eadm\eadm-installer.exe |
"{9DB418D7-6A03-4A8B-8E11-48D582733978}" = dir=out | app=%programfiles%\data becker\weihnachts-druckerei\xmas05.exe |
"{9E53457C-8AEB-4D28-B9D3-82FAB2A02546}" = dir=out | app=%programfiles%\logitech\lws\video mask maker\videomaskmaker.exe |
"{9F8EEFF6-A27F-49B3-B6E0-4255D98CEFEA}" = dir=out | app=%programfiles%\microsoft mouse and keyboard center\mskey.exe |
"{A0705658-781B-40B8-A505-39D0D178A47E}" = dir=out | app=%programfiles%\microsoft mouse and keyboard center\setup.exe |
"{A30516E7-B2FD-4737-8FF4-F0F968E2CF61}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A33FC3D3-BDB1-4194-A4CE-767CB0CD28B1}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\getconnected.exe |
"{A50B5113-B9B5-4FAB-85F5-75F80D7045B0}" = dir=out | app=%programfiles%\microsoft mathematics\triangletool.exe |
"{A5F9C162-A7F6-4B52-9DB0-1D67AB074EB2}" = dir=out | app=%programfiles%\audiograbber\lame.exe |
"{A75A25C1-2824-4697-94BE-E42E3ABCC6A8}" = dir=out | app=%programfiles%\western digital\wd smartware\wd drive manager\wddmservice.exe |
"{A7A1526E-131C-4D35-A486-DE71444674DE}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\pcsuite.exe |
"{A8069ED4-B198-4382-BE3F-1DA5D5921C42}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\applicationinstaller.exe |
"{A98ECF79-D641-4C26-9F8B-EEFA520F59CA}" = dir=out | app=%programfiles%\data becker\weihnachts-druckerei\unins000.exe |
"{A9DC367D-DFBD-4686-A51E-2935D027C795}" = dir=out | app=%programfiles%\digital publishing\kte_16_689498\kte.exe |
"{AAADD2EB-785C-4C13-8FA5-6CB1A0CDC692}" = dir=out | app=%programfiles%\sun\sun odf plugin for microsoft office 3.2\program\python.exe |
"{AB5B109B-9EF3-47B3-A44B-922B5CDCCBA6}" = dir=out | app=%programfiles%\hp\temp\{b61ed343-0b14-4241-999c-490cb1a20da4}\setup\hpzscr01.exe |
"{AE337DB1-7B54-4B7B-8AF6-9D6DBDC5553B}" = dir=out | app=%programfiles%\ea sports\fussball manager 09\edmanager09.exe |
"{B18B0D2D-5219-45CA-B64D-73F01E7227CA}" = dir=out | app=%programfiles%\windows media player\setup_wm.exe |
"{B1D5416B-AEDB-4C9A-9D2B-7EB4061AADD7}" = dir=out | app=%programfiles%\winamp\winamp.exe |
"{B2F4443A-BA33-43C5-9697-300C1545A68B}" = dir=out | app=%programfiles%\digital publishing\isrs1_16_689518\isrs1.exe |
"{B35D0E49-F205-4AF1-B54F-7547368DFDFD}" = dir=out | app=%programfiles%\microsoft silverlight\5.1.10411.0\silverlight.configuration.exe |
"{B419DD5D-ECF7-4696-85E7-B8A08AE94945}" = dir=out | app=%programfiles%\windows media player\wmpconfig.exe |
"{B43EE9AE-8E3D-4883-9D0D-339476B2312F}" = dir=out | app=%programfiles%\microsoft games\minesweeper\minesweeper.exe |
"{B621870B-E97F-4B00-AB49-65BA256329A5}" = dir=out | app=%programfiles%\data becker\weihnachts-druckerei\adrlist.exe |
"{B752FEFA-7470-4A6B-876E-4F4E40B05FC3}" = dir=out | app=%programfiles%\arcsoft\totalmedia 3.5\tmmonitor.exe |
"{B9637847-0009-40FD-BFA9-3D14B26780CB}" = dir=out | app=%programfiles%\western digital\wd smartware\wd drive manager\wddmstatus.exe |
"{BA4D3944-83F7-4563-A842-371EC8811308}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\imagestore.exe |
"{BB9C3583-AE3A-447C-9901-88EE6708F236}" = dir=out | app=%programfiles%\motogp\motogp.exe |
"{BBA76351-3959-4EBD-BF08-773D92539526}" = dir=out | app=%programfiles%\sun\sun odf plugin for microsoft office 3.2\program\unoinfo.exe |
"{BDB1136C-D200-4FBA-AA90-908C2289594A}" = dir=out | app=%programfiles%\videolan\vlc\vlc.exe |
"{BE8D3ABA-C74B-402A-BDDF-627268FFB7CB}" = dir=out | app=%programfiles%\ml\englisch\englisch.exe |
"{C12ED538-6440-4315-99C6-DC6D8F02822B}" = dir=out | app=%programfiles%\microsoft games\purble place\purbleplace.exe |
"{C341059B-172B-42CC-BCBB-4608E09251B9}" = dir=out | app=%programfiles%\arcsoft\totalmedia 3.5\totalmedia.exe |
"{C57031BE-06BC-4573-8092-B64F450243E1}" = dir=out | app=%programfiles%\windows media player\wmpnscfg.exe |
"{C585C3F7-4A21-4179-989D-282E6EB0F2AF}" = dir=out | app=%programfiles%\windows live\photo gallery\wlxphotogalleryrepair.exe |
"{C58F63C5-2E98-40A3-88A8-41140C67840E}" = dir=out | app=%programfiles%\ea sports\fussball manager 09\eauninstall.exe |
"{C59C3094-246A-4315-984F-6EE216516178}" = dir=out | app=%programfiles%\windows media player\wmpnscfg.exe |
"{C85DD59E-BDA1-4D50-97FB-9C84DC254B66}" = dir=out | app=%programfiles%\windows live\photo gallery\moviemaker.exe |
"{C9A830FA-D5D4-4309-9533-615784E70F19}" = dir=out | app=%programfiles%\activision\thps2\thawk2.exe |
"{CD511695-B3E9-4EC3-83D2-82D8520D8898}" = dir=out | app=%programfiles%\winamp\winamp.exe |
"{CE905723-5A37-4F9C-B914-1622EAFF2653}" = dir=out | app=%programfiles%\dvd maker\dvdmaker.exe |
"{CEA3EB6D-DA03-47C0-B65C-874A449F6657}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\pcsuite.exe |
"{D4D1FC55-C095-4E31-A9F6-36EDE4BAE514}" = dir=out | app=%programfiles%\microsoft mathematics\mathset.exe |
"{D6DF2EF7-6701-4CCF-BAB5-984A78C1CBD2}" = dir=out | app=%programfiles%\sun\sun odf plugin for microsoft office 3.2\program\rebaseoo.exe |
"{D86185A4-27A2-42C0-949F-AF1584B82F43}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\pcsuite.exe |
"{DF74A2A2-36E3-4212-AB9B-2E969E14FAF7}" = dir=out | app=%programfiles%\hp\temp\{b61ed343-0b14-4241-999c-490cb1a20da4}\setup\hpzstub.exe |
"{E02F8F20-486A-4485-846D-C2BE8C0A3FE8}" = dir=out | app=%programfiles%\nokia\connectivity cable driver\setupextcmb.exe |
"{E0FB6FE3-88C4-4181-B595-CEA7AD9684A8}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{E2871BA3-E8B1-4152-AD65-86193DAD5F70}" = dir=out | app=%programfiles%\audiograbber\audiograbber.exe |
"{E45626BE-6909-43D5-AFE7-3E1198874033}" = dir=out | app=%programfiles%\ea sports\fussball manager 09\manager09.exe |
"{E654EFE8-D247-45BD-9F2A-B2B07C579979}" = dir=out | app=%programfiles%\paint.net\paintdotnet.exe |
"{E7786615-0B9D-4EF2-80A4-5F764E541F3A}" = dir=out | app=c:\program files\windows media player |
"{E7FE04B3-EFC3-4789-99DB-B82FDE5E27C6}" = dir=out | app=%programfiles%\freepdf_xp\freepdf.exe |
"{E9D3D17A-AC28-4047-9038-55E28B5AE28F}" = dir=out | app=%programfiles%\protectdisc driver installer\uninstall_v10.exe |
"{EACEDC3E-A669-49CC-843F-B6A38175DB8F}" = dir=out | app=%programfiles%\data becker\weihnachts-druckerei\dbstart.exe |
"{EB0B22FA-169D-4892-B687-6910C8F6A853}" = dir=out | app=%programfiles%\microsoft games\chess\chess.exe |
"{EC2836AB-0BA8-4D49-BEC9-F44CEB2E7BAC}" = dir=out | app=%programfiles%\microsoft silverlight\sllauncher.exe |
"{F051501F-952C-43BA-8572-E2050A1DC6F4}" = dir=out | app=%programfiles%\sun\sun odf plugin for microsoft office 3.2\program\soffice.exe |
"{F0F1D133-763F-4ACB-944D-AA45DE994F9E}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\communicationcentre.exe |
"{F33C87A1-017E-4AC1-871E-8616BDABC6E2}" = dir=out | app=%programfiles%\winamp\elevator.exe |
"{F348BD7D-88BB-4A8F-9E18-36C751B4290F}" = dir=out | app=%programfiles%\tv ir\tv ir.exe |
"{F81631AF-6C58-4862-8296-191EAE156646}" = dir=out | app=%programfiles%\difx\270581355a767bf1\dpinst.exe |
"{FB7B74AD-70C9-4B61-B553-A2037D609BFD}" = dir=out | app=%programfiles%\data becker\weihnachts-druckerei\jpg2pdf.exe |
"{FC87C50B-7DBB-4E01-AC4F-51069C090792}" = dir=out | app=%programfiles%\microsoft silverlight\5.1.10411.0\coregen.exe |
"{FD2C9A1A-F4B8-45DC-8D21-6493C4C8B208}" = dir=out | app=%programfiles%\microsoft mouse and keyboard center\mousekeyboardcenter.exe |
"{FD4A40BC-739A-4D50-B462-BD10D2A4067E}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\contentcopier.exe |
"{FD73DA9A-3DF9-4E7F-A2CE-A172885B0DEC}" = dir=out | app=%programfiles%\digital publishing\kte_16_689498\!kte.exe |
"{FE7EEA89-DDCC-44E1-890C-1D38DECAE1F2}" = dir=out | app=%programfiles%\paint.net\wiaproxy32.exe |
"{FFFA4A84-1142-47B0-8E30-776E34240446}" = dir=out | app=%programfiles%\hp\hp software update\hpwuschd2.exe |
"TCP Query User{36E2BCBB-4AB4-455D-BC6E-E6626F03B7EB}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe |
"TCP Query User{50311390-6BF5-4351-A028-59AD01948D14}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{CC40E7FE-AE68-4529-A2DE-E35E61885611}C:\program files\trillian\plugins\skypekit.exe" = protocol=6 | dir=in | app=c:\program files\trillian\plugins\skypekit.exe |
"TCP Query User{FF98523B-F2D5-4351-9BFB-54A2043AEF5E}C:\program files\trillian\plugins\skypekit.exe" = protocol=6 | dir=in | app=c:\program files\trillian\plugins\skypekit.exe |
"UDP Query User{0017E05A-4333-4407-8566-4E976F48465A}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe |
"UDP Query User{0655DFA6-6095-48F1-8A4F-9BCC0F5D25C9}C:\program files\trillian\plugins\skypekit.exe" = protocol=17 | dir=in | app=c:\program files\trillian\plugins\skypekit.exe |
"UDP Query User{41D3BBE5-9B5A-4431-BF74-0DF8DE67B6B1}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{480DDFD5-2EB1-43F4-BEA8-49487A321A9B}C:\program files\trillian\plugins\skypekit.exe" = protocol=17 | dir=in | app=c:\program files\trillian\plugins\skypekit.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0CE5D71A-15AE-477A-BD1F-5347562CB0BC}" = MD86351 driver install
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22DD005D-0EF1-4E3E-92F8-49D89E31479A}" = 1400
"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{29E44E9D-ACB2-4D2D-849F-5361C941B7E1}" = ArcSoft TotalMedia 3.5
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3D599ADA-65D9-4B51-898F-CE718DEC5DBB}" = Microsoft Image Composite Editor
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4D090F70-6F08-4B60-9357-A1DFD4458F09}" = Microsoft Mathematics
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A3C2391-BCE2-4D28-A336-73B953B4502F}" = 1400Trb
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{6FBE200D-1F00-40B7-BF48-FEB265AADE94}" = 1400_Help
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7130468A-F53F-4698-8C09-A339EA3B05E6}" = Nokia Software Updater
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B8EC0AD1-E8E3-42C3-9BAB-6A14E96FD136}" = Microsoft-Maus- und Tastatur-Center
"{BC3804E5-77CC-47A0-8BD5-797355A26BA3}" = WD SmartWare
"{BD136CE7-6666-4273-A056-8D92F8625AAB}" = Sun ODF Plugin for Microsoft Office 3.2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C1FD1627-2EAF-48CB-A333-42D39BCB096D}" = TV IR
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows-Treiberpaket - Nokia Modem (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7B205927ED4CE1D9763ED45C77FBF03B695208C0" = Windows-Treiberpaket - Ricoh R5U870 (UVC) (02/28/2007 6.1008.207.0)
"7-Zip" = 7-Zip 4.65
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.4)
"Activision_THPS2UninstallKey" = Tony Hawk's Pro Skater 2
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Allway Sync_is1" = Allway Sync version 9.4.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.6
"FreePDF_XP" = FreePDF (Remove only)
"FUSSBALL MANAGER 09" = FUSSBALL MANAGER 09
"GPL Ghostscript 9.00" = GPL Ghostscript 9.00
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"InstallShield_{0CE5D71A-15AE-477A-BD1F-5347562CB0BC}" = MD86351 driver install
"ISRS1_16_689518" = Interaktive Sprachreise - Sprachkurs 1 Español
"KTE_16_689498" = Interaktive Sprachreise - Kommunikationstrainer English
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MatlabR2010b" = MATLAB R2010b
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"MotoGP_is1" = MotoGP
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MultiLingua Vokabeltrainer Englisch" = MultiLingua Vokabeltrainer Englisch
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"PaperCut NG Client_is1" = PaperCut NG Client 10.7
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Trillian" = Trillian
"TVWiz" = Intel(R) TV Wizard
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.2
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.6.0.2
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12.03.2013 16:27:57 | Computer Name = Robert-PC | Source = Outlook | ID = 34
Description = Fehler beim Abrufen des Crawlbereichs-Managers. Fehler=0x8007043c.
Error - 12.03.2013 16:27:57 | Computer Name = Robert-PC | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet
(Fehler=0x8007043c).
Error - 12.03.2013 16:46:09 | Computer Name = Robert-PC | Source = Outlook | ID = 34
Description = Fehler beim Abrufen des Crawlbereichs-Managers. Fehler=0x8007043c.
Error - 12.03.2013 16:46:09 | Computer Name = Robert-PC | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet
(Fehler=0x8007043c).
Error - 12.03.2013 21:05:25 | Computer Name = Robert-PC | Source = Outlook | ID = 34
Description = Fehler beim Abrufen des Crawlbereichs-Managers. Fehler=0x8007043c.
Error - 12.03.2013 21:05:25 | Computer Name = Robert-PC | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet
(Fehler=0x8007043c).
Error - 12.03.2013 21:30:34 | Computer Name = Robert-PC | Source = Outlook | ID = 34
Description = Fehler beim Abrufen des Crawlbereichs-Managers. Fehler=0x8007043c.
Error - 12.03.2013 21:30:34 | Computer Name = Robert-PC | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet
(Fehler=0x8007043c).
Error - 13.03.2013 13:15:41 | Computer Name = Robert-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Nokia\Nokia
PC Suite 7\TIS_Windows7PIM.dll". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 13.03.2013 15:30:18 | Computer Name = Robert-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Manager09.exe, Version: 1.0.0.0,
Zeitstempel: 0x48e6586a Name des fehlerhaften Moduls: GfxCore.dll, Version: 0.0.0.0,
Zeitstempel: 0x48e65406 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00296812 ID des fehlerhaften
Prozesses: 0x95c Startzeit der fehlerhaften Anwendung: 0x01ce2021249c1736 Pfad der
fehlerhaften Anwendung: C:\Program Files\EA Sports\FUSSBALL MANAGER 09\Manager09.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\EA Sports\FUSSBALL MANAGER 09\GfxCore.dll
Berichtskennung:
6fca68b3-8c14-11e2-9f23-0013a9c0c8e8
[ OSession Events ]
Error - 17.02.2012 19:35:08 | Computer Name = Robert-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 714
seconds with 60 seconds of active time. This session ended with a crash.
Error - 17.12.2012 12:41:31 | Computer Name = Robert-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 237
seconds with 0 seconds of active time. This session ended with a crash.
Error - 20.12.2012 20:00:44 | Computer Name = Robert-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 57352
seconds with 720 seconds of active time. This session ended with a crash.
Error - 27.12.2012 10:00:30 | Computer Name = Robert-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4519
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 14.03.2013 12:14:30 | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 14.03.2013 12:14:33 | Computer Name = Robert-PC | Source = PNRPSvc | ID = 102
Description =
Error - 14.03.2013 12:14:33 | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 14.03.2013 12:14:33 | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 14.03.2013 12:18:32 | Computer Name = Robert-PC | Source = PNRPSvc | ID = 102
Description =
Error - 14.03.2013 12:18:32 | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 14.03.2013 12:18:32 | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 14.03.2013 12:19:16 | Computer Name = Robert-PC | Source = PNRPSvc | ID = 102
Description =
Error - 14.03.2013 12:19:16 | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 14.03.2013 12:19:16 | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
< End of report >
Code:
ATTFilter GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-14 21:14:22
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 FUJITSU_MHW2120BH rev.00000012 111,79GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\RK\AppData\Local\Temp\kgdiqpow.sys
---- System - GMER 2.1 ----
SSDT 95209306 ZwCreateSection
SSDT 95209310 ZwRequestWaitReplyPort
SSDT 9520930B ZwSetContextThread
SSDT 95209315 ZwSetSecurityObject
SSDT 9520931A ZwSystemDebugControl
SSDT 952092A7 ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E4C9E9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E861C2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82E8D30C 4 Bytes [06, 93, 20, 95]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82E8D668 4 Bytes [10, 93, 20, 95]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82E8D6AC 4 Bytes [0B, 93, 20, 95]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82E8D728 4 Bytes [15, 93, 20, 95]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82E8D77C 4 Bytes [1A, 93, 20, 95]
.text ...
.reloc C:\Windows\system32\drivers\acehlp10.sys section is executable [0x94DBBB80, 0x37FC7, 0xE0000060]
.reloc C:\Windows\system32\drivers\acedrv10.sys section is executable [0x9816F000, 0x459C1, 0xE0000060]
---- EOF - GMER 2.1 ----
Wie soll ich weiter vorgehen? Ist eine vollständige Bereinigung des Systems möglich? Da ich keine weiteren infizierten Dateien und wenig Zeit für ein Neuaufsetzen des PC's habe, hoffe ich sehr, dass ein Bereinigen des Systems möglich ist!? Ich hoffe sehr, dass Ihr mir weiterhelfen könnt. Vielen Dank für die Mühen schon einmal im Vorraus. RK PS: Leider habe ich es nicht geschafft, die Links von einzelnen Wörtern zu deaktivieren. |
|
17.03.2013, 17:18
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | PUP.RewardsArcade in Registrierungsschluessel Hallo und
__________________ Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
19.03.2013, 10:15
| #3 |
| | PUP.RewardsArcade in Registrierungsschluessel Hallo cosinus,
__________________zuerst einmal vielen Dank für Deine schnelle und konkrete Hilfe. Bevor ich die Logs poste, wollte ich noch einmal nachfragen, was ich mit den in Quarantäne verschobenen infizierten Registrierungsschluessel im Programm " Malwarebytes Anti-Malware " machen soll. Kann ich die aus der Quarantäne löschen? Die Tools habe ich ausgeführt. 1) MBAR (Malwarebytes Anti-Rootkit) Hier wurde beim ersten Durchlauf 1 Fund gemeldet, CleanUp-Prozess durchgeführt, 2. Suchlauf ohne Fund. Anm.: Neustart musste manuell durchgeführt werden, das CommandWindow mit dem Löschvorgang kam trotzdem. Log 1.Durchlauf: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.18.12
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16521
RK :: ROBERT-PC [administrator]
18.03.2013 21:19:14
mbar-log-2013-03-18 (21-19-14).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28579
Time elapsed: 14 minute(s), 18 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKLM\SOFTWARE\CLASSES\RewardsArcade.BHO (PUP.RewardsArcade) -> Delete on reboot.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.18.13
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16521
RK :: ROBERT-PC [administrator]
18.03.2013 21:40:12
mbar-log-2013-03-18 (21-40-12).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28569
Time elapsed: 13 minute(s), 59 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-18 23:06:15
-----------------------------
23:06:15.572 OS Version: Windows 6.1.7601 Service Pack 1
23:06:15.572 Number of processors: 2 586 0xF0D
23:06:15.572 ComputerName: ROBERT-PC UserName: RK
23:06:16.383 Initialize success
23:08:33.603 AVAST engine defs: 13031800
23:09:22.275 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
23:09:22.275 Disk 0 Vendor: FUJITSU_MHW2120BH 00000012 Size: 114473MB BusType: 11
23:09:22.275 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000074
23:09:22.275 Disk 1 Vendor: ( Size: 114473MB BusType: 0
23:09:22.275 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000075
23:09:22.291 Disk 2 Vendor: ( Size: 114473MB BusType: 0
23:09:22.415 Disk 0 MBR read successfully
23:09:22.415 Disk 0 MBR scan
23:09:22.431 Disk 0 Windows 7 default MBR code
23:09:22.431 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
23:09:22.447 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 66560 MB offset 206848
23:09:22.493 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 47811 MB offset 136521728
23:09:22.493 Disk 0 scanning sectors +234438656
23:09:22.556 Disk 0 scanning C:\Windows\system32\drivers
23:09:36.596 Service scanning
23:10:09.075 Modules scanning
23:10:23.474 Disk 0 trace - called modules:
23:10:23.490 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
23:10:23.490 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a508a0]
23:10:23.505 3 CLASSPNP.SYS[8922359e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x8596c908]
23:10:24.082 AVAST engine scan C:\Windows
23:10:27.062 AVAST engine scan C:\Windows\system32
23:13:33.435 AVAST engine scan C:\Windows\system32\drivers
23:13:50.065 AVAST engine scan C:\Users\RK
23:17:18.091 AVAST engine scan C:\ProgramData
23:18:17.590 Scan finished successfully
23:18:50.880 Disk 0 MBR has been saved successfully to "C:\Users\RK\Desktop\MBR.dat"
23:18:50.880 The log file has been saved successfully to "C:\Users\RK\Desktop\aswMBR.txt"
Code:
ATTFilter 23:22:57.0922 2120 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
23:22:57.0937 2120 ============================================================
23:22:57.0937 2120 Current date / time: 2013/03/18 23:22:57.0937
23:22:57.0937 2120 SystemInfo:
23:22:57.0937 2120
23:22:57.0937 2120 OS Version: 6.1.7601 ServicePack: 1.0
23:22:57.0937 2120 Product type: Workstation
23:22:57.0937 2120 ComputerName: ROBERT-PC
23:22:57.0937 2120 UserName: RK
23:22:57.0937 2120 Windows directory: C:\Windows
23:22:57.0937 2120 System windows directory: C:\Windows
23:22:57.0937 2120 Processor architecture: Intel x86
23:22:57.0937 2120 Number of processors: 2
23:22:57.0937 2120 Page size: 0x1000
23:22:57.0937 2120 Boot type: Normal boot
23:22:57.0937 2120 ============================================================
23:23:00.0699 2120 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:23:00.0699 2120 ============================================================
23:23:00.0699 2120 \Device\Harddisk0\DR0:
23:23:00.0699 2120 MBR partitions:
23:23:00.0699 2120 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:23:00.0699 2120 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x8200000
23:23:00.0699 2120 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x8232800, BlocksNum 0x5D61800
23:23:00.0699 2120 ============================================================
23:23:00.0745 2120 C: <-> \Device\Harddisk0\DR0\Partition2
23:23:00.0792 2120 D: <-> \Device\Harddisk0\DR0\Partition3
23:23:00.0792 2120 ============================================================
23:23:00.0792 2120 Initialize success
23:23:00.0792 2120 ============================================================
23:23:51.0134 2512 ============================================================
23:23:51.0134 2512 Scan started
23:23:51.0134 2512 Mode: Manual; SigCheck; TDLFS;
23:23:51.0134 2512 ============================================================
23:23:52.0413 2512 ================ Scan system memory ========================
23:23:52.0413 2512 System memory - ok
23:23:52.0413 2512 ================ Scan services =============================
23:23:52.0600 2512 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
23:23:52.0787 2512 1394ohci - ok
23:23:52.0928 2512 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
23:23:53.0006 2512 ACDaemon - ok
23:23:53.0084 2512 [ 553BA53445795CBC0D4F9FA37EB855A6 ] acedrv10 C:\Windows\system32\drivers\acedrv10.sys
23:23:53.0240 2512 acedrv10 - ok
23:23:53.0318 2512 [ 8CE00B6A46962A1808B19CD1DAE5170C ] acehlp10 C:\Windows\system32\drivers\acehlp10.sys
23:23:53.0396 2512 acehlp10 - ok
23:23:53.0552 2512 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
23:23:53.0614 2512 ACPI - ok
23:23:53.0676 2512 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
23:23:54.0004 2512 AcpiPmi - ok
23:23:54.0238 2512 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
23:23:54.0254 2512 AdobeARMservice - ok
23:23:54.0347 2512 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
23:23:54.0394 2512 adp94xx - ok
23:23:54.0456 2512 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
23:23:54.0488 2512 adpahci - ok
23:23:54.0534 2512 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
23:23:54.0566 2512 adpu320 - ok
23:23:54.0597 2512 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:23:54.0690 2512 AeLookupSvc - ok
23:23:54.0784 2512 [ A7B8A3A79D35215D798A300DF49ED23F ] Afc C:\Windows\system32\drivers\Afc.sys
23:23:54.0815 2512 Afc ( UnsignedFile.Multi.Generic ) - warning
23:23:54.0815 2512 Afc - detected UnsignedFile.Multi.Generic (1)
23:23:54.0924 2512 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
23:23:55.0205 2512 AFD - ok
23:23:55.0252 2512 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
23:23:55.0330 2512 agp440 - ok
23:23:55.0377 2512 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
23:23:55.0439 2512 aic78xx - ok
23:23:55.0486 2512 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
23:23:55.0580 2512 ALG - ok
23:23:55.0642 2512 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
23:23:55.0673 2512 aliide - ok
23:23:55.0720 2512 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
23:23:55.0751 2512 amdagp - ok
23:23:55.0767 2512 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
23:23:55.0814 2512 amdide - ok
23:23:55.0938 2512 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
23:23:56.0001 2512 AmdK8 - ok
23:23:56.0016 2512 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
23:23:56.0079 2512 AmdPPM - ok
23:23:56.0141 2512 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
23:23:56.0172 2512 amdsata - ok
23:23:56.0235 2512 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
23:23:56.0282 2512 amdsbs - ok
23:23:56.0297 2512 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
23:23:56.0313 2512 amdxata - ok
23:23:56.0453 2512 [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
23:23:56.0484 2512 AntiVirSchedulerService - ok
23:23:56.0516 2512 [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
23:23:56.0531 2512 AntiVirService - ok
23:23:56.0640 2512 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
23:23:56.0687 2512 AppID - ok
23:23:56.0734 2512 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:23:56.0812 2512 AppIDSvc - ok
23:23:56.0921 2512 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
23:23:56.0999 2512 Appinfo - ok
23:23:57.0140 2512 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
23:23:57.0249 2512 AppMgmt - ok
23:23:57.0342 2512 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
23:23:57.0389 2512 arc - ok
23:23:57.0436 2512 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
23:23:57.0467 2512 arcsas - ok
23:23:57.0530 2512 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:23:58.0013 2512 AsyncMac - ok
23:23:58.0060 2512 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
23:23:58.0076 2512 atapi - ok
23:23:58.0232 2512 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:23:58.0356 2512 AudioEndpointBuilder - ok
23:23:58.0388 2512 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
23:23:58.0419 2512 Audiosrv - ok
23:23:58.0481 2512 [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
23:23:58.0544 2512 avgntflt - ok
23:23:58.0606 2512 [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
23:23:58.0668 2512 avipbb - ok
23:23:58.0684 2512 [ FFB78D74E1EA5F811341A6E7AC547A46 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
23:23:58.0746 2512 avkmgr - ok
23:23:58.0793 2512 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:23:58.0887 2512 AxInstSV - ok
23:23:58.0934 2512 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
23:23:59.0012 2512 b06bdrv - ok
23:23:59.0043 2512 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
23:23:59.0074 2512 b57nd60x - ok
23:23:59.0136 2512 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
23:23:59.0183 2512 BDESVC - ok
23:23:59.0214 2512 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
23:23:59.0261 2512 Beep - ok
23:23:59.0339 2512 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
23:23:59.0417 2512 BFE - ok
23:23:59.0480 2512 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
23:23:59.0558 2512 BITS - ok
23:23:59.0589 2512 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:23:59.0620 2512 blbdrive - ok
23:23:59.0636 2512 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:23:59.0682 2512 bowser - ok
23:23:59.0714 2512 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:23:59.0792 2512 BrFiltLo - ok
23:23:59.0807 2512 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:23:59.0870 2512 BrFiltUp - ok
23:23:59.0916 2512 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
23:23:59.0979 2512 Browser - ok
23:23:59.0994 2512 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:24:00.0072 2512 Brserid - ok
23:24:00.0088 2512 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:24:00.0135 2512 BrSerWdm - ok
23:24:00.0150 2512 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:24:00.0182 2512 BrUsbMdm - ok
23:24:00.0213 2512 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:24:00.0244 2512 BrUsbSer - ok
23:24:00.0275 2512 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
23:24:00.0306 2512 BTHMODEM - ok
23:24:00.0369 2512 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
23:24:00.0431 2512 bthserv - ok
23:24:00.0462 2512 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:24:00.0509 2512 cdfs - ok
23:24:00.0572 2512 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:24:00.0603 2512 cdrom - ok
23:24:00.0665 2512 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
23:24:00.0712 2512 CertPropSvc - ok
23:24:00.0743 2512 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
23:24:00.0774 2512 circlass - ok
23:24:00.0806 2512 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
23:24:00.0821 2512 CLFS - ok
23:24:00.0884 2512 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:24:00.0915 2512 clr_optimization_v2.0.50727_32 - ok
23:24:01.0008 2512 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:24:01.0055 2512 clr_optimization_v4.0.30319_32 - ok
23:24:01.0086 2512 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:24:01.0102 2512 CmBatt - ok
23:24:01.0118 2512 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:24:01.0149 2512 cmdide - ok
23:24:01.0180 2512 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys
23:24:01.0242 2512 CNG - ok
23:24:01.0274 2512 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:24:01.0289 2512 Compbatt - ok
23:24:01.0352 2512 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
23:24:01.0367 2512 CompositeBus - ok
23:24:01.0383 2512 COMSysApp - ok
23:24:01.0398 2512 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
23:24:01.0430 2512 crcdisk - ok
23:24:01.0492 2512 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:24:01.0554 2512 CryptSvc - ok
23:24:01.0617 2512 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
23:24:01.0664 2512 CSC - ok
23:24:01.0695 2512 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
23:24:01.0742 2512 CscService - ok
23:24:01.0851 2512 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA.sys
23:24:01.0898 2512 CVirtA - ok
23:24:02.0038 2512 [ 66257CB4E4FB69887CDDC71663741435 ] CVPND C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
23:24:02.0100 2512 CVPND - ok
23:24:02.0210 2512 [ 18994842386FD3039279D7865740ABBD ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
23:24:02.0256 2512 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
23:24:02.0256 2512 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
23:24:02.0319 2512 [ 418114393BFCCE0B4F7CAE96405F4428 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
23:24:02.0334 2512 dc3d - ok
23:24:02.0397 2512 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
23:24:02.0444 2512 DcomLaunch - ok
23:24:02.0490 2512 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
23:24:02.0553 2512 defragsvc - ok
23:24:02.0600 2512 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:24:02.0646 2512 DfsC - ok
23:24:02.0709 2512 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
23:24:02.0787 2512 Dhcp - ok
23:24:02.0818 2512 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
23:24:02.0865 2512 discache - ok
23:24:02.0912 2512 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
23:24:02.0927 2512 Disk - ok
23:24:02.0990 2512 [ B5AA5AA5AC327BD7C1AEC0C58F0C1144 ] DNE C:\Windows\system32\DRIVERS\dne2000.sys
23:24:03.0021 2512 DNE - ok
23:24:03.0052 2512 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:24:03.0114 2512 Dnscache - ok
23:24:03.0161 2512 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
23:24:03.0224 2512 dot3svc - ok
23:24:03.0270 2512 [ B5E479EB83707DD698F66953E922042C ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
23:24:03.0317 2512 Dot4 - ok
23:24:03.0348 2512 [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
23:24:03.0380 2512 Dot4Print - ok
23:24:03.0395 2512 [ CF491FF38D62143203C065260567E2F7 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
23:24:03.0442 2512 dot4usb - ok
23:24:03.0489 2512 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
23:24:03.0567 2512 DPS - ok
23:24:03.0598 2512 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:24:03.0629 2512 drmkaud - ok
23:24:03.0676 2512 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:24:03.0723 2512 DXGKrnl - ok
23:24:03.0754 2512 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
23:24:03.0801 2512 EapHost - ok
23:24:03.0941 2512 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
23:24:04.0113 2512 ebdrv - ok
23:24:04.0160 2512 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
23:24:04.0206 2512 EFS - ok
23:24:04.0238 2512 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
23:24:04.0284 2512 elxstor - ok
23:24:04.0331 2512 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:24:04.0362 2512 ErrDev - ok
23:24:04.0409 2512 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
23:24:04.0456 2512 EventSystem - ok
23:24:04.0487 2512 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
23:24:04.0550 2512 exfat - ok
23:24:04.0596 2512 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:24:04.0659 2512 fastfat - ok
23:24:04.0737 2512 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
23:24:04.0799 2512 Fax - ok
23:24:04.0830 2512 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:24:04.0862 2512 fdc - ok
23:24:04.0893 2512 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
23:24:04.0955 2512 fdPHost - ok
23:24:04.0971 2512 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
23:24:05.0002 2512 FDResPub - ok
23:24:05.0033 2512 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:24:05.0049 2512 FileInfo - ok
23:24:05.0064 2512 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:24:05.0127 2512 Filetrace - ok
23:24:05.0158 2512 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:24:05.0189 2512 flpydisk - ok
23:24:05.0220 2512 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:24:05.0236 2512 FltMgr - ok
23:24:05.0314 2512 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
23:24:05.0423 2512 FontCache - ok
23:24:05.0501 2512 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:24:05.0517 2512 FontCache3.0.0.0 - ok
23:24:05.0548 2512 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:24:05.0564 2512 FsDepends - ok
23:24:05.0610 2512 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:24:05.0626 2512 Fs_Rec - ok
23:24:05.0688 2512 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:24:05.0720 2512 fvevol - ok
23:24:05.0766 2512 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
23:24:05.0782 2512 gagp30kx - ok
23:24:05.0829 2512 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
23:24:05.0907 2512 gpsvc - ok
23:24:06.0063 2512 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
23:24:06.0078 2512 gupdate - ok
23:24:06.0094 2512 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
23:24:06.0094 2512 gupdatem - ok
23:24:06.0125 2512 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:24:06.0172 2512 hcw85cir - ok
23:24:06.0219 2512 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:24:06.0266 2512 HdAudAddService - ok
23:24:06.0297 2512 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
23:24:06.0344 2512 HDAudBus - ok
23:24:06.0390 2512 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
23:24:06.0406 2512 HidBatt - ok
23:24:06.0422 2512 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
23:24:06.0468 2512 HidBth - ok
23:24:06.0500 2512 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
23:24:06.0546 2512 HidIr - ok
23:24:06.0578 2512 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
23:24:06.0624 2512 hidserv - ok
23:24:06.0687 2512 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:24:06.0734 2512 HidUsb - ok
23:24:06.0765 2512 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:24:06.0812 2512 hkmsvc - ok
23:24:06.0874 2512 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:24:06.0952 2512 HomeGroupListener - ok
23:24:06.0999 2512 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:24:07.0046 2512 HomeGroupProvider - ok
23:24:07.0186 2512 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
23:24:07.0217 2512 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
23:24:07.0217 2512 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
23:24:07.0248 2512 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
23:24:07.0280 2512 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
23:24:07.0280 2512 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
23:24:07.0342 2512 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
23:24:07.0373 2512 HpSAMD - ok
23:24:07.0404 2512 [ 79737E0F7D25DE8405CB34D4C9882253 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
23:24:07.0498 2512 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
23:24:07.0498 2512 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
23:24:07.0545 2512 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:24:07.0638 2512 HTTP - ok
23:24:07.0685 2512 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:24:07.0701 2512 hwpolicy - ok
23:24:07.0748 2512 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
23:24:07.0794 2512 i8042prt - ok
23:24:07.0872 2512 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
23:24:07.0904 2512 iaStorV - ok
23:24:07.0982 2512 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:24:08.0091 2512 idsvc - ok
23:24:08.0278 2512 [ 9467514EA189475A6E7FDC5D7BDE9D3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
23:24:08.0543 2512 igfx - ok
23:24:08.0606 2512 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
23:24:08.0621 2512 iirsp - ok
23:24:08.0684 2512 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
23:24:08.0777 2512 IKEEXT - ok
23:24:08.0808 2512 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
23:24:08.0840 2512 intelide - ok
23:24:08.0855 2512 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:24:08.0886 2512 intelppm - ok
23:24:08.0918 2512 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:24:08.0980 2512 IPBusEnum - ok
23:24:09.0011 2512 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:24:09.0074 2512 IpFilterDriver - ok
23:24:09.0136 2512 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:24:09.0214 2512 iphlpsvc - ok
23:24:09.0261 2512 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
23:24:09.0308 2512 IPMIDRV - ok
23:24:09.0339 2512 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:24:09.0386 2512 IPNAT - ok
23:24:09.0417 2512 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:24:09.0448 2512 IRENUM - ok
23:24:09.0464 2512 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:24:09.0495 2512 isapnp - ok
23:24:09.0526 2512 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
23:24:09.0557 2512 iScsiPrt - ok
23:24:09.0573 2512 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:24:09.0604 2512 kbdclass - ok
23:24:09.0666 2512 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:24:09.0698 2512 kbdhid - ok
23:24:09.0713 2512 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
23:24:09.0729 2512 KeyIso - ok
23:24:09.0776 2512 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:24:09.0791 2512 KSecDD - ok
23:24:09.0838 2512 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:24:09.0869 2512 KSecPkg - ok
23:24:09.0900 2512 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
23:24:09.0963 2512 KtmRm - ok
23:24:10.0025 2512 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
23:24:10.0072 2512 LanmanServer - ok
23:24:10.0088 2512 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:24:10.0134 2512 LanmanWorkstation - ok
23:24:10.0181 2512 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:24:10.0228 2512 lltdio - ok
23:24:10.0275 2512 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:24:10.0322 2512 lltdsvc - ok
23:24:10.0353 2512 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
23:24:10.0400 2512 lmhosts - ok
23:24:10.0431 2512 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
23:24:10.0462 2512 LSI_FC - ok
23:24:10.0478 2512 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
23:24:10.0509 2512 LSI_SAS - ok
23:24:10.0524 2512 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:24:10.0556 2512 LSI_SAS2 - ok
23:24:10.0571 2512 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:24:10.0602 2512 LSI_SCSI - ok
23:24:10.0618 2512 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
23:24:10.0665 2512 luafv - ok
23:24:10.0712 2512 [ 7521C0C58EE91BE90B6CC33E792D10C7 ] LVRS C:\Windows\system32\DRIVERS\lvrs.sys
23:24:10.0774 2512 LVRS - ok
23:24:10.0930 2512 [ 37E57C48AF530DF01CDD4E8A2AD77B51 ] LVUVC C:\Windows\system32\DRIVERS\lvuvc.sys
23:24:11.0195 2512 LVUVC - ok
23:24:11.0226 2512 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
23:24:11.0258 2512 megasas - ok
23:24:11.0289 2512 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
23:24:11.0320 2512 MegaSR - ok
23:24:11.0429 2512 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
23:24:11.0445 2512 Microsoft Office Groove Audit Service - ok
23:24:11.0492 2512 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
23:24:11.0538 2512 MMCSS - ok
23:24:11.0554 2512 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
23:24:11.0616 2512 Modem - ok
23:24:11.0632 2512 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:24:11.0679 2512 monitor - ok
23:24:11.0710 2512 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:24:11.0741 2512 mouclass - ok
23:24:11.0788 2512 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:24:11.0835 2512 mouhid - ok
23:24:11.0882 2512 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:24:11.0897 2512 mountmgr - ok
23:24:12.0006 2512 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:24:12.0038 2512 MozillaMaintenance - ok
23:24:12.0084 2512 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
23:24:12.0116 2512 mpio - ok
23:24:12.0131 2512 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:24:12.0178 2512 mpsdrv - ok
23:24:12.0240 2512 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
23:24:12.0303 2512 MpsSvc - ok
23:24:12.0350 2512 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:24:12.0396 2512 MRxDAV - ok
23:24:12.0428 2512 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:24:12.0474 2512 mrxsmb - ok
23:24:12.0506 2512 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:24:12.0552 2512 mrxsmb10 - ok
23:24:12.0568 2512 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:24:12.0599 2512 mrxsmb20 - ok
23:24:12.0646 2512 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
23:24:12.0662 2512 msahci - ok
23:24:12.0708 2512 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:24:12.0740 2512 msdsm - ok
23:24:12.0771 2512 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
23:24:12.0802 2512 MSDTC - ok
23:24:12.0849 2512 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:24:12.0880 2512 Msfs - ok
23:24:12.0896 2512 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:24:12.0927 2512 mshidkmdf - ok
23:24:12.0989 2512 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:24:13.0005 2512 msisadrv - ok
23:24:13.0036 2512 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:24:13.0098 2512 MSiSCSI - ok
23:24:13.0098 2512 msiserver - ok
23:24:13.0145 2512 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:24:13.0176 2512 MSKSSRV - ok
23:24:13.0192 2512 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:24:13.0254 2512 MSPCLOCK - ok
23:24:13.0270 2512 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:24:13.0301 2512 MSPQM - ok
23:24:13.0332 2512 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:24:13.0364 2512 MsRPC - ok
23:24:13.0379 2512 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
23:24:13.0410 2512 mssmbios - ok
23:24:13.0442 2512 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:24:13.0473 2512 MSTEE - ok
23:24:13.0488 2512 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
23:24:13.0520 2512 MTConfig - ok
23:24:13.0551 2512 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
23:24:13.0566 2512 Mup - ok
23:24:13.0629 2512 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
23:24:13.0660 2512 napagent - ok
23:24:13.0707 2512 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:24:13.0738 2512 NativeWifiP - ok
23:24:13.0800 2512 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:24:13.0863 2512 NDIS - ok
23:24:13.0878 2512 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:24:13.0925 2512 NdisCap - ok
23:24:13.0956 2512 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:24:14.0003 2512 NdisTapi - ok
23:24:14.0050 2512 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:24:14.0097 2512 Ndisuio - ok
23:24:14.0144 2512 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:24:14.0175 2512 NdisWan - ok
23:24:14.0190 2512 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:24:14.0253 2512 NDProxy - ok
23:24:14.0284 2512 [ 510C138564486FF926A3F773205C63D1 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
23:24:14.0300 2512 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
23:24:14.0300 2512 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
23:24:14.0331 2512 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:24:14.0393 2512 NetBIOS - ok
23:24:14.0456 2512 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:24:14.0502 2512 NetBT - ok
23:24:14.0518 2512 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
23:24:14.0534 2512 Netlogon - ok
23:24:14.0596 2512 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
23:24:14.0643 2512 Netman - ok
23:24:14.0658 2512 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
23:24:14.0721 2512 netprofm - ok
23:24:14.0752 2512 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:24:14.0768 2512 NetTcpPortSharing - ok
23:24:14.0939 2512 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
23:24:15.0189 2512 netw5v32 - ok
23:24:15.0220 2512 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
23:24:15.0251 2512 nfrd960 - ok
23:24:15.0298 2512 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
23:24:15.0314 2512 NlaSvc - ok
23:24:15.0392 2512 [ F6C40E0A565EE3CE5AEEB325E10054F2 ] nmwcd C:\Windows\system32\drivers\ccdcmb.sys
23:24:15.0470 2512 nmwcd - ok
23:24:15.0532 2512 [ 2A394E9E1FA3565E4B2FEA470FFE4D6B ] nmwcdc C:\Windows\system32\drivers\ccdcmbo.sys
23:24:15.0579 2512 nmwcdc - ok
23:24:15.0641 2512 [ 99B224F8026CB534724AA3C408561E45 ] nmwcdnsu C:\Windows\system32\drivers\nmwcdnsu.sys
23:24:15.0704 2512 nmwcdnsu - ok
23:24:15.0735 2512 [ D23257682D349A5E2E4507ED33DECC16 ] nmwcdnsuc C:\Windows\system32\drivers\nmwcdnsuc.sys
23:24:15.0766 2512 nmwcdnsuc - ok
23:24:15.0797 2512 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:24:15.0844 2512 Npfs - ok
23:24:15.0860 2512 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
23:24:15.0906 2512 nsi - ok
23:24:15.0906 2512 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:24:15.0953 2512 nsiproxy - ok
23:24:16.0047 2512 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:24:16.0156 2512 Ntfs - ok
23:24:16.0172 2512 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
23:24:16.0203 2512 Null - ok
23:24:16.0250 2512 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:24:16.0281 2512 nvraid - ok
23:24:16.0312 2512 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:24:16.0343 2512 nvstor - ok
23:24:16.0343 2512 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:24:16.0374 2512 nv_agp - ok
23:24:16.0484 2512 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:24:16.0515 2512 odserv - ok
23:24:16.0562 2512 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:24:16.0593 2512 ohci1394 - ok
23:24:16.0655 2512 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:24:16.0686 2512 ose - ok
23:24:16.0733 2512 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:24:16.0796 2512 p2pimsvc - ok
23:24:16.0827 2512 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
23:24:16.0858 2512 p2psvc - ok
23:24:16.0889 2512 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
23:24:16.0920 2512 Parport - ok
23:24:16.0967 2512 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:24:16.0983 2512 partmgr - ok
23:24:16.0998 2512 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
23:24:17.0030 2512 Parvdm - ok
23:24:17.0045 2512 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:24:17.0076 2512 PcaSvc - ok
23:24:17.0108 2512 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfd.sys
23:24:17.0139 2512 pccsmcfd - ok
23:24:17.0170 2512 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
23:24:17.0186 2512 pci - ok
23:24:17.0217 2512 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
23:24:17.0248 2512 pciide - ok
23:24:17.0279 2512 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
23:24:17.0310 2512 pcmcia - ok
23:24:17.0326 2512 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
23:24:17.0342 2512 pcw - ok
23:24:17.0388 2512 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:24:17.0466 2512 PEAUTH - ok
23:24:17.0529 2512 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
23:24:17.0638 2512 PeerDistSvc - ok
23:24:17.0747 2512 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
23:24:17.0872 2512 pla - ok
23:24:17.0934 2512 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:24:17.0981 2512 PlugPlay - ok
23:24:18.0028 2512 [ 37E5E8FFBAD35605DAEEC3224EA0E465 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
23:24:18.0044 2512 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
23:24:18.0044 2512 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
23:24:18.0075 2512 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:24:18.0106 2512 PNRPAutoReg - ok
23:24:18.0137 2512 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:24:18.0153 2512 PNRPsvc - ok
23:24:18.0215 2512 [ 226BAACBFA1BA1A4937935DBC23CB1CD ] Point32 C:\Windows\system32\DRIVERS\point32.sys
23:24:18.0246 2512 Point32 - ok
23:24:18.0293 2512 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:24:18.0356 2512 PolicyAgent - ok
23:24:18.0402 2512 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
23:24:18.0449 2512 Power - ok
23:24:18.0480 2512 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:24:18.0527 2512 PptpMiniport - ok
23:24:18.0543 2512 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
23:24:18.0590 2512 Processor - ok
23:24:18.0652 2512 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
23:24:18.0699 2512 ProfSvc - ok
23:24:18.0714 2512 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:24:18.0730 2512 ProtectedStorage - ok
23:24:18.0761 2512 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:24:18.0792 2512 Psched - ok
23:24:18.0870 2512 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
23:24:18.0980 2512 ql2300 - ok
23:24:18.0995 2512 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
23:24:19.0026 2512 ql40xx - ok
23:24:19.0058 2512 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
23:24:19.0089 2512 QWAVE - ok
23:24:19.0104 2512 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:24:19.0136 2512 QWAVEdrv - ok
23:24:19.0198 2512 [ C7978AB193C145BC82625A5516C5224B ] R5U870FLx86 C:\Windows\system32\Drivers\R5U870FLx86.sys
23:24:19.0245 2512 R5U870FLx86 - ok
23:24:19.0307 2512 [ 0CAF10CFA5A3DBF334ABA05058407291 ] R5U870FUx86 C:\Windows\system32\Drivers\R5U870FUx86.sys
23:24:19.0323 2512 R5U870FUx86 - ok
23:24:19.0354 2512 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:24:19.0401 2512 RasAcd - ok
23:24:19.0448 2512 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:24:19.0510 2512 RasAgileVpn - ok
23:24:19.0541 2512 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
23:24:19.0572 2512 RasAuto - ok
23:24:19.0588 2512 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:24:19.0650 2512 Rasl2tp - ok
23:24:19.0713 2512 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
23:24:19.0791 2512 RasMan - ok
23:24:19.0806 2512 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:24:19.0853 2512 RasPppoe - ok
23:24:19.0884 2512 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:24:19.0931 2512 RasSstp - ok
23:24:19.0978 2512 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:24:20.0040 2512 rdbss - ok
23:24:20.0056 2512 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
23:24:20.0072 2512 rdpbus - ok
23:24:20.0118 2512 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:24:20.0150 2512 RDPCDD - ok
23:24:20.0165 2512 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
23:24:20.0228 2512 RDPDR - ok
23:24:20.0259 2512 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:24:20.0290 2512 RDPENCDD - ok
23:24:20.0321 2512 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:24:20.0368 2512 RDPREFMP - ok
23:24:20.0462 2512 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
23:24:20.0508 2512 RdpVideoMiniport - ok
23:24:20.0555 2512 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:24:20.0618 2512 RDPWD - ok
23:24:20.0680 2512 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:24:20.0711 2512 rdyboost - ok
23:24:20.0727 2512 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
23:24:20.0789 2512 RemoteAccess - ok
23:24:20.0836 2512 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:24:20.0883 2512 RemoteRegistry - ok
23:24:20.0914 2512 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:24:20.0976 2512 RpcEptMapper - ok
23:24:21.0008 2512 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
23:24:21.0039 2512 RpcLocator - ok
23:24:21.0070 2512 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
23:24:21.0101 2512 RpcSs - ok
23:24:21.0132 2512 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:24:21.0179 2512 rspndr - ok
23:24:21.0226 2512 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
23:24:21.0273 2512 s3cap - ok
23:24:21.0304 2512 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
23:24:21.0320 2512 SamSs - ok
23:24:21.0351 2512 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:24:21.0366 2512 sbp2port - ok
23:24:21.0413 2512 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:24:21.0476 2512 SCardSvr - ok
23:24:21.0507 2512 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:24:21.0538 2512 scfilter - ok
23:24:21.0616 2512 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
23:24:21.0694 2512 Schedule - ok
23:24:21.0710 2512 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
23:24:21.0741 2512 SCPolicySvc - ok
23:24:21.0788 2512 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:24:21.0866 2512 SDRSVC - ok
23:24:21.0912 2512 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:24:21.0944 2512 secdrv - ok
23:24:21.0975 2512 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
23:24:22.0037 2512 seclogon - ok
23:24:22.0068 2512 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
23:24:22.0100 2512 SENS - ok
23:24:22.0146 2512 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:24:22.0209 2512 SensrSvc - ok
23:24:22.0224 2512 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:24:22.0256 2512 Serenum - ok
23:24:22.0287 2512 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:24:22.0334 2512 Serial - ok
23:24:22.0365 2512 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
23:24:22.0412 2512 sermouse - ok
23:24:22.0521 2512 [ F31E9531AF225CA25350D5E87E999B31 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
23:24:22.0614 2512 ServiceLayer - ok
23:24:22.0661 2512 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
23:24:22.0708 2512 SessionEnv - ok
23:24:22.0755 2512 [ 8B7C1768D2CDE2E02E09A66563DDFD16 ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys
23:24:22.0802 2512 SFEP - ok
23:24:22.0848 2512 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:24:22.0911 2512 sffdisk - ok
23:24:22.0926 2512 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:24:22.0973 2512 sffp_mmc - ok
23:24:22.0989 2512 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:24:23.0004 2512 sffp_sd - ok
23:24:23.0036 2512 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
23:24:23.0067 2512 sfloppy - ok
23:24:23.0098 2512 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:24:23.0176 2512 SharedAccess - ok
23:24:23.0207 2512 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:24:23.0270 2512 ShellHWDetection - ok
23:24:23.0316 2512 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
23:24:23.0348 2512 sisagp - ok
23:24:23.0363 2512 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:24:23.0394 2512 SiSRaid2 - ok
23:24:23.0410 2512 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
23:24:23.0426 2512 SiSRaid4 - ok
23:24:23.0504 2512 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
23:24:23.0566 2512 SkypeUpdate - ok
23:24:23.0613 2512 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:24:23.0660 2512 Smb - ok
23:24:23.0706 2512 [ D169F32EEFCD6EF6B84D12876514E7F8 ] smsbda C:\Windows\system32\drivers\smsbda.sys
23:24:23.0738 2512 smsbda - ok
23:24:23.0784 2512 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:24:23.0816 2512 SNMPTRAP - ok
23:24:23.0847 2512 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
23:24:23.0862 2512 spldr - ok
23:24:23.0909 2512 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
23:24:23.0956 2512 Spooler - ok
23:24:24.0096 2512 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
23:24:24.0252 2512 sppsvc - ok
23:24:24.0299 2512 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:24:24.0362 2512 sppuinotify - ok
23:24:24.0393 2512 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
23:24:24.0455 2512 srv - ok
23:24:24.0486 2512 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:24:24.0533 2512 srv2 - ok
23:24:24.0564 2512 [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS
23:24:24.0611 2512 SrvHsfHDA - ok
23:24:24.0658 2512 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS
23:24:24.0736 2512 SrvHsfV92 - ok
23:24:24.0767 2512 [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
23:24:24.0814 2512 SrvHsfWinac - ok
23:24:24.0845 2512 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:24:24.0876 2512 srvnet - ok
23:24:24.0923 2512 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:24:24.0986 2512 SSDPSRV - ok
23:24:25.0032 2512 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
23:24:25.0048 2512 ssmdrv - ok
23:24:25.0064 2512 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:24:25.0126 2512 SstpSvc - ok
23:24:25.0157 2512 [ 3A21F06754F4028FEAFEEE85C4E5C01A ] STacSV C:\Windows\system32\stacsv.exe
23:24:25.0204 2512 STacSV - ok
23:24:25.0235 2512 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
23:24:25.0266 2512 stexstor - ok
23:24:25.0313 2512 [ 7127CEDECD3E4DE711D679080FAC67D0 ] STHDA C:\Windows\system32\drivers\stwrt.sys
23:24:25.0344 2512 STHDA - ok
23:24:25.0391 2512 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
23:24:25.0469 2512 StiSvc - ok
23:24:25.0500 2512 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
23:24:25.0532 2512 storflt - ok
23:24:25.0563 2512 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
23:24:25.0594 2512 StorSvc - ok
23:24:25.0610 2512 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
23:24:25.0641 2512 storvsc - ok
23:24:25.0672 2512 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
23:24:25.0703 2512 swenum - ok
23:24:25.0734 2512 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
23:24:25.0781 2512 swprv - ok
23:24:25.0859 2512 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
23:24:25.0984 2512 SysMain - ok
23:24:26.0031 2512 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:24:26.0078 2512 TabletInputService - ok
23:24:26.0124 2512 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
23:24:26.0171 2512 TapiSrv - ok
23:24:26.0202 2512 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
23:24:26.0265 2512 TBS - ok
23:24:26.0343 2512 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:24:26.0452 2512 Tcpip - ok
23:24:26.0514 2512 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:24:26.0546 2512 TCPIP6 - ok
23:24:26.0608 2512 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:24:26.0639 2512 tcpipreg - ok
23:24:26.0670 2512 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:24:26.0717 2512 TDPIPE - ok
23:24:26.0748 2512 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:24:26.0795 2512 TDTCP - ok
23:24:26.0842 2512 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:24:26.0889 2512 tdx - ok
23:24:26.0936 2512 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
23:24:26.0951 2512 TermDD - ok
23:24:27.0014 2512 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
23:24:27.0076 2512 TermService - ok
23:24:27.0123 2512 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
23:24:27.0170 2512 Themes - ok
23:24:27.0185 2512 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
23:24:27.0216 2512 THREADORDER - ok
23:24:27.0294 2512 [ 909CD987B54A8179C9AEE874D754721A ] ti21sony C:\Windows\system32\drivers\ti21sony.sys
23:24:27.0388 2512 ti21sony - ok
23:24:27.0419 2512 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
23:24:27.0482 2512 TrkWks - ok
23:24:27.0528 2512 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:24:27.0591 2512 TrustedInstaller - ok
23:24:27.0606 2512 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:24:27.0669 2512 tssecsrv - ok
23:24:27.0716 2512 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
23:24:27.0778 2512 TsUsbFlt - ok
23:24:27.0840 2512 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:24:27.0887 2512 tunnel - ok
23:24:27.0918 2512 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
23:24:27.0950 2512 uagp35 - ok
23:24:27.0981 2512 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:24:28.0043 2512 udfs - ok
23:24:28.0074 2512 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:24:28.0106 2512 UI0Detect - ok
23:24:28.0121 2512 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:24:28.0152 2512 uliagpkx - ok
23:24:28.0168 2512 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:24:28.0199 2512 umbus - ok
23:24:28.0215 2512 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
23:24:28.0262 2512 UmPass - ok
23:24:28.0293 2512 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
23:24:28.0324 2512 UmRdpService - ok
23:24:28.0402 2512 [ 927754ABF077AEB5504BE4E0F2C60C1B ] UMVPFSrv C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
23:24:28.0496 2512 UMVPFSrv - ok
23:24:28.0527 2512 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
23:24:28.0589 2512 upnphost - ok
23:24:28.0652 2512 [ 47F5F9D837D80FFD5882A14DB9DA0A67 ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
23:24:28.0698 2512 upperdev - ok
23:24:28.0730 2512 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
23:24:28.0761 2512 usbaudio - ok
23:24:28.0808 2512 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:24:28.0854 2512 usbccgp - ok
23:24:28.0886 2512 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:24:28.0932 2512 usbcir - ok
23:24:28.0979 2512 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:24:28.0995 2512 usbehci - ok
23:24:29.0042 2512 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:24:29.0073 2512 usbhub - ok
23:24:29.0120 2512 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
23:24:29.0151 2512 usbohci - ok
23:24:29.0182 2512 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:24:29.0198 2512 usbprint - ok
23:24:29.0229 2512 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
23:24:29.0276 2512 usbscan - ok
23:24:29.0369 2512 [ 31181DE6190B39FC8007DFFD1A48FFD6 ] usbser C:\Windows\system32\drivers\usbser.sys
23:24:29.0416 2512 usbser - ok
23:24:29.0463 2512 [ E44F0D17BE0908B58DCC99CCB99C6C32 ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
23:24:29.0494 2512 UsbserFilt - ok
23:24:29.0541 2512 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:24:29.0588 2512 USBSTOR - ok
23:24:29.0619 2512 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
23:24:29.0634 2512 usbuhci - ok
23:24:29.0697 2512 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
23:24:29.0728 2512 usbvideo - ok
23:24:29.0759 2512 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
23:24:29.0806 2512 UxSms - ok
23:24:29.0822 2512 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
23:24:29.0837 2512 VaultSvc - ok
23:24:29.0868 2512 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
23:24:29.0900 2512 vdrvroot - ok
23:24:29.0946 2512 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
23:24:30.0040 2512 vds - ok
23:24:30.0071 2512 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:24:30.0118 2512 vga - ok
23:24:30.0134 2512 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
23:24:30.0165 2512 VgaSave - ok
23:24:30.0212 2512 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
23:24:30.0243 2512 vhdmp - ok
23:24:30.0258 2512 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
23:24:30.0290 2512 viaagp - ok
23:24:30.0305 2512 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
23:24:30.0336 2512 ViaC7 - ok
23:24:30.0383 2512 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
23:24:30.0399 2512 viaide - ok
23:24:30.0430 2512 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
23:24:30.0461 2512 vmbus - ok
23:24:30.0477 2512 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
23:24:30.0492 2512 VMBusHID - ok
23:24:30.0508 2512 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:24:30.0539 2512 volmgr - ok
23:24:30.0570 2512 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:24:30.0602 2512 volmgrx - ok
23:24:30.0617 2512 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:24:30.0648 2512 volsnap - ok
23:24:30.0695 2512 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
23:24:30.0711 2512 vsmraid - ok
23:24:30.0789 2512 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
23:24:30.0898 2512 VSS - ok
23:24:30.0914 2512 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
23:24:30.0945 2512 vwifibus - ok
23:24:30.0992 2512 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
23:24:31.0054 2512 W32Time - ok
23:24:31.0085 2512 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
23:24:31.0116 2512 WacomPen - ok
23:24:31.0148 2512 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:24:31.0210 2512 WANARP - ok
23:24:31.0210 2512 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:24:31.0241 2512 Wanarpv6 - ok
23:24:31.0335 2512 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
23:24:31.0506 2512 WatAdminSvc - ok
23:24:31.0584 2512 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
23:24:31.0725 2512 wbengine - ok
23:24:31.0772 2512 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:24:31.0818 2512 WbioSrvc - ok
23:24:31.0865 2512 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:24:31.0912 2512 wcncsvc - ok
23:24:31.0943 2512 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:24:31.0990 2512 WcsPlugInService - ok
23:24:32.0021 2512 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
23:24:32.0052 2512 Wd - ok
23:24:32.0099 2512 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam.sys
23:24:32.0115 2512 WDC_SAM - ok
23:24:32.0208 2512 [ BF847A3972CC6B5CE26E0EA742DD52D9 ] WDDMService C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
23:24:32.0224 2512 WDDMService ( UnsignedFile.Multi.Generic ) - warning
23:24:32.0224 2512 WDDMService - detected UnsignedFile.Multi.Generic (1)
23:24:32.0286 2512 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:24:32.0349 2512 Wdf01000 - ok
23:24:32.0427 2512 [ B5966F1DFF6E20576F3C8C2D93D129FD ] WDFME C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
23:24:32.0536 2512 WDFME ( UnsignedFile.Multi.Generic ) - warning
23:24:32.0536 2512 WDFME - detected UnsignedFile.Multi.Generic (1)
23:24:32.0583 2512 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:24:32.0645 2512 WdiServiceHost - ok
23:24:32.0661 2512 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:24:32.0676 2512 WdiSystemHost - ok
23:24:32.0754 2512 [ 92F0088CA18BB08BB596EF2608256F8A ] WDSC C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
23:24:32.0786 2512 WDSC ( UnsignedFile.Multi.Generic ) - warning
23:24:32.0786 2512 WDSC - detected UnsignedFile.Multi.Generic (1)
23:24:32.0832 2512 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
23:24:32.0879 2512 WebClient - ok
23:24:32.0926 2512 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:24:32.0957 2512 Wecsvc - ok
23:24:32.0988 2512 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:24:33.0020 2512 wercplsupport - ok
23:24:33.0066 2512 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
23:24:33.0113 2512 WerSvc - ok
23:24:33.0207 2512 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:24:33.0238 2512 WfpLwf - ok
23:24:33.0254 2512 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:24:33.0285 2512 WIMMount - ok
23:24:33.0347 2512 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
23:24:33.0425 2512 WinDefend - ok
23:24:33.0425 2512 WinHttpAutoProxySvc - ok
23:24:33.0488 2512 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:24:33.0534 2512 Winmgmt - ok
23:24:33.0612 2512 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
23:24:33.0737 2512 WinRM - ok
23:24:33.0800 2512 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
23:24:33.0831 2512 WinUsb - ok
23:24:33.0893 2512 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
23:24:33.0956 2512 Wlansvc - ok
23:24:34.0096 2512 [ 5E7C103F8475C4289847D15E129C20F7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:24:34.0190 2512 wlidsvc - ok
23:24:34.0221 2512 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
23:24:34.0236 2512 WmiAcpi - ok
23:24:34.0268 2512 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:24:34.0314 2512 wmiApSrv - ok
23:24:34.0439 2512 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
23:24:34.0580 2512 WMPNetworkSvc - ok
23:24:34.0611 2512 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:24:34.0673 2512 WPCSvc - ok
23:24:34.0720 2512 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:24:34.0767 2512 WPDBusEnum - ok
23:24:34.0798 2512 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:24:34.0845 2512 ws2ifsl - ok
23:24:34.0860 2512 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
23:24:34.0892 2512 wscsvc - ok
23:24:34.0907 2512 WSearch - ok
23:24:35.0016 2512 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
23:24:35.0126 2512 wuauserv - ok
23:24:35.0172 2512 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:24:35.0204 2512 WudfPf - ok
23:24:35.0235 2512 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:24:35.0282 2512 WUDFRd - ok
23:24:35.0344 2512 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:24:35.0375 2512 wudfsvc - ok
23:24:35.0406 2512 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
23:24:35.0453 2512 WwanSvc - ok
23:24:35.0500 2512 [ B07C5B7EFDF936FF93D4F540938725BE ] yukonw7 C:\Windows\system32\DRIVERS\yk62x86.sys
23:24:35.0531 2512 yukonw7 - ok
23:24:35.0547 2512 ================ Scan global ===============================
23:24:35.0594 2512 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
23:24:35.0640 2512 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
23:24:35.0672 2512 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
23:24:35.0703 2512 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
23:24:35.0734 2512 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
23:24:35.0734 2512 [Global] - ok
23:24:35.0734 2512 ================ Scan MBR ==================================
23:24:35.0750 2512 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:24:36.0046 2512 \Device\Harddisk0\DR0 - ok
23:24:36.0046 2512 ================ Scan VBR ==================================
23:24:36.0046 2512 [ CF50D8741F6A1C1153E2A3A8361ABFFB ] \Device\Harddisk0\DR0\Partition1
23:24:36.0062 2512 \Device\Harddisk0\DR0\Partition1 - ok
23:24:36.0077 2512 [ 978089A538A9D24D24480596562E436D ] \Device\Harddisk0\DR0\Partition2
23:24:36.0077 2512 \Device\Harddisk0\DR0\Partition2 - ok
23:24:36.0108 2512 [ 114DB6AD546814EAA0415D8E5C01F52B ] \Device\Harddisk0\DR0\Partition3
23:24:36.0108 2512 \Device\Harddisk0\DR0\Partition3 - ok
23:24:36.0108 2512 ============================================================
23:24:36.0108 2512 Scan finished
23:24:36.0108 2512 ============================================================
23:24:36.0124 2728 Detected object count: 10
23:24:36.0124 2728 Actual detected object count: 10
23:25:09.0290 2728 Afc ( UnsignedFile.Multi.Generic ) - skipped by user
23:25:09.0290 2728 Afc ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:25:09.0290 2728 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
23:25:09.0290 2728 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:25:09.0305 2728 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
23:25:09.0305 2728 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:25:09.0305 2728 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
23:25:09.0305 2728 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:25:09.0305 2728 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
23:25:09.0305 2728 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:25:09.0305 2728 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
23:25:09.0305 2728 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:25:09.0305 2728 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
23:25:09.0305 2728 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:25:09.0321 2728 WDDMService ( UnsignedFile.Multi.Generic ) - skipped by user
23:25:09.0321 2728 WDDMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:25:09.0321 2728 WDFME ( UnsignedFile.Multi.Generic ) - skipped by user
23:25:09.0321 2728 WDFME ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:25:09.0321 2728 WDSC ( UnsignedFile.Multi.Generic ) - skipped by user
23:25:09.0321 2728 WDSC ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:26:40.0482 2288 Deinitialize success
Viele Grüße RK |
|
19.03.2013, 12:35
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PUP.RewardsArcade in Registrierungsschluessel JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
20.03.2013, 10:43
| #5 |
| | PUP.RewardsArcade in Registrierungsschluessel Hallo cosinus, danke für die weiteren Anweisungen und Tipps: 1) JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.2 (03.15.2013:1)
OS: Windows 7 Professional x86
Ran by RK on 19.03.2013 at 18:57:09,74
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_current_user\software\cr_installer
Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\rewardsarcade.fbapi
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\rewardsarcade.fbapi.1
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted: [File] C:\Users\RK\AppData\Roaming\mozilla\firefox\profiles\ukmzecrj.default\searchplugins\askcom.xml
Emptied folder: C:\Users\RK\AppData\Roaming\mozilla\firefox\profiles\ukmzecrj.default\minidumps [567 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.03.2013 at 19:00:54,64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.115 - Datei am 19/03/2013 um 19:04:51 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : RK - ROBERT-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\RK\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Users\RK\AppData\Local\Temp\AskSearch
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25514C64-8321-494E-BD3E-3DBAB3F8CEBA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16521
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v19.0.2 (de)
Datei : C:\Users\RK\AppData\Roaming\Mozilla\Firefox\Profiles\ukmzecrj.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Opera v [Version kann nicht ermittelt werden]
Datei : C:\Users\RK\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [1273 octets] - [19/03/2013 19:04:51]
########## EOF - C:\AdwCleaner[S1].txt - [1333 octets] ##########
3) OTL Hier habe ich nach der verlinkten Anleitung "LOP Prüfung" und "Purity Prüfung" aktiviert, auch wenn Du das nicht explizit erwähnt hast. Ich hoffe das war richtig. OTL-Log: OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.03.2013 19:10:54 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\RK\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16521) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 58,63% Memory free 3,98 Gb Paging File | 3,03 Gb Available in Paging File | 76,12% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 65,00 Gb Total Space | 1,08 Gb Free Space | 1,67% Space Free | Partition Type: NTFS Drive D: | 46,69 Gb Total Space | 2,77 Gb Free Space | 5,94% Space Free | Partition Type: NTFS Computer Name: ROBERT-PC | User Name: RK | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\RK\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (SigmaTel, Inc.) SRV - (UMVPFSrv) -- C:\Programme\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (WDFME) -- C:\Programme\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe () SRV - (WDSC) -- C:\Programme\Western Digital\WD SmartWare\Front Parlor\WDSC.exe () SRV - (WDDMService) -- C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia) DRV - (R5U870FLx86) -- C:\Windows\System32\drivers\R5U870FLx86.sys (Ricoh) DRV - (R5U870FUx86) -- C:\Windows\System32\drivers\R5U870FUx86.sys (Ricoh) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.) DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.) DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.) DRV - (smsbda) -- C:\Windows\System32\drivers\smsbda.sys (Siano) DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell) DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation) DRV - (acehlp10) -- C:\Windows\System32\drivers\acehlp10.sys (Protect Software GmbH) DRV - (acedrv10) -- C:\Windows\System32\drivers\ACEDRV10.sys (Protect Software GmbH) DRV - (ti21sony) -- C:\Windows\System32\drivers\ti21sony.sys (Texas Instruments) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1359478748-2525356977-761289883-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\RK\Desktop IE - HKU\S-1-5-21-1359478748-2525356977-761289883-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-1359478748-2525356977-761289883-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1359478748-2525356977-761289883-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1359478748-2525356977-761289883-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 81 7E A8 0C E2 C3 CC 01 [binary data] IE - HKU\S-1-5-21-1359478748-2525356977-761289883-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1359478748-2525356977-761289883-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1359478748-2525356977-761289883-1000\..\SearchScopes\{553852A3-665D-47A0-8DB6-15C1A116880D}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz= IE - HKU\S-1-5-21-1359478748-2525356977-761289883-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1359478748-2525356977-761289883-1000\..\SearchScopes\{E84F4033-D7CD-486E-A589-8AA5CCAAAF7F}: "URL" = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms} IE - HKU\S-1-5-21-1359478748-2525356977-761289883-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: nosquint%40urandom.ca:2.1.6 FF - prefs.js..extensions.enabledAddons: %7Bdaf44bf7-a45e-4450-979c-91cf07434c3d%7D:1.5.8 FF - prefs.js..extensions.enabledAddons: %7B8AA36F4F-6DC7-4c06-77AF-5035170634FE%7D:2012.09.13 FF - prefs.js..extensions.enabledAddons: %7B4cc4a13b-94a6-7568-370d-5f9de54a9c7f%7D:2.1 FF - prefs.js..extensions.enabledAddons: %7B9AA46F4F-4DC7-4c06-97AF-5035170634FE%7D:5.2 FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68 FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.6.110 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\Windows\DOWNLO~1\NpFv530.dll (1 mal 1 Software GmbH) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012.12.02 20:51:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 14:02:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.08 14:02:24 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 14:02:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.08 14:02:24 | 000,000,000 | ---D | M] [2012.09.18 11:28:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RK\AppData\Roaming\mozilla\Extensions [2013.03.03 17:49:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RK\AppData\Roaming\mozilla\Firefox\Profiles\ukmzecrj.default\extensions [2013.03.03 17:49:47 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\RK\AppData\Roaming\mozilla\Firefox\Profiles\ukmzecrj.default\extensions\donottrackplus@abine.com [2012.11.19 13:34:20 | 000,113,112 | ---- | M] () (No name found) -- C:\Users\RK\AppData\Roaming\mozilla\firefox\profiles\ukmzecrj.default\extensions\nosquint@urandom.ca.xpi [2013.02.04 15:53:08 | 000,023,709 | ---- | M] () (No name found) -- C:\Users\RK\AppData\Roaming\mozilla\firefox\profiles\ukmzecrj.default\extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}.xpi [2013.02.21 17:01:15 | 000,115,869 | ---- | M] () (No name found) -- C:\Users\RK\AppData\Roaming\mozilla\firefox\profiles\ukmzecrj.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2013.03.03 17:49:45 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\RK\AppData\Roaming\mozilla\firefox\profiles\ukmzecrj.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012.10.18 10:22:04 | 000,115,263 | ---- | M] () (No name found) -- C:\Users\RK\AppData\Roaming\mozilla\firefox\profiles\ukmzecrj.default\extensions\{daf44bf7-a45e-4450-979c-91cf07434c3d}.xpi [2013.02.12 06:55:59 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\RK\AppData\Roaming\mozilla\firefox\profiles\ukmzecrj.default\extensions\donottrackplus@abine.com\chrome\content\ff\view_expiry.js [2013.03.08 14:02:14 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.12.02 20:51:52 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX [2013.03.08 14:02:36 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.12.09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-1359478748-2525356977-761289883-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleNetIDList = 1 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1362648753484 (MUCatalogWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 1.7.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 10.17.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F561} hxxp://download.flatcast.net/objects/NpFv530.dll (Flatcast Viewer 5.3) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 134.169.172.1 134.169.9.150 134.169.9.151 134.169.9.152 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0DCC2B62-5BFD-4AFA-825A-6D910F509E47}: DhcpNameServer = 134.169.172.1 134.169.9.150 134.169.9.151 134.169.9.152 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F2D7BDB-400D-48E6-8345-874DFFA9A04D}: DhcpNameServer = 134.169.9.152 134.169.9.151 134.169.9.150 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{345905ec-6ce7-11e1-b28c-0013a9c0c8e8}\Shell - "" = AutoRun O33 - MountPoints2\{345905ec-6ce7-11e1-b28c-0013a9c0c8e8}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\{a12bd357-541d-11e2-86ad-0013a9c0c8e8}\Shell - "" = AutoRun O33 - MountPoints2\{a12bd357-541d-11e2-86ad-0013a9c0c8e8}\Shell\AutoRun\command - "" = H:\unlock.exe autoplay=true O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.19 18:57:06 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.03.19 18:56:35 | 000,000,000 | ---D | C] -- C:\JRT [2013.03.19 18:22:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\RK\Desktop\OTL.exe [2013.03.19 18:17:23 | 000,549,920 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\RK\Desktop\JRT.exe [2013.03.19 12:59:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Duden [2013.03.19 12:59:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Duden [2013.03.19 12:59:14 | 000,000,000 | ---D | C] -- C:\Users\RK\AppData\Roaming\Duden [2013.03.19 12:59:14 | 000,000,000 | ---D | C] -- C:\Program Files\Duden [2013.03.14 09:30:56 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe [2013.03.14 09:30:56 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll [2013.03.14 09:30:55 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.03.14 09:30:55 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.03.14 09:30:55 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2013.03.14 09:30:55 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.03.14 09:30:55 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.03.14 09:30:55 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2013.03.14 09:30:55 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2013.03.14 09:30:55 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2013.03.14 09:30:55 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2013.03.14 09:30:55 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2013.03.14 09:30:55 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2013.03.14 09:30:55 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2013.03.14 09:30:55 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.03.14 09:30:55 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2013.03.14 09:30:55 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2013.03.14 09:30:55 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013.03.14 09:30:55 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2013.03.14 09:30:55 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2013.03.14 09:30:55 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013.03.14 09:30:55 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2013.03.14 09:30:55 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2013.03.14 09:30:55 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2013.03.14 09:30:55 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.03.14 09:30:55 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2013.03.14 09:30:55 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2013.03.14 09:30:54 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.03.14 09:30:54 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll [2013.03.14 09:30:54 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2013.03.14 09:30:54 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2013.03.14 09:30:54 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.03.14 09:30:54 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013.03.14 09:30:54 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013.03.14 09:30:54 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013.03.14 09:30:54 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2013.03.14 09:27:55 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys [2013.03.12 23:15:28 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll [2013.03.09 18:26:12 | 000,000,000 | ---D | C] -- C:\Users\RK\AppData\Roaming\Malwarebytes [2013.03.09 18:25:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.09 18:25:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.09 18:25:44 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.03.09 18:25:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.03.08 23:45:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2013.03.08 14:02:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.03.07 10:40:09 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache [2013.03.06 10:55:03 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.03.06 10:54:46 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.03.06 10:54:46 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.03.06 10:54:46 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.03.06 10:54:29 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.03.05 15:36:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.02.28 14:15:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.02.28 14:15:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2013.02.27 13:29:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center [2013.02.27 13:28:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center [2013.02.27 13:23:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.02.27 13:22:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.02.27 13:20:01 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll [2013.02.27 13:19:51 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2013.02.27 13:19:47 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.27 13:19:47 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.27 13:19:47 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.27 13:19:44 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2013.02.27 13:19:43 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.27 13:19:43 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.27 13:19:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.27 13:19:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.27 13:19:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.27 13:19:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.27 13:19:42 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2013.02.27 13:19:41 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll [2013.02.27 13:19:41 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2013.02.27 13:19:41 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2013.02.27 13:19:41 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2013.02.27 13:19:41 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2013.02.27 13:19:41 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2013.02.27 13:19:41 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2013.02.27 13:19:40 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2013.02.27 13:19:40 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2013.02.27 13:19:40 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2013.02.27 13:19:40 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2013.02.27 13:19:39 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2013.02.26 14:26:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [1 C:\Users\RK\*.tmp files -> C:\Users\RK\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.19 19:14:33 | 000,013,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.19 19:14:33 | 000,013,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.19 19:07:36 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.19 19:06:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.19 19:06:22 | 1603,084,288 | -HS- | M] () -- C:\hiberfil.sys [2013.03.19 18:29:21 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.19 18:23:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\RK\Desktop\OTL.exe [2013.03.19 18:22:27 | 000,562,474 | ---- | M] () -- C:\Users\RK\Desktop\OTL - OTLogfile by Oldtimer - Trojaner-Board.pdf [2013.03.19 18:18:59 | 000,609,993 | ---- | M] () -- C:\Users\RK\Desktop\adwcleaner.exe [2013.03.19 18:17:57 | 000,039,838 | ---- | M] () -- C:\Users\RK\Desktop\Tools 3.pdf [2013.03.19 18:17:33 | 000,549,920 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\RK\Desktop\JRT.exe [2013.03.14 17:18:24 | 000,000,000 | ---- | M] () -- C:\Users\RK\defogger_reenable [2013.03.14 14:30:07 | 001,149,657 | ---- | M] () -- C:\Users\RK\Desktop\Elektroauto – Wikipedia.pdf [2013.03.14 09:30:56 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe [2013.03.14 09:30:56 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll [2013.03.14 09:30:55 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.03.14 09:30:55 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.03.14 09:30:55 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2013.03.14 09:30:55 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.03.14 09:30:55 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.03.14 09:30:55 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2013.03.14 09:30:55 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2013.03.14 09:30:55 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2013.03.14 09:30:55 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2013.03.14 09:30:55 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2013.03.14 09:30:55 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2013.03.14 09:30:55 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2013.03.14 09:30:55 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.03.14 09:30:55 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2013.03.14 09:30:55 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2013.03.14 09:30:55 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013.03.14 09:30:55 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2013.03.14 09:30:55 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2013.03.14 09:30:55 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013.03.14 09:30:55 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2013.03.14 09:30:55 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2013.03.14 09:30:55 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2013.03.14 09:30:55 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.03.14 09:30:55 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2013.03.14 09:30:55 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2013.03.14 09:30:54 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.03.14 09:30:54 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll [2013.03.14 09:30:54 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2013.03.14 09:30:54 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2013.03.14 09:30:54 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.03.14 09:30:54 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013.03.14 09:30:54 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013.03.14 09:30:54 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013.03.14 09:30:54 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2013.03.14 09:30:54 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2013.03.14 08:26:54 | 000,657,910 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.03.14 08:26:54 | 000,619,146 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.03.14 08:26:54 | 000,131,250 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.03.14 08:26:54 | 000,107,466 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.03.12 23:15:28 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll [2013.03.06 10:54:31 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll [2013.03.06 10:54:31 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2013.03.06 10:54:31 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.03.06 10:54:31 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.03.06 10:54:31 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.03.06 10:54:31 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.03.05 18:40:52 | 000,572,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.02.27 15:59:38 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.02.27 15:59:38 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.02.27 15:55:54 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs [1 C:\Users\RK\*.tmp files -> C:\Users\RK\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.19 18:21:53 | 000,562,474 | ---- | C] () -- C:\Users\RK\Desktop\OTL - OTLogfile by Oldtimer - Trojaner-Board.pdf [2013.03.19 18:18:50 | 000,609,993 | ---- | C] () -- C:\Users\RK\Desktop\adwcleaner.exe [2013.03.19 18:17:57 | 000,039,838 | ---- | C] () -- C:\Users\RK\Desktop\Tools 3.pdf [2013.03.14 17:18:24 | 000,000,000 | ---- | C] () -- C:\Users\RK\defogger_reenable [2013.03.14 14:30:04 | 001,149,657 | ---- | C] () -- C:\Users\RK\Desktop\Elektroauto – Wikipedia.pdf [2013.03.14 09:30:54 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2012.12.03 18:13:33 | 000,016,098 | ---- | C] () -- C:\Windows\German2.ini [2012.08.24 15:49:07 | 000,000,351 | ---- | C] () -- C:\Users\RK\Spiele - Verknüpfung.lnk [2012.08.19 23:35:19 | 000,007,168 | ---- | C] () -- C:\Users\RK\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.03 17:11:54 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2012.05.01 09:04:19 | 000,004,096 | -H-- | C] () -- C:\Users\RK\AppData\Local\keyfile3.drm [2012.04.22 21:06:23 | 000,017,408 | ---- | C] () -- C:\Users\RK\AppData\Local\WebpageIcons.db [2012.04.16 17:33:31 | 000,000,173 | ---- | C] () -- C:\Users\RK\AppData\Local\msmathematics.qat.RK [2012.04.05 15:49:54 | 000,180,008 | ---- | C] () -- C:\Windows\SETUP1.EXE [2012.03.02 17:20:08 | 000,007,600 | ---- | C] () -- C:\Users\RK\AppData\Local\Resmon.ResmonCfg [2012.01.08 22:13:51 | 000,245,528 | ---- | C] () -- C:\Windows\hpoins19.dat [2012.01.08 22:13:51 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat [2011.12.29 11:18:44 | 000,125,426 | ---- | C] () -- C:\Windows\cgmxp32.ini [2011.12.28 16:20:41 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.12.28 16:14:26 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2011.12.28 16:14:26 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2011.12.26 18:55:58 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll [2011.08.19 09:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll [2011.08.19 09:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll [2011.08.19 09:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe [2011.08.12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2011.07.26 06:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.03.19 13:00:22 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\Duden [2012.01.26 23:49:11 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\DVDVideoSoft [2013.01.15 23:03:49 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\FileZilla [2012.01.09 11:32:33 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\Leadertech [2012.08.19 23:38:09 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\Nokia [2012.08.19 20:51:43 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\Nokia Suite [2012.09.18 11:37:42 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\Opera [2012.02.28 10:10:10 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\PC Suite [2013.02.13 09:38:39 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\Swiss Academic Software [2012.01.11 17:01:46 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\Sync App Settings [2013.03.17 20:56:18 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\temp [2012.02.01 08:42:27 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\Trillian ========== Purity Check ========== < End of report > Extras-Log: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 19.03.2013 19:10:54 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\RK\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 58,63% Memory free
3,98 Gb Paging File | 3,03 Gb Available in Paging File | 76,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 65,00 Gb Total Space | 1,08 Gb Free Space | 1,67% Space Free | Partition Type: NTFS
Drive D: | 46,69 Gb Total Space | 2,77 Gb Free Space | 5,94% Space Free | Partition Type: NTFS
Computer Name: ROBERT-PC | User Name: RK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1359478748-2525356977-761289883-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DefaultOutboundAction" = 1
"DefaultInboundAction" = 1
"DoNotAllowExceptions" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0079B8EF-A4E2-4862-96F4-F29C00490744}" = dir=out | app=%programfiles%\digital publishing\isrs1_16_689518\set.exe |
"{0273A601-5074-4EA1-A0EB-CB93792189AB}" = dir=out | app=%programfiles%\windows live\photo gallery\wlxvideocameraautoplaymanager.exe |
"{034EADA1-C349-48C3-ABD3-7140A2591315}" = dir=out | app=%programfiles%\google\update\download\{430fd4d0-b729-4f61-aa34-91526481799d}\1.3.21.115\googleupdatesetup.exe |
"{037B8C48-3A7A-4C0A-AE0A-3E699D7711FD}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\videomanager.exe |
"{043A57E5-78E6-4BF2-8085-2F06265D1790}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\conversionhandler.exe |
"{04CA5362-B4F9-44C6-9B65-FD62DD091BB1}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\pcsync2.exe |
"{04CD64A7-28FA-48FB-B71D-90DFBA406298}" = dir=out | app=%programfiles%\ea sports\fussball manager 09\shortcuteditor_inst.exe |
"{0546E6A3-D209-407C-A1C6-C5C4ED862E18}" = dir=out | app=%programfiles%\microsoft mouse and keyboard center\itype.exe |
"{05D2FCD1-8442-4FBF-A855-E733040B5633}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\getconnected.exe |
"{073181B5-E6C9-4847-8803-10506DAD49D3}" = dir=out | app=%programfiles%\microsoft mouse and keyboard center\mousinfo.exe |
"{0A1E443B-D8FA-4BDF-A018-AB86C878BD0E}" = dir=out | app=%programfiles%\microsoft mouse and keyboard center\touchmousepractice.exe |
"{0AFA7149-7067-409B-A04A-9A10419BF2EE}" = dir=out | app=%programfiles%\sigmatel\c-major audio\setup.exe |
"{0C665A56-4AA6-424A-86C5-FF744C8AAC8C}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\connectionmanager.exe |
"{0CDE49E1-A8C4-4144-BAB1-799BEF0BFB7A}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\pcsynclv.exe |
"{0EE57F5F-37D7-4E2B-9226-6C86BDA8EA5D}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\onetouchaccess.exe |
"{0F951987-3A50-4662-BA89-8F8847A8BC16}" = dir=out | app=%programfiles%\common files\hewlett-packard\scanjet\bin\hpsjrreg.exe |
"{10189993-0D07-41E0-9B11-FDC4C745D910}" = dir=out | app=%programfiles%\hp\hp software update\hpwucli.exe |
"{1097A53B-C01F-459D-BF4D-B2381988DEC9}" = dir=out | app=%programfiles%\common files\nokia\mpapi\mpapi3s.exe |
"{110B43CC-925E-4A75-99F7-3CE212A1BCD7}" = dir=out | app=%programfiles%\gs\gs9.00\bin\gswin32c.exe |
"{1110A76C-09F4-4735-9BD9-71EDF40365A5}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\communicationcentre.exe |
"{14599659-A902-43A2-A23D-8AF8060B7FC0}" = dir=out | app=%programfiles%\microsoft games\freecell\freecell.exe |
"{15184DF7-4C4D-4416-8A3F-40077CC5DD56}" = dir=out | app=%programfiles%\hp\temp\{b61ed343-0b14-4241-999c-490cb1a20da4}\setup\hpzrcv01.exe |
"{1862159F-C8FF-4B1E-8A22-E92E6713D148}" = dir=out | app=%programfiles%\paint.net\pdnrepair.exe |
"{1C733848-A55B-404F-82BD-C22128465777}" = dir=out | app=%programfiles%\sun\sun odf plugin for microsoft office 3.2\program\sweb.exe |
"{1D2B556E-E6ED-44DE-A4DD-41E31752D590}" = dir=out | app=%programfiles%\data becker\weihnachts-druckerei\dbupdatechecker.exe |
"{1FBE7388-1878-484D-ACF2-78508BB3F9A0}" = dir=out | app=%programfiles%\windows media player\wmpshare.exe |
"{2410FF93-CCF2-479F-BF5B-C036744AE0C9}" = dir=out | app=%programfiles%\microsoft mouse and keyboard center\ipoint.exe |
"{27E946EE-CFA0-45EC-9565-931544EB4466}" = dir=out | app=%programfiles%\windows live\photo gallery\wlxalbumdownloadwizard.exe |
"{28B907FB-3D2B-46C3-99D2-649AB4042D17}" = dir=out | app=%programfiles%\data becker\weihnachts-druckerei\updchecker.exe |
"{28E414B8-7477-4B11-ADC9-21381958E2E7}" = dir=out | app=%programfiles%\windows live\photo gallery\wlxquicktimecontrolhost.exe |
"{2B383911-75DE-4125-A3C0-8B379898D560}" = dir=out | app=%programfiles%\windows media player\wmpsideshowgadget.exe |
"{2C8AB345-5908-446B-AB33-5D54E1C11048}" = dir=out | app=%programfiles%\windows media player\wmpdmc.exe |
"{2CC348DD-18A9-49EA-BD62-2AA1E251DEA8}" = dir=out | app=%programfiles%\windows live\photo gallery\wlxtranscode.exe |
"{2D2C77D7-8ADD-40A5-9DF0-1DA9C284222B}" = dir=out | app=%programfiles%\ea sports\fifa 09\support\fifa 09_code.exe |
"{2DE75529-7D14-4B2E-8FC4-0930D74EE96F}" = dir=out | app=%programfiles%\common files\dvdvideosoft\fixcomponentssilent.exe |
"{2E31EB50-99E9-46DB-A1F7-AEDFA68BBDCC}" = dir=out | app=%programfiles%\microsoft games\solitaire\solitaire.exe |
"{2F53687F-F82F-4B2C-87A9-810DA94DD1DB}" = dir=out | app=%programfiles%\digital publishing\kte_16_689498\set.exe |
"{32FB258C-19D5-4681-93CE-23499C653910}" = dir=out | app=%programfiles%\allway sync\bin\syncappw.exe |
"{33369236-BED9-4683-AC43-9E15D881AA5E}" = dir=out | app=%programfiles%\logitech\ereg\ereg.exe |
"{333F2ED6-A086-4203-8E6C-05A1C9EA845E}" = dir=out | app=%programfiles%\windows live\photo gallery\wlxphotoacquirewizard.exe |
"{33586279-F8DF-4554-99B5-D84007358C58}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\connectionmanager.exe |
"{394343B5-7993-4AE3-AB4C-07A652163D0F}" = dir=out | app=%programfiles%\windows live\photo gallery\wlxvideoacquirewizard.exe |
"{3ADADFC8-3AE0-4DE1-B902-E31AD5734E6E}" = dir=out | app=%programfiles%\windows media player\wmprph.exe |
"{3C590437-E664-4DE9-BACD-7D3962D63FA3}" = dir=out | app=%programfiles%\windows live\contacts\wlcomm.exe |
"{3D4C55AE-B41E-4578-B6A6-A48F03D246F5}" = dir=out | app=%programfiles%\hp\temp\{b61ed343-0b14-4241-999c-490cb1a20da4}\setup\hpzpnp01.exe |
"{3D9C77C5-5332-4F61-8AF9-95D2E66ECDC4}" = dir=out | app=%programfiles%\gs\gs9.00\bin\gswin32.exe |
"{3DDB5EC0-DC3A-4D37-A41F-9064D1C983DE}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\applicationinstaller.exe |
"{3E9EB27E-4CD0-40B2-9F47-A2CD608F13B2}" = dir=out | app=%programfiles%\windows live\photo gallery\wlxphotogallery.exe |
"{3EFA3DBC-F26B-457C-9195-9D8F32011A5E}" = dir=out | app=%programfiles%\activision\thps2\thps2setup.exe |
"{3FC91082-6B2A-4A64-86AE-D637ED9FDCFB}" = dir=out | app=%programfiles%\microsoft mathematics\mathapp.exe |
"{414357ED-8F80-4CE2-8687-D13E471B5091}" = dir=out | app=%programfiles%\windows live\photo gallery\wlxcodechost.exe |
"{4C2121E2-DE58-4329-BBDB-FE41F19D20FE}" = dir=out | app=%programfiles%\windows live\installer\wlarp.exe |
"{4CE7E69C-34B2-4F5A-9B72-A4038A03A91F}" = dir=out | app=%programfiles%\microsoft mouse and keyboard center\btwizard.exe |
"{536928D9-3BB2-4A10-808D-58581864DE3F}" = dir=out | app=%programfiles%\winamp\uninstwa.exe |
"{53B8D633-64CE-4F69-803D-E37BD68B7701}" = dir=out | app=%programfiles%\windows media player\wmpenc.exe |
"{540EBCEF-956D-4256-A6F1-4374636DC748}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\onetouchaccess.exe |
"{55C08F72-E253-4965-96DD-CE471DB3DF20}" = dir=out | app=%programfiles%\microsoft silverlight\5.1.10411.0\agcp.exe |
"{56051BF7-7162-40B3-B87B-4AEEBE06F793}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\pcsync2.exe |
"{56680FC8-EF51-421A-B42E-DCD8C094768D}" = dir=out | app=%programfiles%\windows media player\wmlaunch.exe |
"{5908627A-93CD-4CCE-975C-09FB5BA38CFC}" = dir=out | app=%programfiles%\digital publishing\isrs1_16_689518\!isrs1.exe |
"{5913C5C3-3646-42B6-9F49-27A0BD6AC277}" = dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{59F05DB9-8B87-45AD-9741-B044A81F4594}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5C30B6CF-6C43-4956-A6CE-4E8BC0076E7D}" = dir=out | app=%programfiles%\google\update\download\{eeaab3af-8e11-491f-be19-5fb80c829945}\googleupdatesetup.exe |
"{5EE0DA65-1EFA-45D4-99F9-5BCCA689CE85}" = dir=out | app=%programfiles%\logitech\lws\webcam software\lws.exe |
"{5F619AE8-02B7-46DF-B467-47FB44250A8E}" = dir=out | app=%programfiles%\hp\temp\{b61ed343-0b14-4241-999c-490cb1a20da4}\setup\hpzmsi01.exe |
"{60752969-11C3-4D66-930C-D93F60C89695}" = dir=out | app=%programfiles%\microsoft mathematics\conversiontool.exe |
"{6158158D-B770-4587-AE4C-3E72D5BC8613}" = dir=out | app=%programfiles%\windows live\installer\wlstartup.exe |
"{644F8532-F9F7-4E91-B243-7C85E25EDB37}" = dir=out | app=%programfiles%\windows live\installer\langselector.exe |
"{64925DB3-5082-4415-889F-9714C9A44616}" = dir=out | app=%programfiles%\ea sports\fussball manager 09\directx\dxsetup.exe |
"{65BE358A-F1E6-4A83-9074-9737997C6640}" = dir=out | app=%programfiles%\ea sports\fussball manager 09\shortcuteditor_uninst.exe |
"{66097F35-AC8F-4BB1-B3DF-D398BEBB50C4}" = dir=out | app=%programfiles%\windows live\installer\wlsettings.exe |
"{665BA24B-9178-4ECE-81B0-6C996A8AB8C1}" = dir=out | app=%programfiles%\arcsoft\totalmedia 3.5\tvpi.exe |
"{684E9CE2-37DC-4452-8E7E-5539A061C227}" = dir=out | app=%programfiles%\microsoft silverlight\4.1.10329.0\agcp.exe |
"{6AB8E713-8E3B-48C4-B5F9-8283C749F807}" = dir=out | app=%programfiles%\google\update\googleupdate.exe |
"{6F307793-BEC9-420A-B88E-46F710489567}" = dir=out | app=%programfiles%\difx\270581355a767bf1\dpinst32.exe |
"{71CD78B6-AC38-485F-8A29-F52E95D6C1BE}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\conversionhandler.exe |
"{7205C0E1-DB31-403C-8FD6-19791D7A0D3F}" = dir=out | app=%programfiles%\logitech\lws\webcam software\camerahelpershell.exe |
"{7482FEE6-EF09-4BC1-9EB2-449D08887B48}" = dir=out | app=%programfiles%\microsoft silverlight\4.1.10329.0\coregen.exe |
"{76F7A2F2-7A05-4AE3-B658-486ABDB6C878}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\contentcopier.exe |
"{774DDA47-C338-4D23-A201-941EC7084CE0}" = dir=out | app=%programfiles%\common files\borland shared\bde\bdeadmin.exe |
"{7894F630-FAB1-4BCA-9B5B-6DE3376B6924}" = dir=out | app=%programfiles%\paint.net\updatemonitor.exe |
"{7939DCB3-9E02-448A-B3BF-55E9016D9099}" = dir=out | app=%programfiles%\logitech\lws\webcam software\launcher_main.exe |
"{7B552D93-3E67-4F09-BC8A-E51FEFFE863B}" = dir=out | app=%programfiles%\microsoft games\mahjong\mahjong.exe |
"{7B9D42DB-4ADB-4759-AC1E-C8345135B7EE}" = dir=out | app=%programfiles%\common files\logishrd\wuapp32.exe |
"{7C9CA0E4-BF2A-49BF-BDD8-5FD180140529}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\pcsynclv.exe |
"{7CAB45A9-B07D-4577-BE47-B27FD48F92A7}" = dir=out | app=%programfiles%\logitech\lws\webcam software\motiondetection.exe |
"{7E33C7F2-D8A7-4A93-BEAA-5A25D50095B1}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\videomanager.exe |
"{7F88B92B-342E-4B73-97F1-02D010A38F95}" = dir=out | app=%programfiles%\rainlendar2\rainlendar2.exe |
"{826BC003-D6A3-4D96-B92C-596A9479D212}" = dir=out | app=%programfiles%\paint.net\setupngen.exe |
"{82A1E441-9567-4857-833C-70B5EFA75301}" = dir=out | app=%programfiles%\microsoft silverlight\4.1.10329.0\silverlight.configuration.exe |
"{840467FE-789E-40E4-94E1-51DB3EECD0BC}" = dir=out | app=%programfiles%\ea sports\fifa 09\fifa09.exe |
"{842C5A14-6376-46DE-926D-3D15ECA48A87}" = dir=out | app=%programfiles%\hp\digital imaging\{b61ed343-0b14-4241-999c-490cb1a20da4}\setup.exe |
"{8583CCCF-939F-4584-979C-B3049987E06C}" = dir=out | app=%programfiles%\common files\dvdvideosoft\fixcomponents.exe |
"{861F0389-B226-422A-B3BA-1DCBD1D1B255}" = dir=out | app=%programfiles%\sun\sun odf plugin for microsoft office 3.2\program\unopkg.exe |
"{88C4E078-8825-40D7-8675-BF9F2E1B8EF9}" = dir=out | app=%programfiles%\sun\sun odf plugin for microsoft office 3.2\program\smath.exe |
"{89CD7F1A-38F8-48CC-8FF2-B71590B56239}" = dir=out | app=%programfiles%\nokia\connectivity cable driver\setupextcmb.exe |
"{8CC2A0F0-F5F8-4B6F-8B35-F20F1BEE0CA9}" = dir=out | app=%programfiles%\ea sports\fifa 09\support\earegister.exe |
"{8CFD21C5-CC02-4ADA-A752-29DA758E7DEB}" = dir=out | app=%programfiles%\microsoft games\hearts\hearts.exe |
"{8EA5AFC0-17C4-49D8-8473-857871392636}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\imagestore.exe |
"{92543C76-1252-4DAC-B7AA-54E47CC31F63}" = dir=out | app=%programfiles%\microsoft games\spidersolitaire\spidersolitaire.exe |
"{9486A45A-C8AF-4ACB-9B5A-5B39CD7555FB}" = dir=out | app=%programfiles%\sun\sun odf plugin for microsoft office 3.2\program\rebasegui.exe |
"{95ED97C4-735D-4969-9ABF-DA4484F56834}" = dir=out | app=%programfiles%\common files\dvdvideosoft\freestudiomanager.exe |
"{978C1F79-CC11-4D1E-90EC-47670A6DE634}" = dir=out | app=%programfiles%\ea sports\fifa 09\support\eadm\eadm-installer.exe |
"{9DB418D7-6A03-4A8B-8E11-48D582733978}" = dir=out | app=%programfiles%\data becker\weihnachts-druckerei\xmas05.exe |
"{9E53457C-8AEB-4D28-B9D3-82FAB2A02546}" = dir=out | app=%programfiles%\logitech\lws\video mask maker\videomaskmaker.exe |
"{9F8EEFF6-A27F-49B3-B6E0-4255D98CEFEA}" = dir=out | app=%programfiles%\microsoft mouse and keyboard center\mskey.exe |
"{A0705658-781B-40B8-A505-39D0D178A47E}" = dir=out | app=%programfiles%\microsoft mouse and keyboard center\setup.exe |
"{A30516E7-B2FD-4737-8FF4-F0F968E2CF61}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A33FC3D3-BDB1-4194-A4CE-767CB0CD28B1}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\getconnected.exe |
"{A50B5113-B9B5-4FAB-85F5-75F80D7045B0}" = dir=out | app=%programfiles%\microsoft mathematics\triangletool.exe |
"{A5F9C162-A7F6-4B52-9DB0-1D67AB074EB2}" = dir=out | app=%programfiles%\audiograbber\lame.exe |
"{A75A25C1-2824-4697-94BE-E42E3ABCC6A8}" = dir=out | app=%programfiles%\western digital\wd smartware\wd drive manager\wddmservice.exe |
"{A7A1526E-131C-4D35-A486-DE71444674DE}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\pcsuite.exe |
"{A8069ED4-B198-4382-BE3F-1DA5D5921C42}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\applicationinstaller.exe |
"{A98ECF79-D641-4C26-9F8B-EEFA520F59CA}" = dir=out | app=%programfiles%\data becker\weihnachts-druckerei\unins000.exe |
"{A9DC367D-DFBD-4686-A51E-2935D027C795}" = dir=out | app=%programfiles%\digital publishing\kte_16_689498\kte.exe |
"{AAADD2EB-785C-4C13-8FA5-6CB1A0CDC692}" = dir=out | app=%programfiles%\sun\sun odf plugin for microsoft office 3.2\program\python.exe |
"{AB5B109B-9EF3-47B3-A44B-922B5CDCCBA6}" = dir=out | app=%programfiles%\hp\temp\{b61ed343-0b14-4241-999c-490cb1a20da4}\setup\hpzscr01.exe |
"{AE337DB1-7B54-4B7B-8AF6-9D6DBDC5553B}" = dir=out | app=%programfiles%\ea sports\fussball manager 09\edmanager09.exe |
"{B18B0D2D-5219-45CA-B64D-73F01E7227CA}" = dir=out | app=%programfiles%\windows media player\setup_wm.exe |
"{B1D5416B-AEDB-4C9A-9D2B-7EB4061AADD7}" = dir=out | app=%programfiles%\winamp\winamp.exe |
"{B2F4443A-BA33-43C5-9697-300C1545A68B}" = dir=out | app=%programfiles%\digital publishing\isrs1_16_689518\isrs1.exe |
"{B35D0E49-F205-4AF1-B54F-7547368DFDFD}" = dir=out | app=%programfiles%\microsoft silverlight\5.1.10411.0\silverlight.configuration.exe |
"{B419DD5D-ECF7-4696-85E7-B8A08AE94945}" = dir=out | app=%programfiles%\windows media player\wmpconfig.exe |
"{B43EE9AE-8E3D-4883-9D0D-339476B2312F}" = dir=out | app=%programfiles%\microsoft games\minesweeper\minesweeper.exe |
"{B621870B-E97F-4B00-AB49-65BA256329A5}" = dir=out | app=%programfiles%\data becker\weihnachts-druckerei\adrlist.exe |
"{B752FEFA-7470-4A6B-876E-4F4E40B05FC3}" = dir=out | app=%programfiles%\arcsoft\totalmedia 3.5\tmmonitor.exe |
"{B9637847-0009-40FD-BFA9-3D14B26780CB}" = dir=out | app=%programfiles%\western digital\wd smartware\wd drive manager\wddmstatus.exe |
"{BA4D3944-83F7-4563-A842-371EC8811308}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\imagestore.exe |
"{BB9C3583-AE3A-447C-9901-88EE6708F236}" = dir=out | app=%programfiles%\motogp\motogp.exe |
"{BBA76351-3959-4EBD-BF08-773D92539526}" = dir=out | app=%programfiles%\sun\sun odf plugin for microsoft office 3.2\program\unoinfo.exe |
"{BDB1136C-D200-4FBA-AA90-908C2289594A}" = dir=out | app=%programfiles%\videolan\vlc\vlc.exe |
"{BE8D3ABA-C74B-402A-BDDF-627268FFB7CB}" = dir=out | app=%programfiles%\ml\englisch\englisch.exe |
"{C12ED538-6440-4315-99C6-DC6D8F02822B}" = dir=out | app=%programfiles%\microsoft games\purble place\purbleplace.exe |
"{C341059B-172B-42CC-BCBB-4608E09251B9}" = dir=out | app=%programfiles%\arcsoft\totalmedia 3.5\totalmedia.exe |
"{C57031BE-06BC-4573-8092-B64F450243E1}" = dir=out | app=%programfiles%\windows media player\wmpnscfg.exe |
"{C585C3F7-4A21-4179-989D-282E6EB0F2AF}" = dir=out | app=%programfiles%\windows live\photo gallery\wlxphotogalleryrepair.exe |
"{C58F63C5-2E98-40A3-88A8-41140C67840E}" = dir=out | app=%programfiles%\ea sports\fussball manager 09\eauninstall.exe |
"{C59C3094-246A-4315-984F-6EE216516178}" = dir=out | app=%programfiles%\windows media player\wmpnscfg.exe |
"{C85DD59E-BDA1-4D50-97FB-9C84DC254B66}" = dir=out | app=%programfiles%\windows live\photo gallery\moviemaker.exe |
"{C9A830FA-D5D4-4309-9533-615784E70F19}" = dir=out | app=%programfiles%\activision\thps2\thawk2.exe |
"{CD511695-B3E9-4EC3-83D2-82D8520D8898}" = dir=out | app=%programfiles%\winamp\winamp.exe |
"{CE905723-5A37-4F9C-B914-1622EAFF2653}" = dir=out | app=%programfiles%\dvd maker\dvdmaker.exe |
"{CEA3EB6D-DA03-47C0-B65C-874A449F6657}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\pcsuite.exe |
"{D4D1FC55-C095-4E31-A9F6-36EDE4BAE514}" = dir=out | app=%programfiles%\microsoft mathematics\mathset.exe |
"{D6DF2EF7-6701-4CCF-BAB5-984A78C1CBD2}" = dir=out | app=%programfiles%\sun\sun odf plugin for microsoft office 3.2\program\rebaseoo.exe |
"{D86185A4-27A2-42C0-949F-AF1584B82F43}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\pcsuite.exe |
"{DF74A2A2-36E3-4212-AB9B-2E969E14FAF7}" = dir=out | app=%programfiles%\hp\temp\{b61ed343-0b14-4241-999c-490cb1a20da4}\setup\hpzstub.exe |
"{E02F8F20-486A-4485-846D-C2BE8C0A3FE8}" = dir=out | app=%programfiles%\nokia\connectivity cable driver\setupextcmb.exe |
"{E0FB6FE3-88C4-4181-B595-CEA7AD9684A8}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{E2871BA3-E8B1-4152-AD65-86193DAD5F70}" = dir=out | app=%programfiles%\audiograbber\audiograbber.exe |
"{E45626BE-6909-43D5-AFE7-3E1198874033}" = dir=out | app=%programfiles%\ea sports\fussball manager 09\manager09.exe |
"{E654EFE8-D247-45BD-9F2A-B2B07C579979}" = dir=out | app=%programfiles%\paint.net\paintdotnet.exe |
"{E7786615-0B9D-4EF2-80A4-5F764E541F3A}" = dir=out | app=c:\program files\windows media player |
"{E7FE04B3-EFC3-4789-99DB-B82FDE5E27C6}" = dir=out | app=%programfiles%\freepdf_xp\freepdf.exe |
"{E9D3D17A-AC28-4047-9038-55E28B5AE28F}" = dir=out | app=%programfiles%\protectdisc driver installer\uninstall_v10.exe |
"{EACEDC3E-A669-49CC-843F-B6A38175DB8F}" = dir=out | app=%programfiles%\data becker\weihnachts-druckerei\dbstart.exe |
"{EB0B22FA-169D-4892-B687-6910C8F6A853}" = dir=out | app=%programfiles%\microsoft games\chess\chess.exe |
"{EC2836AB-0BA8-4D49-BEC9-F44CEB2E7BAC}" = dir=out | app=%programfiles%\microsoft silverlight\sllauncher.exe |
"{F051501F-952C-43BA-8572-E2050A1DC6F4}" = dir=out | app=%programfiles%\sun\sun odf plugin for microsoft office 3.2\program\soffice.exe |
"{F0F1D133-763F-4ACB-944D-AA45DE994F9E}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\communicationcentre.exe |
"{F33C87A1-017E-4AC1-871E-8616BDABC6E2}" = dir=out | app=%programfiles%\winamp\elevator.exe |
"{F348BD7D-88BB-4A8F-9E18-36C751B4290F}" = dir=out | app=%programfiles%\tv ir\tv ir.exe |
"{F81631AF-6C58-4862-8296-191EAE156646}" = dir=out | app=%programfiles%\difx\270581355a767bf1\dpinst.exe |
"{FB7B74AD-70C9-4B61-B553-A2037D609BFD}" = dir=out | app=%programfiles%\data becker\weihnachts-druckerei\jpg2pdf.exe |
"{FC87C50B-7DBB-4E01-AC4F-51069C090792}" = dir=out | app=%programfiles%\microsoft silverlight\5.1.10411.0\coregen.exe |
"{FD2C9A1A-F4B8-45DC-8D21-6493C4C8B208}" = dir=out | app=%programfiles%\microsoft mouse and keyboard center\mousekeyboardcenter.exe |
"{FD4A40BC-739A-4D50-B462-BD10D2A4067E}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\contentcopier.exe |
"{FD73DA9A-3DF9-4E7F-A2CE-A172885B0DEC}" = dir=out | app=%programfiles%\digital publishing\kte_16_689498\!kte.exe |
"{FE7EEA89-DDCC-44E1-890C-1D38DECAE1F2}" = dir=out | app=%programfiles%\paint.net\wiaproxy32.exe |
"{FFFA4A84-1142-47B0-8E30-776E34240446}" = dir=out | app=%programfiles%\hp\hp software update\hpwuschd2.exe |
"TCP Query User{36E2BCBB-4AB4-455D-BC6E-E6626F03B7EB}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe |
"TCP Query User{50311390-6BF5-4351-A028-59AD01948D14}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{CC40E7FE-AE68-4529-A2DE-E35E61885611}C:\program files\trillian\plugins\skypekit.exe" = protocol=6 | dir=in | app=c:\program files\trillian\plugins\skypekit.exe |
"TCP Query User{FF98523B-F2D5-4351-9BFB-54A2043AEF5E}C:\program files\trillian\plugins\skypekit.exe" = protocol=6 | dir=in | app=c:\program files\trillian\plugins\skypekit.exe |
"UDP Query User{0017E05A-4333-4407-8566-4E976F48465A}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe |
"UDP Query User{0655DFA6-6095-48F1-8A4F-9BCC0F5D25C9}C:\program files\trillian\plugins\skypekit.exe" = protocol=17 | dir=in | app=c:\program files\trillian\plugins\skypekit.exe |
"UDP Query User{41D3BBE5-9B5A-4431-BF74-0DF8DE67B6B1}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{480DDFD5-2EB1-43F4-BEA8-49487A321A9B}C:\program files\trillian\plugins\skypekit.exe" = protocol=17 | dir=in | app=c:\program files\trillian\plugins\skypekit.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0CE5D71A-15AE-477A-BD1F-5347562CB0BC}" = MD86351 driver install
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22DD005D-0EF1-4E3E-92F8-49D89E31479A}" = 1400
"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{29E44E9D-ACB2-4D2D-849F-5361C941B7E1}" = ArcSoft TotalMedia 3.5
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3D599ADA-65D9-4B51-898F-CE718DEC5DBB}" = Microsoft Image Composite Editor
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4D090F70-6F08-4B60-9357-A1DFD4458F09}" = Microsoft Mathematics
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A3C2391-BCE2-4D28-A336-73B953B4502F}" = 1400Trb
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{6FBE200D-1F00-40B7-BF48-FEB265AADE94}" = 1400_Help
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7130468A-F53F-4698-8C09-A339EA3B05E6}" = Nokia Software Updater
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B697B70-5A3D-4E9A-959F-E3AD8ADC652D}" = Duden-Rechtschreibprüfung 30-Tage-Testversion
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B8EC0AD1-E8E3-42C3-9BAB-6A14E96FD136}" = Microsoft-Maus- und Tastatur-Center
"{BC3804E5-77CC-47A0-8BD5-797355A26BA3}" = WD SmartWare
"{BD136CE7-6666-4273-A056-8D92F8625AAB}" = Sun ODF Plugin for Microsoft Office 3.2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C1FD1627-2EAF-48CB-A333-42D39BCB096D}" = TV IR
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows-Treiberpaket - Nokia Modem (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7B205927ED4CE1D9763ED45C77FBF03B695208C0" = Windows-Treiberpaket - Ricoh R5U870 (UVC) (02/28/2007 6.1008.207.0)
"7-Zip" = 7-Zip 4.65
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.4)
"Activision_THPS2UninstallKey" = Tony Hawk's Pro Skater 2
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Allway Sync_is1" = Allway Sync version 9.4.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.6
"FreePDF_XP" = FreePDF (Remove only)
"FUSSBALL MANAGER 09" = FUSSBALL MANAGER 09
"GPL Ghostscript 9.00" = GPL Ghostscript 9.00
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"InstallShield_{0CE5D71A-15AE-477A-BD1F-5347562CB0BC}" = MD86351 driver install
"ISRS1_16_689518" = Interaktive Sprachreise - Sprachkurs 1 Español
"KTE_16_689498" = Interaktive Sprachreise - Kommunikationstrainer English
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MatlabR2010b" = MATLAB R2010b
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"MotoGP_is1" = MotoGP
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MultiLingua Vokabeltrainer Englisch" = MultiLingua Vokabeltrainer Englisch
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"PaperCut NG Client_is1" = PaperCut NG Client 10.7
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Trillian" = Trillian
"TVWiz" = Intel(R) TV Wizard
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.2
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1359478748-2525356977-761289883-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.6.0.2
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ OSession Events ]
Error - 17.02.2012 19:35:08 | Computer Name = Robert-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 714
seconds with 60 seconds of active time. This session ended with a crash.
Error - 17.12.2012 12:41:31 | Computer Name = Robert-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 237
seconds with 0 seconds of active time. This session ended with a crash.
Error - 20.12.2012 20:00:44 | Computer Name = Robert-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 57352
seconds with 720 seconds of active time. This session ended with a crash.
Error - 27.12.2012 10:00:30 | Computer Name = Robert-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4519
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 19.03.2013 14:01:34 | Computer Name = Robert-PC | Source = PNRPSvc | ID = 102
Description =
Error - 19.03.2013 14:01:34 | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 19.03.2013 14:01:34 | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 19.03.2013 14:04:10 | Computer Name = Robert-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
< End of report >
Vielen Dank für die weitere Hilfe. RK |
|
20.03.2013, 13:43
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PUP.RewardsArcade in RegistrierungsschluesselZitat:
Warum bitte eine Professional-Edition für Windows, brauchst du das als Heimanwender? Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?
__________________ --> PUP.RewardsArcade in Registrierungsschluessel |
|
20.03.2013, 13:58
| #7 |
| | PUP.RewardsArcade in Registrierungsschluessel Hey,  , das ist kein gewerblich genutzter PC. Oder hast Du bei "Professionell" mehr sicherheitsspezifische Bedenken als bei "Home"?Fast alle Uni's haben eine Kooperation mit Microsoft, das läuft über MSDNAA. Dort darf man als Student die Softwareversionen für seinen Home-PC nutzen. Dort habe ich auch diese Version von Windows 7 erhalten, eine Andere stand gar nicht zur Verfügung. Bin auch, solange ich Student bin, mit der Version zufrieden. Grüße RK |
|
20.03.2013, 14:38
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PUP.RewardsArcade in RegistrierungsschluesselZitat:
 Denn wir haben besondere Regeln und müssen besondere Hinweise posten falls es denn ein gewerblich genutzter Rechner ist, deswegen frag ich lieber einmal zuviel als zuwenig Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.03.2013, 15:02
| #9 | ||
| | PUP.RewardsArcade in Registrierungsschluessel Hey, Zitat:
Da ich gleich den Quickscan mit Malwarebytes machen soll und ich dem Zuge die Anleitung noch einmal gelesen habe: Dort steht beschrieben, dass alle Funde auch aus der Quarantäne gelöscht werden sollen. Demzufolge kann/soll ich die Funde aus meinem ersten Scan löschen. Zitat:
Danke für die überaus schnellen Antworten und Hilfen. RK |
|
20.03.2013, 15:49
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PUP.RewardsArcade in Registrierungsschluessel Was habt ihr alle immer nur mit der Quarantäne?  Überleg doch mal was eine Quarantäne ist. Ob da die schädliche Datei drinbleibt oder nicht, das hat keine Auswirkungen. Schädlinge in der Quarantäne können nichts mehr anrichten, sie sind dort isoliert. Du solltest grundsätzlich mit der Quarantäne arbeiten, denn falls der Virenscanner durch einen Fehlalarm was wichtiges löscht, kannst Du notfalls noch über die Quarantäne an die Datei ran.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.03.2013, 10:15
| #11 |
| | PUP.RewardsArcade in Registrierungsschluessel Na denn, sind "wir" ja alle schlauer.  Die Scans sehen gut aus, oder!? 1) Quickscan mit Malwarebytes Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.20.12 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16521 RK :: ROBERT-PC [Administrator] 20.03.2013 23:02:21 mbam-log-2013-03-20 (23-02-21).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P Deaktivierte Suchlaufeinstellungen: Durchsuchte Objekte: 202339 Laufzeit: 8 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) 2) ESET Code:
ATTFilter ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=746712ee20c6a944b75af0bd50de63fc
# engine=13441
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-21 12:44:04
# local_time=2013-03-21 01:44:04 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 97 21259 229246334 14021 0
# compatibility_mode=5893 16776573 100 94 142532 115457835 0 0
# scanned=266153
# found=0
# cleaned=0
# scan_time=8769
RK |
|
21.03.2013, 10:47
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PUP.RewardsArcade in Registrierungsschluessel Sieht soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.03.2013, 12:12
| #13 | ||
| | PUP.RewardsArcade in RegistrierungsschluesselZitat:
Zitat:
Ich habe das aber bisher aus folgenden Gründen ignoriert:
Hast Du einen Tipp, woran das liegen könnte bzw. welche Abhilfemaßnahmen möglich sind (wenn Ursache Viren/Trojaner). Oder sollte ich dafür einen neuen Thread an geeigneter Stelle aufmachen? Ansonsten habe ich überhaupt keine Probleme mehr mit dem System. Mich würden aber noch Ideen/Möglichkeiten zum weiteren Systemschutz interessieren. Reicht Windows-Firewall, Avira Free Antivirus sowie regelmäßige Softwareupdates? Kannst Du mir bestimmte No-Go's oder Empfehlungen geben, die einen angemessenen Schutz des System für die Zukunft bieten?! Vielen Dank RK |
|
21.03.2013, 16:05
| #14 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | PUP.RewardsArcade in RegistrierungsschluesselZitat:
Einfach ausgedrückt: Stell dir Cookies so vor, dass wenn du einen Laden besuchst, dir der Ladenbesitzer eine Nummer auf deinen Rücken pinselt, sich dann merkt welche Rücknummer was mach. Betrittst du in Zukunft diesen Laden nochmal, sieht der Ladenbesitzer deine Rückennummer und weiß genau welches Werbeprofil er zB für dich auswählen muss. Wenn du immer deine Cookies löscht, entfernst du quasi damit deine Rückennummer. Das ganze hat aber wie gesagt wenig bis garnix mit Schädlingen zu tun. Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.03.2013, 11:14
| #15 |
| | PUP.RewardsArcade in Registrierungsschluessel Hallo cosinus, vielen Dank für die Erklärung bezüglich der Cookies. Ich hatte gedacht, dass ich mir durch Cookies die Viren/Trojaner eingefangen habe, da der Trojaner "PUP.RewardsArcade" meines Erachtens nach so ein "Werbung-Verfolgungs-Trojaner" ist. Aber das scheint ja nicht möglich zu sein. Vielen Dank für den Link bezüglich der PC-Laufzeit, ich werde mir das einmal genauer anschauen. Ansonsten müsste es das ja gewesen sein!? Dann bleiben nur noch drei Dinge:
Trotzdem ganz persönlich schon einmal hier vielen vielen Dank an Dich für die schnelle, prägnante und zielgerichtete Hilfe. Ich denke damit ist der Thread dann beendet?! Viele Grüße RK |
|
| Themen zu PUP.RewardsArcade in Registrierungsschluessel |
| 2 infizierte dateien, 32 bit, 7-zip, adobe reader xi, antivir, audiograbber, autorun, becker, browser, converter, defender, error, fehler, firefox, flash player, format, frage, ftp, helper, iexplore.exe, install.exe, kaspersky, logfile, lws.exe, mozilla, office 2007, officejet, plug-in, programm, registry, rundll, security, senden, software, udp, wörter |
Linear-Darstellung
