| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: mehrere Rechner im Heimnetzwerk, wo beginnen ?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
16.03.2013, 19:32
| #1 |
| |  mehrere Rechner im Heimnetzwerk, wo beginnen ? Hallo, ich bin neu hier und habe bei den Rechnern zuhause ein Problem mit Adware wie ad.emea festgestellt. (momentan lasse ich Malwarebytes und SUPERAntiSpyware durchlaufen, der Rest laut der Anleitung hier kommt noch.) In meinem Heimnetz hinter einer Fritzbox 7270 habe ich per Lan/Wlan 3 Rechner laufen, einen Notebook mit Win7pro 32bit, einen Netbook mit Win7starter, sowie einen alten Notebook mit Win98se (und einen alten Atari F030, für den es aber keine Viren mehr gibt). Auf den ersten beiden läuft die Windows Firewall und Antivir in der jeweils aktuellen Freewareversion, Firefox aktuell mit aktuellen Plugins und Addons. (unter Win98se sind es ältere Versionen von Firefox und Antivir, dafür ist Javascript deaktiviert. Ist es sinnvoll die Rechner einzeln abzuarbeiten und die anderen Geräte so lange aus dem Netz zu entfernen, damit die sich nicht untereinander wieder infizieren ? Mit welchem sollte ich anfangen ? Mfg civil |
|
18.03.2013, 12:17
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | mehrere Rechner im Heimnetzwerk, wo beginnen ? Hallo,
__________________fang bitte mit deinem für dich wichtigsten Rechnern an, poste die Logs von diesem dann hier. Und bitte nur Logs von nur diesem Rechner hier posten, wenn andere Rechnere anaylsiert werden sollen machst du bitte pro Rechner einen separaten Strang auf. Es endet sonst im Chaos wenn in einem Strang Logs von unterschiedlichen Rechnern sind. Was ist an Logs schon da? Malwarebytes wird doch bestimmt schon fertig sein. Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
__________________ |
|
20.03.2013, 10:09
| #3 |
| | mehrere Rechner im Heimnetzwerk, wo beginnen ? Hallo,
__________________Entschuldigung, ich war leider verhindert und melde mich erst jetzt. Ich fange mal mit meinem Hauptrechner an, ein Notebook Lenovo 3000 N200, mit Win7pro 32bit, da hängen 4 ext.USB Festplatten dran. Der Rechner ist über LAN mit einer FB7270v3 über DSL angeschlossen. Der Rechner läuft eigentlich durch bzw. in Standby, Neustart nur wenn notwendig, z.B. bei Updates. Ich habe mich in der Vergangenheit immer als Admin angemeldet. (nur zwei Konten, 1 Admin, 1 Gast, einen normalen User habe ich erst letzte Woche erstellt) Auf dem Rechner läuft der PLOP Bootmanager Version 5.0.12 (deshalb geänderter MBR) Die letzte Jahre hatte ich vielleicht 3-4mal im Jahr einen Bluescreen, wobei die anschliessend automatisch startende Problemlösungsroutine von Win7 dann auch meist irgendeinen kaputten Treiber ersetzt hat und alles lief wieder rund. Mozilla Firefox blieb auch 3-4mal hängen und hat dabei alles blockiert, so dass ich den Rechner ausschalten musste, danach kam dann diese Fehlermeldung "Entschuldigung, das hätte nicht passieren dürfen..." aber alles lief normal danach. Seit den letzten Wochen habe ich mehrere Abstürze (in meiner Abwesenheit), d.h. der Rechner war dann im Bootmanager (der wartet auf eine Eingabe), außerdem öfter das hängenbleiben beim laden von Websiteinhalte auf Seiten von ZEIT, WELT, MOBILE.DE usw. vereinzelt war zu lesen, dass ad.emea.doubleclick... irgendwas zu laden versucht und dann wars aus, alles blockiert, wenn ich dann über den ctrl-alt-del nicht in den Taskmanager kam (ich warte dann auch schon mal 5min) habe ich den Rechner ausgeschaltet und neu gestartet, dann lief es wieder. Ich habe jetzt die beschriebenen Tests gemacht, gestern auch nochmal mit Avira, der hatte letzten Dateien in Quarantäne geschoben. Ich habe eben beim Schreiben gesehen, dass die Logs zu groß sind, deshalb hänge ich sie gezippt an. Mfg civil |
|
20.03.2013, 13:35
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | mehrere Rechner im Heimnetzwerk, wo beginnen ?Zitat:
Hat Malwarebytes wirklich nichts gefunden oder hast du versehentlich nur ein ein MBAM Log ohne Funde gepostet und das oder die mit Funden vergessen? Und bitte die Logs in CODE-Tags posten  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
20.03.2013, 14:11
| #5 | |||
| | mehrere Rechner im Heimnetzwerk, wo beginnen ?Zitat:
Zitat:
Zitat:
Ich habe eben mal über Notepad++ die Zeichenanzahl ermittelt, in 3 Postings dürfte ich es auch als Code getaggt schaffen, bitte kurz sagen ob ich das so machen soll. Mfg Axel |
|
20.03.2013, 14:46
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | mehrere Rechner im Heimnetzwerk, wo beginnen ? Wie gesagt wenn es zu umständlich ist, weil die Logs sehr groß sind, dann einfach alles in eine ZIP-Datei packen und hier anhängen
__________________ --> mehrere Rechner im Heimnetzwerk, wo beginnen ? |
|
20.03.2013, 14:58
| #7 |
| | mehrere Rechner im Heimnetzwerk, wo beginnen ? Hallo, die Logdateien hängen am Posting #3 http://www.trojaner-board.de/132325-...ml#post1031965 Mfg civil |
|
20.03.2013, 14:59
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | mehrere Rechner im Heimnetzwerk, wo beginnen ? Ach ja richtig, ich hatte sie ja auch schon  Bevor wir uns an die weitere Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.03.2013, 15:09
| #9 |
| | mehrere Rechner im Heimnetzwerk, wo beginnen ? Eine grundsätzliche Frage habe ich: Ich kann zwar die Echtzeitüberwachungsfunktion meines Avira abschalten, aber auch als Admin die noch laufenden Hintergrundprozesse nicht. Falls das problematisch ist, muss ich Avira dann während der Scans deinstallieren und später wieder installieren, oder reicht das deaktivieren der Echtzeitüberwachung ? Mfg civil |
|
20.03.2013, 15:50
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | mehrere Rechner im Heimnetzwerk, wo beginnen ?Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.03.2013, 22:12
| #11 |
| | mehrere Rechner im Heimnetzwerk, wo beginnen ? Hallo, hier ist der mbar-log: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.20.09
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16521
**** :: LENOVO [administrator]
20.03.2013 17:24:05
mbar-log-2013-03-20 (17-24-05).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28595
Time elapsed: 13 minute(s), 22 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-20 17:30:38
-----------------------------
17:30:38.346 OS Version: Windows 6.1.7601 Service Pack 1
17:30:38.346 Number of processors: 2 586 0xF0D
17:30:38.346 ComputerName: LENOVO UserName: ****
17:30:39.704 Initialize success
17:31:41.127 AVAST engine defs: 13032000
17:31:53.014 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
17:31:53.030 Disk 0 Vendor: WDC_WD1600BEVS-08RST2 08.01G08 Size: 152627MB BusType: 11
17:31:53.139 Disk 0 MBR read successfully
17:31:53.154 Disk 0 MBR scan
17:31:53.232 Disk 0 unknown MBR code
17:31:53.248 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 5223 MB offset 2048
17:31:53.342 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 147402 MB offset 10698752
17:31:53.373 Disk 0 scanning sectors +312578048
17:31:53.607 Disk 0 scanning C:\Windows\system32\drivers
17:32:24.807 Service scanning
17:33:13.853 Modules scanning
17:33:51.262 Disk 0 trace - called modules:
17:33:51.309 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
17:33:51.824 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85e76a20]
17:33:51.839 3 CLASSPNP.SYS[89e6459e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x85972030]
17:33:52.963 AVAST engine scan C:\Windows
17:33:58.126 AVAST engine scan C:\Windows\system32
17:40:08.268 AVAST engine scan C:\Windows\system32\drivers
17:40:40.201 AVAST engine scan C:\Users\****
17:46:43.230 AVAST engine scan C:\ProgramData
17:48:35.784 Scan finished successfully
19:56:57.898 Disk 0 MBR has been saved successfully to "I:\ANTIVIRUS\MBR.dat"
19:56:57.898 The log file has been saved successfully to "I:\ANTIVIRUS\aswMBR.txt"
Hier der TDSSkillerlog: Code:
ATTFilter 20:10:29.0287 7392 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:10:29.0365 7392 ============================================================
20:10:29.0365 7392 Current date / time: 2013/03/20 20:10:29.0365
20:10:29.0365 7392 SystemInfo:
20:10:29.0365 7392
20:10:29.0365 7392 OS Version: 6.1.7601 ServicePack: 1.0
20:10:29.0365 7392 Product type: Workstation
20:10:29.0365 7392 ComputerName: LENOVO
20:10:29.0365 7392 UserName: ****
20:10:29.0365 7392 Windows directory: C:\Windows
20:10:29.0365 7392 System windows directory: C:\Windows
20:10:29.0365 7392 Processor architecture: Intel x86
20:10:29.0365 7392 Number of processors: 2
20:10:29.0365 7392 Page size: 0x1000
20:10:29.0365 7392 Boot type: Normal boot
20:10:29.0365 7392 ============================================================
20:10:31.0253 7392 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:10:31.0253 7392 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:10:31.0284 7392 Drive \Device\Harddisk2\DR2 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:10:36.0573 7392 Drive \Device\Harddisk3\DR3 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:10:36.0573 7392 Drive \Device\Harddisk4\DR4 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:10:36.0573 7392 Drive \Device\Harddisk5\DR5 - Size: 0xEF000000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:10:36.0573 7392 ============================================================
20:10:36.0573 7392 \Device\Harddisk0\DR0:
20:10:36.0588 7392 MBR partitions:
20:10:36.0588 7392 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xA34000, BlocksNum 0x11FE5000
20:10:36.0588 7392 \Device\Harddisk1\DR1:
20:10:36.0588 7392 MBR partitions:
20:10:36.0588 7392 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
20:10:36.0588 7392 \Device\Harddisk2\DR2:
20:10:36.0604 7392 MBR partitions:
20:10:36.0604 7392 \Device\Harddisk2\DR2\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x1D1C4542
20:10:36.0604 7392 \Device\Harddisk3\DR3:
20:10:36.0604 7392 MBR partitions:
20:10:36.0604 7392 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
20:10:36.0604 7392 \Device\Harddisk4\DR4:
20:10:36.0604 7392 MBR partitions:
20:10:36.0604 7392 \Device\Harddisk4\DR4\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
20:10:36.0604 7392 \Device\Harddisk5\DR5:
20:10:36.0604 7392 MBR partitions:
20:10:36.0604 7392 \Device\Harddisk5\DR5\Partition1: MBR, Type 0xC, StartLBA 0x30, BlocksNum 0x777FD0
20:10:36.0604 7392 ============================================================
20:10:36.0775 7392 C: <-> \Device\Harddisk0\DR0\Partition1
20:10:36.0822 7392 I: <-> \Device\Harddisk3\DR3\Partition1
20:10:37.0009 7392 J: <-> \Device\Harddisk2\DR2\Partition1
20:10:37.0041 7392 H: <-> \Device\Harddisk1\DR1\Partition1
20:10:37.0056 7392 F: <-> \Device\Harddisk4\DR4\Partition1
20:10:37.0056 7392 ============================================================
20:10:37.0056 7392 Initialize success
20:10:37.0056 7392 ============================================================
20:11:44.0482 6164 ============================================================
20:11:44.0482 6164 Scan started
20:11:44.0482 6164 Mode: Manual; SigCheck; TDLFS;
20:11:44.0482 6164 ============================================================
20:11:45.0528 6164 ================ Scan system memory ========================
20:11:45.0528 6164 System memory - ok
20:11:45.0528 6164 ================ Scan services =============================
20:11:45.0871 6164 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
20:11:46.0027 6164 !SASCORE - ok
20:11:46.0245 6164 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:11:46.0308 6164 1394ohci - ok
20:11:46.0355 6164 [ 7DD41B7AC1FBB1DBF20BB1F4E4FBE58C ] 16245901 C:\Windows\system32\DRIVERS\16245901.sys
20:11:46.0433 6164 16245901 - ok
20:11:46.0433 6164 [ A305FAD3719C5DB0C13D1C2BFD08A04D ] 16245902 C:\Windows\system32\DRIVERS\16245902.sys
20:11:46.0464 6164 16245902 - ok
20:11:46.0479 6164 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:11:46.0511 6164 ACPI - ok
20:11:46.0526 6164 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:11:46.0635 6164 AcpiPmi - ok
20:11:46.0698 6164 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:11:46.0729 6164 AdobeARMservice - ok
20:11:46.0807 6164 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:11:46.0869 6164 adp94xx - ok
20:11:46.0901 6164 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:11:46.0932 6164 adpahci - ok
20:11:46.0947 6164 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:11:46.0979 6164 adpu320 - ok
20:11:47.0010 6164 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:11:47.0119 6164 AeLookupSvc - ok
20:11:47.0166 6164 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
20:11:47.0275 6164 AFD - ok
20:11:47.0353 6164 [ 7E10E3BB9B258AD8A9300F91214D67B9 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
20:11:47.0478 6164 AgereSoftModem - ok
20:11:47.0509 6164 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
20:11:47.0540 6164 agp440 - ok
20:11:47.0603 6164 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
20:11:47.0649 6164 aic78xx - ok
20:11:47.0681 6164 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
20:11:47.0727 6164 ALG - ok
20:11:47.0759 6164 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
20:11:47.0790 6164 aliide - ok
20:11:47.0805 6164 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
20:11:47.0837 6164 amdagp - ok
20:11:47.0852 6164 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
20:11:47.0883 6164 amdide - ok
20:11:47.0946 6164 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:11:48.0055 6164 AmdK8 - ok
20:11:48.0055 6164 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:11:48.0117 6164 AmdPPM - ok
20:11:48.0164 6164 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:11:48.0195 6164 amdsata - ok
20:11:48.0211 6164 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:11:48.0242 6164 amdsbs - ok
20:11:48.0273 6164 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:11:48.0289 6164 amdxata - ok
20:11:48.0367 6164 [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
20:11:48.0398 6164 AntiVirSchedulerService - ok
20:11:48.0429 6164 [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
20:11:48.0461 6164 AntiVirService - ok
20:11:48.0539 6164 [ D1AF38FBAC0DC7E6D796B0ED01707EE0 ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll
20:11:48.0648 6164 AppHostSvc - ok
20:11:48.0710 6164 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
20:11:48.0819 6164 AppID - ok
20:11:48.0851 6164 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:11:48.0929 6164 AppIDSvc - ok
20:11:48.0991 6164 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
20:11:49.0085 6164 Appinfo - ok
20:11:49.0131 6164 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
20:11:49.0225 6164 AppMgmt - ok
20:11:49.0287 6164 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
20:11:49.0334 6164 arc - ok
20:11:49.0350 6164 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:11:49.0381 6164 arcsas - ok
20:11:49.0412 6164 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:11:49.0490 6164 AsyncMac - ok
20:11:49.0521 6164 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
20:11:49.0537 6164 atapi - ok
20:11:49.0599 6164 [ BEFE54E9BC648A3C79C917A63B6EE7DA ] ATSwpWDF C:\Windows\system32\Drivers\ATSwpWDF.sys
20:11:49.0646 6164 ATSwpWDF - ok
20:11:49.0709 6164 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:11:49.0833 6164 AudioEndpointBuilder - ok
20:11:49.0849 6164 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
20:11:49.0911 6164 Audiosrv - ok
20:11:49.0958 6164 [ 655053206B2DFF9C6038016DDB355D6C ] AVEO C:\Windows\system32\DRIVERS\AVEOdcnt.sys
20:11:50.0052 6164 AVEO ( UnsignedFile.Multi.Generic ) - warning
20:11:50.0052 6164 AVEO - detected UnsignedFile.Multi.Generic (1)
20:11:50.0145 6164 [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
20:11:50.0177 6164 avgntflt - ok
20:11:50.0223 6164 [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
20:11:50.0255 6164 avipbb - ok
20:11:50.0301 6164 [ FFB78D74E1EA5F811341A6E7AC547A46 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
20:11:50.0333 6164 avkmgr - ok
20:11:50.0364 6164 [ 728C4A6C722535C16D1025F51AA31E22 ] avmaura C:\Windows\system32\DRIVERS\avmaura.sys
20:11:50.0442 6164 avmaura - ok
20:11:50.0489 6164 [ E011CD533A4F67F194B43666AE05EDA9 ] avmike C:\Program Files\FRITZ!Fernzugang\avmike.exe
20:11:50.0535 6164 avmike - ok
20:11:50.0598 6164 [ 236508D337C46E4152E38D4778CF50DF ] AVMUNET C:\Windows\system32\DRIVERS\avmunet.sys
20:11:50.0660 6164 AVMUNET - ok
20:11:50.0723 6164 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:11:50.0847 6164 AxInstSV - ok
20:11:50.0925 6164 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
20:11:51.0050 6164 b06bdrv - ok
20:11:51.0097 6164 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
20:11:51.0206 6164 b57nd60x - ok
20:11:51.0253 6164 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
20:11:51.0378 6164 BDESVC - ok
20:11:51.0393 6164 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
20:11:51.0487 6164 Beep - ok
20:11:51.0549 6164 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
20:11:51.0643 6164 BFE - ok
20:11:51.0705 6164 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
20:11:51.0830 6164 BITS - ok
20:11:51.0846 6164 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:11:51.0908 6164 blbdrive - ok
20:11:51.0939 6164 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:11:52.0033 6164 bowser - ok
20:11:52.0049 6164 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:11:52.0158 6164 BrFiltLo - ok
20:11:52.0189 6164 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:11:52.0267 6164 BrFiltUp - ok
20:11:52.0314 6164 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
20:11:52.0423 6164 Browser - ok
20:11:52.0454 6164 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:11:52.0501 6164 Brserid - ok
20:11:52.0532 6164 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:11:52.0579 6164 BrSerWdm - ok
20:11:52.0595 6164 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:11:52.0641 6164 BrUsbMdm - ok
20:11:52.0673 6164 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:11:52.0719 6164 BrUsbSer - ok
20:11:52.0766 6164 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
20:11:52.0860 6164 BthEnum - ok
20:11:52.0891 6164 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:11:52.0922 6164 BTHMODEM - ok
20:11:52.0953 6164 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
20:11:53.0016 6164 BthPan - ok
20:11:53.0078 6164 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
20:11:53.0187 6164 BTHPORT - ok
20:11:53.0234 6164 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
20:11:53.0328 6164 bthserv - ok
20:11:53.0375 6164 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
20:11:53.0421 6164 BTHUSB - ok
20:11:53.0468 6164 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:11:53.0562 6164 cdfs - ok
20:11:53.0593 6164 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:11:53.0640 6164 cdrom - ok
20:11:53.0702 6164 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
20:11:53.0765 6164 CertPropSvc - ok
20:11:53.0811 6164 [ 32416A00199B83F3CB19A504A226A519 ] certsrv C:\Program Files\FRITZ!Fernzugang\certsrv.exe
20:11:53.0858 6164 certsrv - ok
20:11:53.0889 6164 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:11:53.0921 6164 circlass - ok
20:11:53.0952 6164 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
20:11:53.0983 6164 CLFS - ok
20:11:54.0045 6164 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:11:54.0077 6164 clr_optimization_v2.0.50727_32 - ok
20:11:54.0123 6164 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:11:54.0186 6164 clr_optimization_v4.0.30319_32 - ok
20:11:54.0201 6164 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:11:54.0233 6164 CmBatt - ok
20:11:54.0264 6164 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:11:54.0295 6164 cmdide - ok
20:11:54.0373 6164 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys
20:11:54.0482 6164 CNG - ok
20:11:54.0513 6164 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:11:54.0545 6164 Compbatt - ok
20:11:54.0576 6164 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:11:54.0623 6164 CompositeBus - ok
20:11:54.0638 6164 COMSysApp - ok
20:11:54.0669 6164 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:11:54.0685 6164 crcdisk - ok
20:11:54.0747 6164 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:11:54.0857 6164 CryptSvc - ok
20:11:54.0919 6164 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
20:11:55.0044 6164 CSC - ok
20:11:55.0122 6164 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
20:11:55.0200 6164 CscService - ok
20:11:55.0278 6164 [ 08B45998ADCECFECCD076A37022B56CB ] DCamUSBEMPIA C:\Windows\system32\DRIVERS\emDevice.sys
20:11:55.0403 6164 DCamUSBEMPIA - ok
20:11:55.0418 6164 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
20:11:55.0512 6164 DcomLaunch - ok
20:11:55.0559 6164 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
20:11:55.0621 6164 defragsvc - ok
20:11:55.0683 6164 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:11:55.0777 6164 DfsC - ok
20:11:55.0839 6164 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
20:11:55.0933 6164 Dhcp - ok
20:11:55.0995 6164 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
20:11:56.0105 6164 discache - ok
20:11:56.0136 6164 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:11:56.0167 6164 Disk - ok
20:11:56.0183 6164 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:11:56.0276 6164 Dnscache - ok
20:11:56.0339 6164 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
20:11:56.0432 6164 dot3svc - ok
20:11:56.0479 6164 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
20:11:56.0588 6164 DPS - ok
20:11:56.0604 6164 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:11:56.0666 6164 drmkaud - ok
20:11:56.0713 6164 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:11:56.0760 6164 DXGKrnl - ok
20:11:56.0807 6164 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
20:11:56.0869 6164 EapHost - ok
20:11:57.0025 6164 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
20:11:57.0197 6164 ebdrv - ok
20:11:57.0243 6164 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
20:11:57.0337 6164 EFS - ok
20:11:57.0415 6164 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:11:57.0477 6164 elxstor - ok
20:11:57.0555 6164 [ EC6A73CD8413F68655E5E0B99C415A21 ] EPSON_EB_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
20:11:57.0649 6164 EPSON_EB_RPCV4_01 - ok
20:11:57.0665 6164 [ 8FE6AB59CAB8F2C038FEA9522A5EEBA7 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
20:11:57.0711 6164 EPSON_PM_RPCV4_01 - ok
20:11:57.0758 6164 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:11:57.0789 6164 ErrDev - ok
20:11:57.0852 6164 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
20:11:57.0930 6164 EventSystem - ok
20:11:57.0977 6164 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
20:11:58.0055 6164 exfat - ok
20:11:58.0086 6164 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:11:58.0148 6164 fastfat - ok
20:11:58.0211 6164 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
20:11:58.0289 6164 Fax - ok
20:11:58.0304 6164 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:11:58.0367 6164 fdc - ok
20:11:58.0398 6164 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
20:11:58.0507 6164 fdPHost - ok
20:11:58.0538 6164 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
20:11:58.0601 6164 FDResPub - ok
20:11:58.0632 6164 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:11:58.0663 6164 FileInfo - ok
20:11:58.0679 6164 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:11:58.0741 6164 Filetrace - ok
20:11:58.0835 6164 [ 8E80BBA4D77247A03A145163F849A231 ] FiltUSBEMPIA C:\Windows\system32\DRIVERS\emFilter.sys
20:11:58.0897 6164 FiltUSBEMPIA - ok
20:11:58.0959 6164 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:11:59.0037 6164 flpydisk - ok
20:11:59.0084 6164 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:11:59.0131 6164 FltMgr - ok
20:11:59.0225 6164 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
20:11:59.0365 6164 FontCache - ok
20:11:59.0443 6164 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:11:59.0490 6164 FontCache3.0.0.0 - ok
20:11:59.0521 6164 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:11:59.0552 6164 FsDepends - ok
20:11:59.0646 6164 [ CBE5F69A5E5B918225F420BA748F3742 ] FsUsbExDisk C:\Windows\system32\FsUsbExDisk.SYS
20:11:59.0693 6164 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
20:11:59.0693 6164 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
20:11:59.0802 6164 [ 96633419F4A1E37ACB89B45EBCCFE001 ] FsUsbExService C:\Windows\system32\FsUsbExService.Exe
20:11:59.0880 6164 FsUsbExService - ok
20:11:59.0927 6164 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:11:59.0973 6164 Fs_Rec - ok
20:12:00.0036 6164 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:12:00.0098 6164 fvevol - ok
20:12:00.0114 6164 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:12:00.0145 6164 gagp30kx - ok
20:12:00.0223 6164 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
20:12:00.0317 6164 gpsvc - ok
20:12:00.0348 6164 gupdate - ok
20:12:00.0348 6164 gupdatem - ok
20:12:00.0363 6164 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:12:00.0457 6164 hcw85cir - ok
20:12:00.0488 6164 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:12:00.0519 6164 HdAudAddService - ok
20:12:00.0551 6164 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
20:12:00.0613 6164 HDAudBus - ok
20:12:00.0629 6164 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:12:00.0691 6164 HidBatt - ok
20:12:00.0722 6164 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:12:00.0769 6164 HidBth - ok
20:12:00.0800 6164 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:12:00.0863 6164 HidIr - ok
20:12:00.0894 6164 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
20:12:00.0972 6164 hidserv - ok
20:12:01.0003 6164 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:12:01.0034 6164 HidUsb - ok
20:12:01.0097 6164 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:12:01.0175 6164 hkmsvc - ok
20:12:01.0237 6164 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:12:01.0346 6164 HomeGroupListener - ok
20:12:01.0409 6164 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:12:01.0487 6164 HomeGroupProvider - ok
20:12:01.0518 6164 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:12:01.0549 6164 HpSAMD - ok
20:12:01.0611 6164 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:12:01.0705 6164 HTTP - ok
20:12:01.0752 6164 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:12:01.0783 6164 hwpolicy - ok
20:12:01.0799 6164 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:12:01.0845 6164 i8042prt - ok
20:12:01.0908 6164 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:12:01.0955 6164 iaStorV - ok
20:12:02.0017 6164 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
20:12:02.0048 6164 IDriverT ( UnsignedFile.Multi.Generic ) - warning
20:12:02.0048 6164 IDriverT - detected UnsignedFile.Multi.Generic (1)
20:12:02.0157 6164 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:12:02.0235 6164 idsvc - ok
20:12:02.0423 6164 [ 9467514EA189475A6E7FDC5D7BDE9D3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
20:12:02.0657 6164 igfx - ok
20:12:02.0735 6164 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:12:02.0781 6164 iirsp - ok
20:12:02.0859 6164 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
20:12:02.0984 6164 IKEEXT - ok
20:12:03.0140 6164 [ B68A9BAD1B7C1453EF063C09EBD95C2E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
20:12:03.0327 6164 IntcAzAudAddService - ok
20:12:03.0359 6164 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
20:12:03.0390 6164 intelide - ok
20:12:03.0405 6164 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:12:03.0468 6164 intelppm - ok
20:12:03.0499 6164 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:12:03.0577 6164 IPBusEnum - ok
20:12:03.0608 6164 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:12:03.0671 6164 IpFilterDriver - ok
20:12:03.0733 6164 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:12:03.0811 6164 iphlpsvc - ok
20:12:03.0842 6164 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:12:03.0889 6164 IPMIDRV - ok
20:12:03.0936 6164 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:12:03.0983 6164 IPNAT - ok
20:12:03.0998 6164 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:12:04.0076 6164 IRENUM - ok
20:12:04.0107 6164 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:12:04.0139 6164 isapnp - ok
20:12:04.0170 6164 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:12:04.0232 6164 iScsiPrt - ok
20:12:04.0248 6164 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
20:12:04.0279 6164 kbdclass - ok
20:12:04.0295 6164 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
20:12:04.0326 6164 kbdhid - ok
20:12:04.0341 6164 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
20:12:04.0373 6164 KeyIso - ok
20:12:04.0435 6164 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:12:04.0482 6164 KSecDD - ok
20:12:04.0497 6164 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:12:04.0529 6164 KSecPkg - ok
20:12:04.0560 6164 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
20:12:04.0638 6164 KtmRm - ok
20:12:04.0685 6164 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
20:12:04.0778 6164 LanmanServer - ok
20:12:04.0825 6164 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:12:04.0903 6164 LanmanWorkstation - ok
20:12:04.0950 6164 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:12:05.0043 6164 lltdio - ok
20:12:05.0075 6164 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:12:05.0199 6164 lltdsvc - ok
20:12:05.0231 6164 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
20:12:05.0277 6164 lmhosts - ok
20:12:05.0309 6164 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:12:05.0340 6164 LSI_FC - ok
20:12:05.0371 6164 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:12:05.0418 6164 LSI_SAS - ok
20:12:05.0449 6164 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:12:05.0480 6164 LSI_SAS2 - ok
20:12:05.0496 6164 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:12:05.0527 6164 LSI_SCSI - ok
20:12:05.0543 6164 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
20:12:05.0589 6164 luafv - ok
20:12:05.0621 6164 [ 59A2783ABA6019BED0C843C706E10A6A ] massfilter C:\Windows\system32\drivers\massfilter.sys
20:12:05.0730 6164 massfilter - ok
20:12:05.0745 6164 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
20:12:05.0777 6164 MBAMProtector - ok
20:12:05.0855 6164 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:12:05.0886 6164 MBAMScheduler - ok
20:12:05.0917 6164 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
20:12:05.0964 6164 MBAMService - ok
20:12:06.0026 6164 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:12:06.0073 6164 megasas - ok
20:12:06.0104 6164 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:12:06.0135 6164 MegaSR - ok
20:12:06.0167 6164 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
20:12:06.0229 6164 MMCSS - ok
20:12:06.0260 6164 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
20:12:06.0323 6164 Modem - ok
20:12:06.0354 6164 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:12:06.0416 6164 monitor - ok
20:12:06.0447 6164 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:12:06.0479 6164 mouclass - ok
20:12:06.0494 6164 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:12:06.0572 6164 mouhid - ok
20:12:06.0635 6164 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:12:06.0666 6164 mountmgr - ok
20:12:06.0728 6164 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:12:06.0775 6164 MozillaMaintenance - ok
20:12:06.0791 6164 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
20:12:06.0822 6164 mpio - ok
20:12:06.0853 6164 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:12:06.0915 6164 mpsdrv - ok
20:12:06.0993 6164 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:12:07.0118 6164 MpsSvc - ok
20:12:07.0181 6164 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:12:07.0212 6164 MRxDAV - ok
20:12:07.0243 6164 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:12:07.0321 6164 mrxsmb - ok
20:12:07.0352 6164 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:12:07.0430 6164 mrxsmb10 - ok
20:12:07.0461 6164 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:12:07.0508 6164 mrxsmb20 - ok
20:12:07.0555 6164 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
20:12:07.0586 6164 msahci - ok
20:12:07.0617 6164 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:12:07.0649 6164 msdsm - ok
20:12:07.0664 6164 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
20:12:07.0727 6164 MSDTC - ok
20:12:07.0773 6164 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:12:07.0836 6164 Msfs - ok
20:12:07.0836 6164 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:12:07.0914 6164 mshidkmdf - ok
20:12:07.0961 6164 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:12:07.0992 6164 msisadrv - ok
20:12:08.0039 6164 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:12:08.0101 6164 MSiSCSI - ok
20:12:08.0117 6164 msiserver - ok
20:12:08.0148 6164 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:12:08.0179 6164 MSKSSRV - ok
20:12:08.0210 6164 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:12:08.0273 6164 MSPCLOCK - ok
20:12:08.0304 6164 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:12:08.0382 6164 MSPQM - ok
20:12:08.0413 6164 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:12:08.0444 6164 MsRPC - ok
20:12:08.0460 6164 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:12:08.0491 6164 mssmbios - ok
20:12:08.0507 6164 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:12:08.0553 6164 MSTEE - ok
20:12:08.0569 6164 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:12:08.0600 6164 MTConfig - ok
20:12:08.0616 6164 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
20:12:08.0647 6164 Mup - ok
20:12:08.0709 6164 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
20:12:08.0834 6164 napagent - ok
20:12:08.0928 6164 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:12:08.0975 6164 NativeWifiP - ok
20:12:09.0037 6164 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:12:09.0084 6164 NDIS - ok
20:12:09.0115 6164 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:12:09.0177 6164 NdisCap - ok
20:12:09.0193 6164 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:12:09.0302 6164 NdisTapi - ok
20:12:09.0333 6164 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:12:09.0411 6164 Ndisuio - ok
20:12:09.0458 6164 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:12:09.0552 6164 NdisWan - ok
20:12:09.0599 6164 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:12:09.0645 6164 NDProxy - ok
20:12:09.0677 6164 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:12:09.0755 6164 NetBIOS - ok
20:12:09.0817 6164 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:12:09.0926 6164 NetBT - ok
20:12:09.0957 6164 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
20:12:09.0989 6164 Netlogon - ok
20:12:10.0020 6164 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
20:12:10.0098 6164 Netman - ok
20:12:10.0145 6164 [ F476EC40033CDB91EFBE73EB99B8362D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:12:10.0191 6164 NetMsmqActivator - ok
20:12:10.0207 6164 [ F476EC40033CDB91EFBE73EB99B8362D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:12:10.0223 6164 NetPipeActivator - ok
20:12:10.0254 6164 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
20:12:10.0301 6164 netprofm - ok
20:12:10.0316 6164 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:12:10.0347 6164 NetTcpActivator - ok
20:12:10.0347 6164 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:12:10.0379 6164 NetTcpPortSharing - ok
20:12:10.0550 6164 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
20:12:10.0800 6164 netw5v32 - ok
20:12:10.0862 6164 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:12:10.0909 6164 nfrd960 - ok
20:12:10.0987 6164 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
20:12:11.0065 6164 NlaSvc - ok
20:12:11.0127 6164 [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] NPF C:\Windows\system32\drivers\npf.sys
20:12:11.0143 6164 NPF - ok
20:12:11.0159 6164 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:12:11.0205 6164 Npfs - ok
20:12:11.0252 6164 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
20:12:11.0299 6164 nsi - ok
20:12:11.0315 6164 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:12:11.0361 6164 nsiproxy - ok
20:12:11.0439 6164 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:12:11.0533 6164 Ntfs - ok
20:12:11.0549 6164 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
20:12:11.0658 6164 Null - ok
20:12:11.0689 6164 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:12:11.0720 6164 nvraid - ok
20:12:11.0751 6164 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:12:11.0783 6164 nvstor - ok
20:12:11.0814 6164 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:12:11.0845 6164 nv_agp - ok
20:12:11.0892 6164 [ 4A0ADB15B198A1222EB6B9D31BF818FC ] NWIM C:\Windows\system32\DRIVERS\avmnwim.sys
20:12:11.0923 6164 NWIM - ok
20:12:11.0954 6164 [ 93996AC3A64FB550506E1EA80DD334EB ] nwtsrv C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
20:12:11.0985 6164 nwtsrv - ok
20:12:12.0048 6164 [ B36BAFB2C54953771680EA25B03419F0 ] O&O DriveLED C:\Program Files\OO Software\DriveLED\oodlag.exe
20:12:12.0095 6164 O&O DriveLED - ok
20:12:12.0126 6164 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:12:12.0173 6164 ohci1394 - ok
20:12:12.0204 6164 [ 911B1F6512D954EDF468D536790465CF ] OODrvled C:\Windows\system32\DRIVERS\OODrvled.sys
20:12:12.0235 6164 OODrvled - ok
20:12:12.0266 6164 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:12:12.0344 6164 p2pimsvc - ok
20:12:12.0375 6164 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
20:12:12.0422 6164 p2psvc - ok
20:12:12.0485 6164 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:12:12.0531 6164 Parport - ok
20:12:12.0594 6164 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:12:12.0625 6164 partmgr - ok
20:12:12.0656 6164 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
20:12:12.0687 6164 Parvdm - ok
20:12:12.0703 6164 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:12:12.0734 6164 PcaSvc - ok
20:12:12.0781 6164 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
20:12:12.0812 6164 pci - ok
20:12:12.0828 6164 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
20:12:12.0843 6164 pciide - ok
20:12:12.0875 6164 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:12:12.0906 6164 pcmcia - ok
20:12:13.0077 6164 [ 4F847D8D9A88AFD57E2C1999CC622BF6 ] PCSUITEDFRGSVC C:\Program Files\MARKEMENT\PCSUITE DEFRAG\pcsuitedefragsvc.exe
20:12:13.0249 6164 PCSUITEDFRGSVC - ok
20:12:13.0436 6164 [ 560F30A17A025B92349382A2B8F616E0 ] PCSUITEINSPECTORSVC C:\Program Files\MARKEMENT\PCSUITE INSPECTOR\inspectorsvc.exe
20:12:13.0670 6164 PCSUITEINSPECTORSVC - ok
20:12:13.0701 6164 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
20:12:13.0717 6164 pcw - ok
20:12:13.0748 6164 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:12:13.0826 6164 PEAUTH - ok
20:12:13.0904 6164 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
20:12:14.0029 6164 PeerDistSvc - ok
20:12:14.0138 6164 [ 444F122E68DB44C0589227781F3C8B3F ] pfc C:\Windows\system32\drivers\pfc.sys
20:12:14.0169 6164 pfc ( UnsignedFile.Multi.Generic ) - warning
20:12:14.0169 6164 pfc - detected UnsignedFile.Multi.Generic (1)
20:12:14.0279 6164 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
20:12:14.0435 6164 pla - ok
20:12:14.0481 6164 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:12:14.0591 6164 PlugPlay - ok
20:12:14.0622 6164 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:12:14.0669 6164 PNRPAutoReg - ok
20:12:14.0715 6164 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:12:14.0762 6164 PNRPsvc - ok
20:12:14.0793 6164 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:12:14.0856 6164 PolicyAgent - ok
20:12:14.0918 6164 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
20:12:14.0965 6164 Power - ok
20:12:15.0059 6164 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:12:15.0137 6164 PptpMiniport - ok
20:12:15.0168 6164 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:12:15.0215 6164 Processor - ok
20:12:15.0277 6164 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
20:12:15.0386 6164 ProfSvc - ok
20:12:15.0402 6164 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:12:15.0433 6164 ProtectedStorage - ok
20:12:15.0449 6164 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:12:15.0527 6164 Psched - ok
20:12:15.0620 6164 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:12:15.0729 6164 ql2300 - ok
20:12:15.0761 6164 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:12:15.0792 6164 ql40xx - ok
20:12:15.0823 6164 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
20:12:15.0885 6164 QWAVE - ok
20:12:15.0917 6164 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:12:15.0979 6164 QWAVEdrv - ok
20:12:16.0010 6164 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:12:16.0057 6164 RasAcd - ok
20:12:16.0119 6164 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:12:16.0197 6164 RasAgileVpn - ok
20:12:16.0229 6164 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
20:12:16.0275 6164 RasAuto - ok
20:12:16.0291 6164 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:12:16.0353 6164 Rasl2tp - ok
20:12:16.0463 6164 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
20:12:16.0587 6164 RasMan - ok
20:12:16.0619 6164 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:12:16.0697 6164 RasPppoe - ok
20:12:16.0743 6164 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:12:16.0806 6164 RasSstp - ok
20:12:16.0868 6164 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:12:16.0931 6164 rdbss - ok
20:12:16.0962 6164 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:12:16.0993 6164 rdpbus - ok
20:12:17.0055 6164 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:12:17.0149 6164 RDPCDD - ok
20:12:17.0227 6164 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
20:12:17.0305 6164 RDPDR - ok
20:12:17.0321 6164 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:12:17.0383 6164 RDPENCDD - ok
20:12:17.0430 6164 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:12:17.0477 6164 RDPREFMP - ok
20:12:17.0586 6164 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:12:17.0695 6164 RdpVideoMiniport - ok
20:12:17.0742 6164 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:12:17.0851 6164 RDPWD - ok
20:12:17.0913 6164 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:12:17.0960 6164 rdyboost - ok
20:12:17.0991 6164 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
20:12:18.0069 6164 RemoteAccess - ok
20:12:18.0116 6164 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:12:18.0210 6164 RemoteRegistry - ok
20:12:18.0241 6164 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
20:12:18.0272 6164 RFCOMM - ok
20:12:18.0303 6164 [ 355AAC141B214BEF1DBC1483AFD9BD50 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
20:12:18.0350 6164 rimmptsk - ok
20:12:18.0366 6164 [ A4216C71DD4F60B26418CCFD99CD0815 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
20:12:18.0459 6164 rimsptsk - ok
20:12:18.0491 6164 [ D231B577024AA324AF13A42F3A807D10 ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
20:12:18.0537 6164 rismxdp - ok
20:12:18.0569 6164 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files\WinPcap\rpcapd.exe
20:12:18.0600 6164 rpcapd - ok
20:12:18.0647 6164 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:12:18.0709 6164 RpcEptMapper - ok
20:12:18.0740 6164 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
20:12:18.0787 6164 RpcLocator - ok
20:12:18.0865 6164 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
20:12:18.0927 6164 RpcSs - ok
20:12:18.0990 6164 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:12:19.0068 6164 rspndr - ok
20:12:19.0099 6164 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
20:12:19.0161 6164 s3cap - ok
20:12:19.0177 6164 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
20:12:19.0208 6164 SamSs - ok
20:12:19.0286 6164 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:12:19.0349 6164 SASDIFSV - ok
20:12:19.0380 6164 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
20:12:19.0411 6164 SASKUTIL - ok
20:12:19.0442 6164 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:12:19.0473 6164 sbp2port - ok
20:12:19.0505 6164 [ 08E99184E95A0F03902E46D810A9A10C ] ScanUSBEMPIA C:\Windows\system32\DRIVERS\emScan.sys
20:12:19.0551 6164 ScanUSBEMPIA - ok
20:12:19.0614 6164 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:12:19.0707 6164 SCardSvr - ok
20:12:19.0754 6164 [ E9BBD87AFD80DC1212ECD762858B45C7 ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
20:12:19.0770 6164 SCDEmu ( UnsignedFile.Multi.Generic ) - warning
20:12:19.0770 6164 SCDEmu - detected UnsignedFile.Multi.Generic (1)
20:12:19.0785 6164 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:12:19.0848 6164 scfilter - ok
20:12:19.0926 6164 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
20:12:20.0051 6164 Schedule - ok
20:12:20.0097 6164 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:12:20.0129 6164 SCPolicySvc - ok
20:12:20.0175 6164 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\Windows\system32\drivers\sdbus.sys
20:12:20.0253 6164 sdbus - ok
20:12:20.0300 6164 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:12:20.0409 6164 SDRSVC - ok
20:12:20.0472 6164 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:12:20.0581 6164 secdrv - ok
20:12:20.0643 6164 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
20:12:20.0753 6164 seclogon - ok
20:12:20.0784 6164 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
20:12:20.0862 6164 SENS - ok
20:12:20.0909 6164 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:12:20.0955 6164 SensrSvc - ok
20:12:20.0987 6164 [ CB3E852B818946F396E35A976EE6B552 ] Ser2pl C:\Windows\system32\DRIVERS\ser2pl.sys
20:12:21.0033 6164 Ser2pl - ok
20:12:21.0049 6164 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:12:21.0096 6164 Serenum - ok
20:12:21.0127 6164 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:12:21.0174 6164 Serial - ok
20:12:21.0205 6164 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:12:21.0252 6164 sermouse - ok
20:12:21.0330 6164 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
20:12:21.0439 6164 SessionEnv - ok
20:12:21.0486 6164 [ 64D93EC1218765498C40619427A85A91 ] setup_9.0.0.722_25.12.2010_06-04drv C:\Windows\system32\DRIVERS\1624590.sys
20:12:21.0517 6164 setup_9.0.0.722_25.12.2010_06-04drv - ok
20:12:21.0564 6164 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:12:21.0642 6164 sffdisk - ok
20:12:21.0657 6164 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:12:21.0735 6164 sffp_mmc - ok
20:12:21.0767 6164 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:12:21.0845 6164 sffp_sd - ok
20:12:21.0891 6164 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:12:21.0985 6164 sfloppy - ok
20:12:22.0047 6164 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:12:22.0125 6164 SharedAccess - ok
20:12:22.0188 6164 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:12:22.0235 6164 ShellHWDetection - ok
20:12:22.0266 6164 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
20:12:22.0281 6164 sisagp - ok
20:12:22.0313 6164 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:12:22.0344 6164 SiSRaid2 - ok
20:12:22.0359 6164 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:12:22.0391 6164 SiSRaid4 - ok
20:12:22.0406 6164 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:12:22.0453 6164 Smb - ok
20:12:22.0531 6164 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:12:22.0609 6164 SNMPTRAP - ok
20:12:22.0968 6164 [ A12BE6B3F784BD66110EFC649F31038B ] SNP325 C:\Windows\system32\DRIVERS\snp325.sys
20:12:23.0483 6164 SNP325 - ok
20:12:23.0498 6164 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
20:12:23.0529 6164 spldr - ok
20:12:23.0592 6164 [ 866A43013535DC8587C258E43579C764 ] Spooler C:\Windows\System32\spoolsv.exe
20:12:23.0701 6164 Spooler - ok
20:12:23.0857 6164 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
20:12:24.0060 6164 sppsvc - ok
20:12:24.0138 6164 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:12:24.0231 6164 sppuinotify - ok
20:12:24.0278 6164 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:12:24.0341 6164 srv - ok
20:12:24.0372 6164 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:12:24.0419 6164 srv2 - ok
20:12:24.0465 6164 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:12:24.0528 6164 srvnet - ok
20:12:24.0606 6164 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:12:24.0668 6164 SSDPSRV - ok
20:12:24.0715 6164 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
20:12:24.0746 6164 ssmdrv - ok
20:12:24.0762 6164 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:12:24.0809 6164 SstpSvc - ok
20:12:24.0887 6164 [ 54946449A0EB74915A4BB34F7EE51A5A ] ss_bus C:\Windows\system32\DRIVERS\ss_bus.sys
20:12:24.0918 6164 ss_bus - ok
20:12:24.0949 6164 [ 4450BC0B2E9D7D9B90E3C3DE4EA00A78 ] ss_mdfl C:\Windows\system32\DRIVERS\ss_mdfl.sys
20:12:24.0965 6164 ss_mdfl - ok
20:12:24.0980 6164 [ 30B8D0DD01EAD1243F329CAF7D7D1517 ] ss_mdm C:\Windows\system32\DRIVERS\ss_mdm.sys
20:12:25.0011 6164 ss_mdm - ok
20:12:25.0058 6164 [ 306521935042FC0A6988D528643619B3 ] StarOpen C:\Windows\system32\drivers\StarOpen.sys
20:12:25.0105 6164 StarOpen ( UnsignedFile.Multi.Generic ) - warning
20:12:25.0105 6164 StarOpen - detected UnsignedFile.Multi.Generic (1)
20:12:25.0152 6164 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:12:25.0183 6164 stexstor - ok
20:12:25.0261 6164 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
20:12:25.0370 6164 StiSvc - ok
20:12:25.0417 6164 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
20:12:25.0433 6164 storflt - ok
20:12:25.0511 6164 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
20:12:25.0589 6164 StorSvc - ok
20:12:25.0604 6164 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
20:12:25.0635 6164 storvsc - ok
20:12:25.0667 6164 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
20:12:25.0682 6164 swenum - ok
20:12:25.0745 6164 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
20:12:25.0823 6164 swprv - ok
20:12:25.0963 6164 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
20:12:26.0041 6164 SysMain - ok
20:12:26.0103 6164 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:12:26.0181 6164 TabletInputService - ok
20:12:26.0228 6164 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
20:12:26.0306 6164 TapiSrv - ok
20:12:26.0369 6164 [ D7F411C5AF992BB44E86083A6AA7B045 ] tbhsd C:\Windows\system32\drivers\tbhsd.sys
20:12:26.0400 6164 tbhsd - ok
20:12:26.0462 6164 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
20:12:26.0525 6164 TBS - ok
20:12:26.0634 6164 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:12:26.0727 6164 Tcpip - ok
20:12:26.0774 6164 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:12:26.0837 6164 TCPIP6 - ok
20:12:26.0899 6164 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:12:26.0977 6164 tcpipreg - ok
20:12:27.0024 6164 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:12:27.0117 6164 TDPIPE - ok
20:12:27.0180 6164 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:12:27.0258 6164 TDTCP - ok
20:12:27.0320 6164 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:12:27.0414 6164 tdx - ok
20:12:27.0445 6164 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
20:12:27.0476 6164 TermDD - ok
20:12:27.0554 6164 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
20:12:27.0679 6164 TermService - ok
20:12:27.0726 6164 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
20:12:27.0757 6164 Themes - ok
20:12:27.0773 6164 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
20:12:27.0819 6164 THREADORDER - ok
20:12:27.0897 6164 [ EFEF22B9577E5051057FDE1AE381B50C ] TomTomHOMEService C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
20:12:27.0929 6164 TomTomHOMEService - ok
20:12:27.0960 6164 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
20:12:28.0022 6164 TrkWks - ok
20:12:28.0131 6164 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:12:28.0209 6164 TrustedInstaller - ok
20:12:28.0287 6164 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:12:28.0350 6164 tssecsrv - ok
20:12:28.0397 6164 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:12:28.0459 6164 TsUsbFlt - ok
20:12:28.0521 6164 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:12:28.0584 6164 tunnel - ok
20:12:28.0646 6164 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:12:28.0677 6164 uagp35 - ok
20:12:28.0709 6164 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:12:28.0802 6164 udfs - ok
20:12:28.0927 6164 [ 13BFF97E926BF8D9C1230CECC371A0C0 ] UI Assistant Service C:\Program Files\1&1 Surf-Stick\AssistantServices.exe
20:12:28.0974 6164 UI Assistant Service - ok
20:12:29.0036 6164 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:12:29.0099 6164 UI0Detect - ok
20:12:29.0130 6164 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:12:29.0177 6164 uliagpkx - ok
20:12:29.0208 6164 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
20:12:29.0239 6164 umbus - ok
20:12:29.0301 6164 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:12:29.0348 6164 UmPass - ok
20:12:29.0426 6164 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
20:12:29.0489 6164 UmRdpService - ok
20:12:29.0567 6164 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
20:12:29.0645 6164 upnphost - ok
20:12:29.0691 6164 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:12:29.0769 6164 usbccgp - ok
20:12:29.0801 6164 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:12:29.0847 6164 usbcir - ok
20:12:29.0894 6164 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:12:29.0941 6164 usbehci - ok
20:12:29.0972 6164 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:12:30.0019 6164 usbhub - ok
20:12:30.0066 6164 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
20:12:30.0128 6164 usbohci - ok
20:12:30.0206 6164 [ 41B758CFF0A3C10A69E088F440677399 ] USBPNPA C:\Windows\system32\drivers\CM108.sys
20:12:30.0315 6164 USBPNPA - ok
20:12:30.0331 6164 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:12:30.0362 6164 usbprint - ok
20:12:30.0393 6164 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:12:30.0425 6164 usbscan - ok
20:12:30.0471 6164 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:12:30.0518 6164 USBSTOR - ok
20:12:30.0549 6164 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:12:30.0581 6164 usbuhci - ok
20:12:30.0643 6164 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
20:12:30.0690 6164 UxSms - ok
20:12:30.0721 6164 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
20:12:30.0752 6164 VaultSvc - ok
20:12:30.0799 6164 [ F6D4E8BE72D03A6B1A72C12790C51C48 ] VBoxDrv C:\Windows\system32\DRIVERS\VBoxDrv.sys
20:12:30.0830 6164 VBoxDrv - ok
20:12:30.0893 6164 [ 42934F05BA89F589A34A11E0661C233B ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
20:12:30.0939 6164 VBoxNetAdp - ok
20:12:30.0971 6164 [ CBB6F6D2F9A90853F830876967E514C6 ] VBoxNetFlt C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
20:12:31.0002 6164 VBoxNetFlt - ok
20:12:31.0049 6164 [ 0115E38F398DD71830B522BA28C1B2C5 ] VBoxUSBMon C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
20:12:31.0080 6164 VBoxUSBMon - ok
20:12:31.0095 6164 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:12:31.0111 6164 vdrvroot - ok
20:12:31.0189 6164 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
20:12:31.0267 6164 vds - ok
20:12:31.0314 6164 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:12:31.0345 6164 vga - ok
20:12:31.0407 6164 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
20:12:31.0501 6164 VgaSave - ok
20:12:31.0548 6164 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:12:31.0595 6164 vhdmp - ok
20:12:31.0610 6164 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
20:12:31.0641 6164 viaagp - ok
20:12:31.0657 6164 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
20:12:31.0688 6164 ViaC7 - ok
20:12:31.0719 6164 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
20:12:31.0751 6164 viaide - ok
20:12:31.0766 6164 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
20:12:31.0797 6164 vmbus - ok
20:12:31.0829 6164 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
20:12:31.0875 6164 VMBusHID - ok
20:12:31.0907 6164 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:12:31.0938 6164 volmgr - ok
20:12:31.0969 6164 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:12:32.0000 6164 volmgrx - ok
20:12:32.0031 6164 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:12:32.0063 6164 volsnap - ok
20:12:32.0094 6164 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:12:32.0125 6164 vsmraid - ok
20:12:32.0219 6164 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
20:12:32.0343 6164 VSS - ok
20:12:32.0390 6164 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
20:12:32.0437 6164 vwifibus - ok
20:12:32.0515 6164 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
20:12:32.0640 6164 W32Time - ok
20:12:32.0749 6164 [ 57C8C20BFA5BEF6BD851EBAC67A8CED0 ] W3SVC C:\Windows\system32\inetsrv\iisw3adm.dll
20:12:32.0811 6164 W3SVC - ok
20:12:32.0827 6164 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:12:32.0905 6164 WacomPen - ok
20:12:32.0983 6164 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:12:33.0045 6164 WANARP - ok
20:12:33.0061 6164 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:12:33.0108 6164 Wanarpv6 - ok
20:12:33.0123 6164 [ 57C8C20BFA5BEF6BD851EBAC67A8CED0 ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll
20:12:33.0155 6164 WAS - ok
20:12:33.0248 6164 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
20:12:33.0373 6164 WatAdminSvc - ok
20:12:33.0435 6164 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
20:12:33.0591 6164 wbengine - ok
20:12:33.0654 6164 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:12:33.0701 6164 WbioSrvc - ok
20:12:33.0763 6164 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:12:33.0825 6164 wcncsvc - ok
20:12:33.0872 6164 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:12:33.0981 6164 WcsPlugInService - ok
20:12:34.0044 6164 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:12:34.0075 6164 Wd - ok
20:12:34.0169 6164 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:12:34.0200 6164 Wdf01000 - ok
20:12:34.0231 6164 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:12:34.0262 6164 WdiServiceHost - ok
20:12:34.0278 6164 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:12:34.0309 6164 WdiSystemHost - ok
20:12:34.0356 6164 [ 2F4B3C0E58D4A7BD8E38D1CD9CA47691 ] Wdm1 C:\Windows\system32\Drivers\usbbc.sys
20:12:34.0387 6164 Wdm1 - ok
20:12:34.0449 6164 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
20:12:34.0559 6164 WebClient - ok
20:12:34.0590 6164 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:12:34.0668 6164 Wecsvc - ok
20:12:34.0699 6164 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:12:34.0761 6164 wercplsupport - ok
20:12:34.0793 6164 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
20:12:34.0871 6164 WerSvc - ok
20:12:34.0917 6164 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:12:34.0980 6164 WfpLwf - ok
20:12:35.0011 6164 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:12:35.0027 6164 WIMMount - ok
20:12:35.0105 6164 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
20:12:35.0214 6164 WinDefend - ok
20:12:35.0245 6164 WinHttpAutoProxySvc - ok
20:12:35.0339 6164 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:12:35.0432 6164 Winmgmt - ok
20:12:35.0541 6164 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
20:12:35.0666 6164 WinRM - ok
20:12:35.0744 6164 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
20:12:35.0838 6164 WinUsb - ok
20:12:35.0931 6164 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:12:36.0041 6164 Wlansvc - ok
20:12:36.0072 6164 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:12:36.0119 6164 WmiAcpi - ok
20:12:36.0197 6164 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:12:36.0243 6164 wmiApSrv - ok
20:12:36.0384 6164 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
20:12:36.0524 6164 WMPNetworkSvc - ok
20:12:36.0602 6164 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:12:36.0711 6164 WPCSvc - ok
20:12:36.0789 6164 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:12:36.0899 6164 WPDBusEnum - ok
20:12:36.0961 6164 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:12:37.0055 6164 ws2ifsl - ok
20:12:37.0086 6164 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
20:12:37.0164 6164 wscsvc - ok
20:12:37.0179 6164 WSearch - ok
20:12:37.0320 6164 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
20:12:37.0445 6164 wuauserv - ok
20:12:37.0507 6164 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:12:37.0554 6164 WudfPf - ok
20:12:37.0585 6164 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:12:37.0616 6164 WUDFRd - ok
20:12:37.0679 6164 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:12:37.0757 6164 wudfsvc - ok
20:12:37.0803 6164 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
20:12:37.0866 6164 WwanSvc - ok
20:12:37.0928 6164 [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
20:12:37.0975 6164 ZTEusbmdm6k - ok
20:12:38.0006 6164 [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
20:12:38.0037 6164 ZTEusbnmea - ok
20:12:38.0069 6164 [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
20:12:38.0100 6164 ZTEusbser6k - ok
20:12:38.0162 6164 ================ Scan global ===============================
20:12:38.0225 6164 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
20:12:38.0303 6164 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
20:12:38.0318 6164 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
20:12:38.0381 6164 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
20:12:38.0459 6164 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
20:12:38.0474 6164 [Global] - ok
20:12:38.0474 6164 ================ Scan MBR ==================================
20:12:38.0490 6164 [ AE0C84909C4BC6A6955377135EEF39FB ] \Device\Harddisk0\DR0
20:12:39.0800 6164 \Device\Harddisk0\DR0 - ok
20:12:39.0800 6164 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
20:12:39.0987 6164 \Device\Harddisk1\DR1 - ok
20:12:40.0003 6164 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
20:13:00.0236 6164 \Device\Harddisk2\DR2 - ok
20:13:00.0236 6164 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk3\DR3
20:13:00.0408 6164 \Device\Harddisk3\DR3 - ok
20:13:00.0408 6164 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk4\DR4
20:13:00.0595 6164 \Device\Harddisk4\DR4 - ok
20:13:00.0611 6164 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk5\DR5
20:13:03.0965 6164 \Device\Harddisk5\DR5 - ok
20:13:03.0965 6164 ================ Scan VBR ==================================
20:13:03.0965 6164 [ 04C911C47AAC43EEEB004AD856BAACB8 ] \Device\Harddisk0\DR0\Partition1
20:13:03.0980 6164 \Device\Harddisk0\DR0\Partition1 - ok
20:13:03.0980 6164 [ 3EA4D09CCC2E0C3C85DD4B830D97BE0B ] \Device\Harddisk1\DR1\Partition1
20:13:03.0980 6164 \Device\Harddisk1\DR1\Partition1 - ok
20:13:03.0996 6164 [ F93435C464425D1F2406D63234E2E525 ] \Device\Harddisk2\DR2\Partition1
20:13:03.0996 6164 \Device\Harddisk2\DR2\Partition1 - ok
20:13:03.0996 6164 [ 30BC86B26ABDB80231507D573D6726E3 ] \Device\Harddisk3\DR3\Partition1
20:13:03.0996 6164 \Device\Harddisk3\DR3\Partition1 - ok
20:13:04.0011 6164 [ 2B6F5330B6190A921DB23BDB3FD971AE ] \Device\Harddisk4\DR4\Partition1
20:13:04.0011 6164 \Device\Harddisk4\DR4\Partition1 - ok
20:13:04.0011 6164 [ 5BA4D198D14B0C41CF2CD499C112EE21 ] \Device\Harddisk5\DR5\Partition1
20:13:04.0011 6164 \Device\Harddisk5\DR5\Partition1 - ok
20:13:04.0027 6164 ============================================================
20:13:04.0027 6164 Scan finished
20:13:04.0027 6164 ============================================================
20:13:04.0043 5532 Detected object count: 6
20:13:04.0043 5532 Actual detected object count: 6
21:56:42.0884 5532 AVEO ( UnsignedFile.Multi.Generic ) - skipped by user
21:56:42.0884 5532 AVEO ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:56:42.0884 5532 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
21:56:42.0884 5532 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:56:42.0900 5532 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
21:56:42.0900 5532 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:56:42.0900 5532 pfc ( UnsignedFile.Multi.Generic ) - skipped by user
21:56:42.0900 5532 pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:56:42.0900 5532 SCDEmu ( UnsignedFile.Multi.Generic ) - skipped by user
21:56:42.0900 5532 SCDEmu ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:56:42.0900 5532 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
21:56:42.0900 5532 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:59:40.0364 5496 Deinitialize success
civil |
|
20.03.2013, 23:15
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | mehrere Rechner im Heimnetzwerk, wo beginnen ? Unauffällig JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.03.2013, 22:06
| #13 |
| | mehrere Rechner im Heimnetzwerk, wo beginnen ? Hallo, hier einmal JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.2 (03.15.2013:1)
OS: Windows 7 Professional x86
Ran by **** on 21.03.2013 at 19:45:23,35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_local_machine\software\babylon
Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escort.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasmancs
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\Users\****\AppData\Roaming\pdfforge"
Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"
~~~ FireFox
Successfully deleted: [File] C:\user.js
Successfully deleted: [File] C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\lkhmbixr.default\user.js
Successfully deleted: [File] C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\lkhmbixr.default\searchplugins\askcom.xml
Successfully deleted the following from C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\lkhmbixr.default\prefs.js
user_pref("browser.search.defaultengine", "Ask.com");
user_pref("browser.search.defaultenginename", "Ask.com");
user_pref("browser.search.order.1", "Ask.com");
user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.babTrack", "affID=101641");
user_pref("extensions.BabylonToolbar_i.hardId", "163143cf000000000000001eec0a03f9");
user_pref("extensions.BabylonToolbar_i.id", "163143cf000000000000001eec0a03f9");
user_pref("extensions.BabylonToolbar_i.instlDay", "15374");
user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.178:24:50");
user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
user_pref("extensions.toolbar@ask.com.install-event-fired", true);
Emptied folder: C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\lkhmbixr.default\minidumps [112 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.03.2013 at 19:50:15,99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
AdwCleaner Logfile: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.115 - Datei am 21/03/2013 um 21:32:56 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : **** - LENOVO
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\****\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
Ordner Gelöscht : C:\Users\****\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\****\AppData\Roaming\OCS
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16521
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.startfenster.com --> hxxp://www.google.com
-\\ Mozilla Firefox v19.0.2 (de)
Datei : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\lkhmbixr.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\k2m9fqc1.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Opera v [Version kann nicht ermittelt werden]
Datei : C:\Users\****\AppData\Roaming\Opera\Opera\operaprefs.ini
Gelöscht : Home URL=hxxp://www.startfenster.com
*************************
AdwCleaner[R1].txt - [2031 octets] - [21/03/2013 19:56:08]
AdwCleaner[R2].txt - [2091 octets] - [21/03/2013 19:58:33]
AdwCleaner[S1].txt - [2060 octets] - [21/03/2013 21:32:56]
########## EOF - C:\AdwCleaner[S1].txt - [2120 octets] ##########
--- --- --- [/CODE] die neue OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 21.03.2013 21:42:50 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\****\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16521) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 58,95% Memory free 3,98 Gb Paging File | 2,99 Gb Available in Paging File | 75,12% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 143,95 Gb Total Space | 46,12 Gb Free Space | 32,04% Space Free | Partition Type: NTFS Drive F: | 1863,01 Gb Total Space | 1061,72 Gb Free Space | 56,99% Space Free | Partition Type: NTFS Drive H: | 931,51 Gb Total Space | 334,72 Gb Free Space | 35,93% Space Free | Partition Type: NTFS Drive I: | 931,51 Gb Total Space | 291,25 Gb Free Space | 31,27% Space Free | Partition Type: NTFS Drive J: | 232,83 Gb Total Space | 28,84 Gb Free Space | 12,39% Space Free | Partition Type: FAT32 Computer Name: LENOVO | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\****\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\dradio-Recorder\phonostarTimer.exe () PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\MARKEMENT\PCSUITE INSPECTOR\inspectorsvc.exe (Markement) PRC - C:\Program Files\MARKEMENT\PCSUITE DEFRAG\pcsuitedefragsvc.exe (MARKEMENT) PRC - C:\Program Files\1&1 Surf-Stick\AssistantServices.exe () PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten) PRC - C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe (AVM Berlin) PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.) PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION) PRC - C:\Windows\vsnp325.exe () PRC - C:\Windows\tsnp325.exe () PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION) ========== Modules (No Company Name) ========== MOD - C:\Program Files\dradio-Recorder\phonostarTimer.exe () MOD - C:\Program Files\Notepad++\NppShell_05.dll () MOD - C:\Program Files\FILEminimizer Pictures\FILEMShell.dll () MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll () MOD - C:\Windows\vsnp325.exe () MOD - C:\Windows\tsnp325.exe () ========== Services (SafeList) ========== SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (PCSUITEINSPECTORSVC) -- C:\Program Files\MARKEMENT\PCSUITE INSPECTOR\inspectorsvc.exe (Markement) SRV - (PCSUITEDFRGSVC) -- C:\Program Files\MARKEMENT\PCSUITE DEFRAG\pcsuitedefragsvc.exe (MARKEMENT) SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation) SRV - (UI Assistant Service) -- C:\Program Files\1&1 Surf-Stick\AssistantServices.exe () SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (rpcapd) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.) SRV - (nwtsrv) -- C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe (AVM Berlin) SRV - (certsrv) -- C:\Program Files\FRITZ!Fernzugang\certsrv.exe (AVM Berlin) SRV - (avmike) -- C:\Program Files\FRITZ!Fernzugang\avmike.exe (AVM Berlin) SRV - (O&O DriveLED) -- C:\Program Files\OO Software\DriveLED\oodlag.exe (O&O Software GmbH) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (EPSON_EB_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION) SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION) ========== Driver Services (SafeList) ========== DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (VBoxDrv) -- C:\Windows\System32\drivers\VBoxDrv.sys (Oracle Corporation) DRV - (VBoxNetFlt) -- C:\Windows\System32\drivers\VBoxNetFlt.sys (Oracle Corporation) DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\VBoxNetAdp.sys (Oracle Corporation) DRV - (VBoxUSBMon) -- C:\Windows\System32\drivers\VBoxUSBMon.sys (Oracle Corporation) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (AVEO) -- C:\Windows\System32\drivers\AVEOdcnt.sys (AVEO Corp) DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (ss_mdm) -- C:\Windows\System32\drivers\ss_mdm.sys (MCCI Corporation) DRV - (ss_bus) -- C:\Windows\System32\drivers\ss_bus.sys (MCCI Corporation) DRV - (ss_mdfl) -- C:\Windows\System32\drivers\ss_mdfl.sys (MCCI Corporation) DRV - (NWIM) -- C:\Windows\System32\drivers\avmnwim.sys (AVM Berlin) DRV - (avmaura) -- C:\Windows\System32\drivers\avmaura.sys (AVM Berlin) DRV - (ATSwpWDF) -- C:\Windows\System32\drivers\ATSwpWDF.sys (AuthenTec, Inc.) DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated) DRV - (16245902) -- C:\Windows\System32\drivers\16245902.sys (Kaspersky Lab) DRV - (setup_9.0.0.722_25.12.2010_06-04drv) -- C:\Windows\System32\drivers\1624590.sys (Kaspersky Lab) DRV - (OODrvled) -- C:\Windows\System32\drivers\OODrvled.sys (O&O Software GmbH) DRV - (16245901) -- C:\Windows\System32\drivers\16245901.sys (Kaspersky Lab) DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp) DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.) DRV - (USBPNPA) -- C:\Windows\System32\drivers\CM108.sys (C-Media Inc) DRV - (SNP325) -- C:\Windows\System32\drivers\snp325.sys (Sonix Co. Ltd.) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (Ser2pl) -- C:\Windows\System32\drivers\ser2pl.sys (Prolific Technology Inc.) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (DCamUSBEMPIA) -- C:\Windows\System32\drivers\emDevice.sys (eMPIA Technology, Inc.) DRV - (FiltUSBEMPIA) -- C:\Windows\System32\drivers\emFilter.sys (eMPIA Technology, Inc.) DRV - (ScanUSBEMPIA) -- C:\Windows\System32\drivers\emScan.sys (eMPIA Technology, Inc.) DRV - (AVMUNET) -- C:\Windows\System32\drivers\avmunet.sys (AVM GmbH) DRV - (pfc) -- C:\Windows\System32\drivers\pfc.sys (Padus, Inc.) DRV - (Wdm1) -- C:\Windows\System32\drivers\usbbc.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3968005663-3115476455-970186232-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-3968005663-3115476455-970186232-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3968005663-3115476455-970186232-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3968005663-3115476455-970186232-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6C AF D5 88 62 89 CB 01 [binary data] IE - HKU\S-1-5-21-3968005663-3115476455-970186232-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3968005663-3115476455-970186232-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-3968005663-3115476455-970186232-1001\..\SearchScopes\{374A2C4B-AA8C-4E50-889F-CBC74C34B436}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ANT&o=102823&src=crm&q={searchTerms}&locale=&apn_ptnrs=4P&apn_dtid=YYYYYYYYDE&apn_uid=f01f38ed-0820-44d8-b72d-fe21fffd47a4&apn_sauid=B1F6848F-A995-4D07-81E6-008C41D7A092 IE - HKU\S-1-5-21-3968005663-3115476455-970186232-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-3968005663-3115476455-970186232-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3968005663-3115476455-970186232-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;192.168.178.1;<local> ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: 2020Player_IKEA%402020Technologies.com:5.0.93.0 FF - prefs.js..extensions.enabledAddons: fb_add_on%40avm.de:1.6.3 FF - prefs.js..extensions.enabledAddons: %7Bc50ca3c4-5656-43c2-a061-13e717f73fc8%7D:4.2.5 FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.4.3 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4 FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.0.1 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: File not found FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar: C:\Program Files\dradio-Recorder\npphonostarDetectNP.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.11 21:58:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.11 21:58:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.22 19:45:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.02.22 19:45:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.22 19:45:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.02.22 19:45:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.22 19:45:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.02.22 19:45:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.22 19:45:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.02.22 19:45:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.22 19:45:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.02.22 19:45:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.22 19:45:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.02.22 19:45:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.22 19:45:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.02.22 19:45:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.22 19:45:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.02.22 19:45:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.22 19:45:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.02.22 19:45:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.22 19:45:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.02.22 19:45:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.22 19:45:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.02.22 19:45:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.22 19:45:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.02.22 19:45:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.22 19:45:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.02.22 19:45:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.22 19:45:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.02.22 19:45:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.22 19:45:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.02.22 19:45:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.22 19:45:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.02.22 19:45:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.22 19:45:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.02.22 19:45:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.22 19:45:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.02.22 19:45:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.22 19:45:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.02.22 19:45:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.22 19:45:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.02.22 19:45:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.22 19:45:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.02.22 19:45:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.22 19:45:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.02.22 19:45:43 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.11 21:58:15 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.11 21:58:05 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.22 19:45:40 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.02.22 19:45:43 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.22 19:45:40 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.02.22 19:45:43 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.22 19:45:40 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.02.22 19:45:43 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.22 19:45:40 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.02.22 19:45:43 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.22 19:45:40 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.02.22 19:45:43 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{1cfcaf72-e6f3-412a-bc20-7bcd7579014b}: C:\Program Files\1&1\1&1 MultiMessenger\ThunderbirdSyncProxy [2012.01.27 19:11:36 | 000,000,000 | ---D | M] [2012.01.26 07:45:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions [2012.01.26 07:45:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28} [2013.03.11 21:17:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\lkhmbixr.default\extensions [2012.03.04 20:29:05 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\lkhmbixr.default\extensions\2020Player_IKEA@2020Technologies.com [2012.05.19 07:01:54 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\lkhmbixr.default\extensions\fb_add_on@avm.de [2013.03.07 07:39:03 | 000,348,483 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\lkhmbixr.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2013.01.12 18:28:01 | 000,316,778 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\lkhmbixr.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi [2013.03.11 21:58:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013.03.11 21:58:15 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.12.14 10:45:24 | 000,170,080 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2013.03.11 21:58:11 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.03.11 21:58:11 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.03.11 21:58:11 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.03.11 21:58:11 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.11 21:58:11 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.03.11 21:58:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (WebCGMHlprObj Class) - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\Windows\System32\cgmopenbho.dll (CGM Open Consortium, Inc.) O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.) O4 - HKLM..\Run: [snp325] C:\Windows\vsnp325.exe () O4 - HKLM..\Run: [tsnp325] C:\Windows\tsnp325.exe () O4 - HKU\S-1-5-21-3968005663-3115476455-970186232-1001..\Run: [] File not found O4 - HKU\S-1-5-21-3968005663-3115476455-970186232-1001..\Run: [dradio-RecorderTimer] C:\Program Files\dradio-Recorder\phonostarTimer.exe () O4 - HKU\S-1-5-21-3968005663-3115476455-970186232-1001..\Run: [EPSON BX300F Series (Kopie 1)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEJE.EXE (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-21-3968005663-3115476455-970186232-1001..\Run: [Note Manager] C:\Program Files\DGP1000\Note Manager.exe (Targa GmbH) O4 - HKU\S-1-5-21-3968005663-3115476455-970186232-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm () O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm () O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm () O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3968005663-3115476455-970186232-1001\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKU\S-1-5-21-3968005663-3115476455-970186232-1001\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} hxxp://esupport.epson-europe.com/selftest/de/Prg/ESTPTest.cab (EPSON Web Printer-SelfTest Control Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 10.17.2) O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1A21165-C522-4E75-AA94-C55205D36929}: DhcpNameServer = 192.168.179.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFDE7349-231E-4CB5-91E1-579B75766012}: DhcpNameServer = 192.168.178.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011.05.10 09:16:02 | 000,000,084 | ---- | M] () - F:\Autoruninf.blockiert -- [ NTFS ] O32 - AutoRun File - [2007.08.09 02:49:08 | 000,000,038 | ---- | M] () - H:\autorun.inf.blockiert -- [ NTFS ] O32 - AutoRun File - [2009.10.09 15:27:12 | 000,000,089 | ---- | M] () - I:\Autorun.inf.blockiert -- [ NTFS ] O33 - MountPoints2\{00211ef0-64b6-11e2-aa6b-001eec0a03f9}\Shell - "" = AutoRun O33 - MountPoints2\{00211ef0-64b6-11e2-aa6b-001eec0a03f9}\Shell\AutoRun\command - "" = J:\preinst.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Install.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.21 19:45:13 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.03.21 19:44:59 | 000,000,000 | ---D | C] -- C:\JRT [2013.03.21 19:43:55 | 000,549,920 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\****\Desktop\JRT.exe [2013.03.20 22:18:02 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\Podcasts [2013.03.20 22:16:33 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\Aufnahmen [2013.03.20 22:16:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dradio-Recorder [2013.03.20 22:16:16 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\phonostar GmbH [2013.03.20 22:16:11 | 000,000,000 | ---D | C] -- C:\Program Files\dradio-Recorder [2013.03.20 20:08:10 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\****\Desktop\TDSSKiller.exe [2013.03.20 17:30:28 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\****\Desktop\aswMBR.exe [2013.03.20 14:13:59 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ [2013.03.20 14:13:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ [2013.03.20 14:13:51 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Notepad++ [2013.03.20 14:13:51 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++ [2013.03.17 18:18:50 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\iSpy [2013.03.17 18:18:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSpy [2013.03.17 18:18:30 | 000,000,000 | ---D | C] -- C:\Program Files\iSpy [2013.03.17 17:39:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2013.03.17 11:12:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vision Objects [2013.03.17 10:53:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Note Manager [2013.03.17 10:53:49 | 000,000,000 | ---D | C] -- C:\Program Files\DGP1000 [2013.03.17 08:01:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileEdit [2013.03.17 08:01:36 | 000,000,000 | ---D | C] -- C:\Program Files\FileEdit [2013.03.17 08:01:25 | 001,069,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCTL.OCX [2013.03.17 08:01:25 | 000,218,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RICHTX32.OCX [2013.03.16 19:03:01 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\SUPERAntiSpyware.com [2013.03.16 19:02:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2013.03.16 19:02:27 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2013.03.16 19:02:27 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2013.03.16 18:48:25 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes [2013.03.16 18:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.16 18:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.16 18:47:34 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.03.16 18:47:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.03.16 18:47:22 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Programs [2013.03.15 18:48:18 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MWconn [2013.03.15 16:59:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat [2013.03.15 16:40:52 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.03.15 16:40:52 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe [2013.03.15 16:40:52 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.03.15 16:40:52 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll [2013.03.15 16:40:52 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2013.03.15 16:40:52 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2013.03.15 16:40:52 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2013.03.15 16:40:52 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2013.03.15 16:40:52 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.03.15 16:40:52 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2013.03.15 16:40:52 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2013.03.15 16:40:52 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2013.03.15 16:40:52 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013.03.15 16:40:52 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2013.03.15 16:40:52 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2013.03.15 16:40:52 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.03.15 16:40:52 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2013.03.15 16:40:52 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2013.03.15 16:40:51 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.03.15 16:40:51 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.03.15 16:40:51 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2013.03.15 16:40:51 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll [2013.03.15 16:40:51 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2013.03.15 16:40:51 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.03.15 16:40:51 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2013.03.15 16:40:51 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2013.03.15 16:40:51 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2013.03.15 16:40:51 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.03.15 16:40:51 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2013.03.15 16:40:51 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013.03.15 16:40:51 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2013.03.15 16:40:51 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013.03.15 16:40:51 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2013.03.15 16:40:51 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013.03.15 16:40:51 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013.03.15 16:40:51 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2013.03.15 16:39:01 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll [2013.03.15 16:39:01 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2013.03.15 16:39:01 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2013.03.15 16:39:01 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2013.03.15 16:39:01 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.03.15 16:39:01 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.03.15 16:39:01 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.03.15 16:39:01 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.03.15 16:39:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll [2013.03.15 16:39:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.03.15 16:39:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll [2013.03.15 16:39:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.03.15 16:39:01 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.03.15 16:39:00 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2013.03.15 16:39:00 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2013.03.15 16:39:00 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2013.03.15 16:39:00 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2013.03.15 16:39:00 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2013.03.15 16:39:00 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2013.03.15 16:39:00 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2013.03.15 16:39:00 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2013.03.15 16:39:00 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2013.03.15 16:39:00 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2013.03.15 16:39:00 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll [2013.03.15 16:39:00 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2013.03.15 15:45:04 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbser6k.sys [2013.03.15 15:45:04 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbnmea.sys [2013.03.15 15:45:04 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys [2013.03.15 15:44:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1&1 Surf-Stick [2013.03.15 15:44:41 | 000,000,000 | ---D | C] -- C:\Program Files\1&1 Surf-Stick [2013.03.15 15:38:01 | 000,009,216 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\massfilter.sys [2013.03.15 13:48:56 | 000,000,000 | ---D | C] -- C:\ProgramData\MDMA [2013.03.13 23:57:21 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys [2013.03.11 21:58:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.03.08 14:46:40 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.03.08 14:46:11 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.02.28 06:42:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013.02.28 06:41:50 | 000,861,088 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2013.02.28 06:41:14 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.02.28 06:41:13 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.02.22 19:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.21 21:44:26 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.21 21:44:26 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.21 21:41:42 | 000,724,332 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.03.21 21:41:42 | 000,673,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.03.21 21:41:42 | 000,154,274 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.03.21 21:41:42 | 000,125,854 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.03.21 21:36:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.21 21:36:45 | 1603,084,288 | -HS- | M] () -- C:\hiberfil.sys [2013.03.21 19:55:35 | 000,609,993 | ---- | M] () -- C:\Users\****\Desktop\adwcleaner.exe [2013.03.21 19:43:56 | 000,549,920 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\****\Desktop\JRT.exe [2013.03.20 22:16:17 | 000,001,024 | ---- | M] () -- C:\Users\****\Desktop\dradio-Recorder.lnk [2013.03.20 17:29:43 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\****\Desktop\aswMBR.exe [2013.03.17 18:18:34 | 000,002,569 | ---- | M] () -- C:\Users\Public\Desktop\iSpy.lnk [2013.03.17 17:39:48 | 000,000,000 | ---- | M] () -- C:\Users\****\defogger_reenable [2013.03.17 14:52:23 | 000,377,856 | ---- | M] () -- C:\Users\****\Desktop\gmer_2.1.19155.exe [2013.03.17 14:50:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2013.03.17 14:50:40 | 000,050,477 | ---- | M] () -- C:\Users\****\Desktop\Defogger.exe [2013.03.17 12:55:27 | 000,000,218 | ---- | M] () -- C:\Users\****\.recently-used.xbel [2013.03.17 11:12:43 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\MyScript Notes Lite.lnk [2013.03.17 10:53:57 | 000,001,866 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NewShortcut3.lnk [2013.03.17 10:53:55 | 000,002,675 | ---- | M] () -- C:\Users\Public\Desktop\Note Manager.lnk [2013.03.16 19:02:30 | 000,001,931 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2013.03.16 18:47:36 | 000,001,037 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.16 10:42:42 | 209,665,740 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.03.15 17:04:20 | 000,322,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.03.15 16:40:52 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.03.15 16:40:52 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe [2013.03.15 16:40:52 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.03.15 16:40:52 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll [2013.03.15 16:40:52 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2013.03.15 16:40:52 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2013.03.15 16:40:52 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2013.03.15 16:40:52 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2013.03.15 16:40:52 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.03.15 16:40:52 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2013.03.15 16:40:52 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2013.03.15 16:40:52 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2013.03.15 16:40:52 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013.03.15 16:40:52 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2013.03.15 16:40:52 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2013.03.15 16:40:52 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.03.15 16:40:52 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2013.03.15 16:40:52 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2013.03.15 16:40:51 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.03.15 16:40:51 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.03.15 16:40:51 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2013.03.15 16:40:51 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll [2013.03.15 16:40:51 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2013.03.15 16:40:51 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.03.15 16:40:51 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2013.03.15 16:40:51 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2013.03.15 16:40:51 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2013.03.15 16:40:51 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.03.15 16:40:51 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2013.03.15 16:40:51 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013.03.15 16:40:51 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2013.03.15 16:40:51 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013.03.15 16:40:51 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2013.03.15 16:40:51 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013.03.15 16:40:51 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013.03.15 16:40:51 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2013.03.15 16:40:51 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2013.03.15 16:39:01 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll [2013.03.15 16:39:01 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2013.03.15 16:39:01 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2013.03.15 16:39:01 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2013.03.15 16:39:01 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.03.15 16:39:01 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.03.15 16:39:01 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.03.15 16:39:01 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.03.15 16:39:01 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll [2013.03.15 16:39:01 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.03.15 16:39:01 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll [2013.03.15 16:39:01 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.03.15 16:39:01 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.03.15 16:39:00 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2013.03.15 16:39:00 | 001,988,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2013.03.15 16:39:00 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2013.03.15 16:39:00 | 001,247,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2013.03.15 16:39:00 | 001,080,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2013.03.15 16:39:00 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2013.03.15 16:39:00 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2013.03.15 16:39:00 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2013.03.15 16:39:00 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2013.03.15 16:39:00 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2013.03.15 16:39:00 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll [2013.03.15 16:39:00 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2013.03.15 16:33:56 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\1&1 Surf-Stick.lnk [2013.03.12 21:38:28 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.03.12 21:38:28 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.03.11 21:49:15 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.03.08 14:46:00 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.03.08 14:45:59 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2013.03.08 14:45:59 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2013.03.08 14:45:59 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.03.08 14:45:59 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.03.08 14:45:59 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.21 19:55:34 | 000,609,993 | ---- | C] () -- C:\Users\****\Desktop\adwcleaner.exe [2013.03.20 22:16:17 | 000,001,024 | ---- | C] () -- C:\Users\****\Desktop\dradio-Recorder.lnk [2013.03.17 18:18:34 | 000,002,569 | ---- | C] () -- C:\Users\Public\Desktop\iSpy.lnk [2013.03.17 17:39:48 | 000,000,000 | ---- | C] () -- C:\Users\****\defogger_reenable [2013.03.17 17:39:09 | 000,377,856 | ---- | C] () -- C:\Users\****\Desktop\gmer_2.1.19155.exe [2013.03.17 17:39:09 | 000,050,477 | ---- | C] () -- C:\Users\****\Desktop\Defogger.exe [2013.03.17 12:55:27 | 000,000,218 | ---- | C] () -- C:\Users\****\.recently-used.xbel [2013.03.17 11:12:43 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\MyScript Notes Lite.lnk [2013.03.17 10:53:57 | 000,001,866 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NewShortcut3.lnk [2013.03.17 10:53:55 | 000,002,675 | ---- | C] () -- C:\Users\Public\Desktop\Note Manager.lnk [2013.03.16 19:02:30 | 000,001,931 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2013.03.16 18:47:36 | 000,001,037 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.16 10:42:42 | 209,665,740 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.03.15 16:40:51 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2013.03.15 15:44:43 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\1&1 Surf-Stick.lnk [2013.03.11 21:49:15 | 000,001,087 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.03.11 21:49:15 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.01.13 18:29:20 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2013.01.13 18:29:20 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2013.01.12 20:30:42 | 000,000,033 | ---- | C] () -- C:\Windows\Multimedia manager.INI [2013.01.12 20:21:56 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2012.12.19 23:16:46 | 000,001,345 | ---- | C] () -- C:\Users\****\AppData\Roaming\csv2qif.ini [2012.09.26 17:44:03 | 000,010,752 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll [2012.08.13 11:08:08 | 000,014,217 | ---- | C] () -- C:\Program Files\readme.html [2012.05.08 14:15:36 | 000,000,005 | ---- | C] () -- C:\Program Files\basis-link [2012.03.21 21:12:18 | 000,000,524 | ---- | C] () -- C:\Windows\System32\charset.dat [2012.01.14 19:19:12 | 000,540,672 | ---- | C] () -- C:\Windows\_UnInst.exe [2012.01.01 17:06:20 | 000,450,560 | ---- | C] () -- C:\Windows\System32\PEGRC32B.dll [2012.01.01 17:06:20 | 000,188,416 | ---- | C] () -- C:\Windows\System32\PEGRC32A.dll [2012.01.01 17:04:33 | 001,283,072 | ---- | C] () -- C:\Windows\System32\MhCglobal10.dll [2011.12.30 13:26:00 | 000,064,000 | ---- | C] () -- C:\Windows\System32\esfw41.bin [2011.06.10 18:01:12 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2011.06.04 17:38:24 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll [2011.06.04 17:38:23 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2011.06.04 17:38:19 | 000,631,808 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011.06.04 17:38:19 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010.11.13 11:12:40 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.11.06 10:41:08 | 000,000,127 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2010.10.31 16:50:50 | 000,000,000 | ---- | C] () -- C:\Users\****\AppData\Roaming\JFritz.lock [2010.08.09 22:41:13 | 000,007,599 | ---- | C] () -- C:\Users\****\AppData\Local\Resmon.ResmonCfg [2010.02.18 18:13:38 | 000,024,064 | ---- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 24 bytes -> C:\Windows:A740170DCF394417 < End of report > [/CODE] und die neue Extras: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 21.03.2013 21:42:50 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\****\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 58,95% Memory free
3,98 Gb Paging File | 2,99 Gb Available in Paging File | 75,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 143,95 Gb Total Space | 46,12 Gb Free Space | 32,04% Space Free | Partition Type: NTFS
Drive F: | 1863,01 Gb Total Space | 1061,72 Gb Free Space | 56,99% Space Free | Partition Type: NTFS
Drive H: | 931,51 Gb Total Space | 334,72 Gb Free Space | 35,93% Space Free | Partition Type: NTFS
Drive I: | 931,51 Gb Total Space | 291,25 Gb Free Space | 31,27% Space Free | Partition Type: NTFS
Drive J: | 232,83 Gb Total Space | 28,84 Gb Free Space | 12,39% Space Free | Partition Type: FAT32
Computer Name: LENOVO | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-3968005663-3115476455-970186232-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.reg [@ = regfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\BitBox\Client\BitBox.exe" "%1"
https [open] -- "C:\Program Files\BitBox\Client\BitBox.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\****\AppData\Local\Temp\RarSFX0\StsInstall.exe" = C:\Users\****\AppData\Local\Temp\RarSFX0\StsInstall.exe:*:Enabled:StsInstall
"C:\Program Files\Eurowin\MaxTax Deluxe\MAXTAX.exe" = C:\Program Files\Eurowin\MaxTax Deluxe\MAXTAX.exe:*:Enabled:MAXTAX -- (Steuersoft GmbH)
"C:\Program Files\Eurowin\MaxTax Deluxe\STMAXTAX.exe" = C:\Program Files\Eurowin\MaxTax Deluxe\STMAXTAX.exe:*:Enabled:STMAXTAX -- (Steuersoft GmbH)
"C:\Program Files\Eurowin\MaxTax Deluxe\EPUpdate.exe" = C:\Program Files\Eurowin\MaxTax Deluxe\EPUpdate.exe:*:Enabled:EPUpdate -- (Steuersoft GmbH)
"C:\Program Files\Eurowin\MaxTax Deluxe\DatabaseTool.exe" = C:\Program Files\Eurowin\MaxTax Deluxe\DatabaseTool.exe:*:Enabled:DatabaseTool -- (Steuersoft GmbH)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B9DF4D3-8869-4E02-B016-433737D3EAB1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1C9AA0A3-5BCF-4813-9F44-22095B95BCC1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{278B306D-6377-4364-A110-7150EA3EA6E4}" = rport=137 | protocol=17 | dir=out | app=system |
"{2DDED28B-96BD-492A-9F74-0ED2054388D3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3159D566-6B97-4EA6-AF1C-889B0139918C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{32AD8D23-1199-43B1-ADA3-EF17D65A2004}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3619C719-9E76-4594-96A2-6038E09C0CB7}" = lport=138 | protocol=17 | dir=in | app=system |
"{3806C0FE-F482-4C84-B915-523A31C48D2A}" = rport=445 | protocol=6 | dir=out | app=system |
"{39BF34C8-1787-4A53-ADEF-7D5511CF9DB8}" = lport=445 | protocol=6 | dir=in | app=system |
"{3CB9CB62-3FA0-4B4C-9087-1582271F66A9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{54F45E34-A097-4B35-82D0-69FF7A16A7D5}" = lport=139 | protocol=6 | dir=in | app=system |
"{5949E2B6-40F8-4711-AC81-14FB8A45FBA3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5D869046-80F0-4C5C-889A-ECA763EF3631}" = lport=2567 | protocol=6 | dir=in | name=messenger |
"{646D596C-6A70-4F42-80EE-D82220A0D660}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{84CE5EF7-8F17-40F4-9413-0AE23C17DD33}" = lport=137 | protocol=17 | dir=in | app=system |
"{91028991-3F36-424B-8BF2-D1CD9FD4D642}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{92B699B1-BC84-425C-980A-0F2610284A04}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BAC6A2A0-562E-4186-B1EC-A08A411D034F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CE3438A1-E34E-477D-A90A-C9D13D661330}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D87A2FB8-AA8E-4929-BAD1-EBEF41432656}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E66E461D-2920-4DA9-8F17-1DF2DF9091FB}" = rport=139 | protocol=6 | dir=out | app=system |
"{E8587130-5329-42BA-A93D-162D2994A371}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EF4C6ADC-4F55-4D59-8016-24BDC2103B71}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F5DDE83D-10DC-46F6-B2C9-C59B31C02BB8}" = lport=25 | protocol=6 | dir=in | name=dns |
"{F6423766-8452-4195-A8BD-F072BBE7D05B}" = rport=138 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0397640E-6066-4208-879E-7712909C686C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{04C8A7EF-4054-4EE4-B2B2-37267FE550FF}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{259EB788-F46D-4070-BEAA-A84B142C9C58}" = protocol=6 | dir=in | app=c:\users\****\appdata\local\akamai\netsession_win.exe |
"{2B602E64-D3D7-4D49-97D3-F2B519441F99}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{2BF65765-6F32-4F38-90E1-36BD0F512361}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{337AF859-0192-4D10-9A1C-0D521A7E6032}" = protocol=17 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\autoupdate.exe |
"{356EB979-687E-427A-93F6-F0D1C1FB3EC0}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{366ACCE4-D361-438E-9D74-8A5053E5EC17}" = protocol=17 | dir=in | app=c:\program files\ninjalite\ninjalite\ninjali.exe |
"{38A50986-1ABB-4E2B-8F46-042C8B5C6DE9}" = protocol=6 | dir=in | app=c:\program files\eurowin\maxtax deluxe\databasetool.exe |
"{38E9C6B1-F9BA-436F-9857-F876260C6B16}" = protocol=17 | dir=in | app=c:\users\****\appdata\local\akamai\netsession_win.exe |
"{4303B030-210E-42DC-BC64-B6E19921F55E}" = protocol=6 | dir=in | app=c:\program files\eurowin\maxtax deluxe\maxtax.exe |
"{49A11C47-8305-4D30-8091-F14B43CDC659}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{49AE1150-16CF-4B41-A724-75C79286E7C9}" = protocol=6 | dir=in | app=c:\program files\eurowin\maxtax deluxe\maxtax.exe |
"{49EFFFA9-C2DC-49C1-8977-1A0D72E68044}" = protocol=6 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\autoupdate.exe |
"{4A8F1260-5A00-4427-8FD8-077E9499365A}" = protocol=17 | dir=in | app=c:\users\****\appdata\local\apps\2.0\zdbh2x81.p30\75rmbvoa.jr4\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\fritzbox-usb-fernanschluss.exe |
"{4F2F1B26-E12B-4F62-A637-49B783DD1C1C}" = protocol=17 | dir=in | app=k:\1&1 multimessenger\messengr.exe |
"{51DC4B35-650D-439C-86D4-5A76051F7BA5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{566A7FDB-F18A-4610-A276-4FDE851A58EA}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{586714CF-C3F0-45F3-A500-71C99F741311}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5A0A8829-6904-4E40-94FC-2153B8844C11}" = protocol=17 | dir=in | app=c:\windows\system32\wfs.exe |
"{6A8D0E8C-4E88-4BCB-92C8-D86996B4A1D5}" = protocol=17 | dir=in | app=c:\program files\ninjalite\ninjalite\xproxy.exe |
"{6A9299F5-A04C-4512-80CA-38EFAA0EE9B4}" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"{6D14F310-709D-4136-9AD7-877634F16581}" = protocol=6 | dir=in | app=c:\users\****\appdata\local\apps\2.0\zdbh2x81.p30\75rmbvoa.jr4\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\fritzbox-usb-fernanschluss.exe |
"{6EB325C1-C586-4AA1-8A44-4D91B5EC9845}" = protocol=6 | dir=in | app=c:\program files\eurowin\maxtax deluxe\stmaxtax.exe |
"{72B0A3A6-DABF-4458-8244-3DB2682B0F28}" = protocol=17 | dir=in | app=c:\program files\eurowin\maxtax deluxe\stmaxtax.exe |
"{73DB5417-7DEF-4880-BEC8-3DA7225E4D08}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{7C30E932-ABFA-49CC-9E63-246D8520091F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{802936C0-4760-41B2-A7B6-ED19C79571D2}" = protocol=17 | dir=in | app=c:\program files\eurowin\maxtax deluxe\maxtax.exe |
"{872C4B15-D96B-46D5-B7F6-01755E4C5D9B}" = protocol=17 | dir=in | app=c:\program files\eurowin\maxtax deluxe\databasetool.exe |
"{9006C8D5-AC04-4C86-893D-F1207B176611}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{90E1CB83-700C-4ED2-9EF7-7BE2F34AF1D4}" = protocol=17 | dir=in | app=c:\program files\eurowin\maxtax deluxe\databasetool.exe |
"{964A65ED-E50A-475C-9DE0-E99C2AF7019F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{96CB191D-0B61-4FEE-ACE2-8B4F216DF1E5}" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"{9BAE5C0E-25D8-49DA-9B74-16C8ED1BD06F}" = protocol=17 | dir=in | app=c:\users\****\appdata\local\apps\2.0\zdbh2x81.p30\75rmbvoa.jr4\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\fritzbox-usb-fernanschluss.exe |
"{9F151451-F168-4A84-80C0-1C4F51537D3F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A4C5CD38-96F3-4231-BC79-337B14CDA835}" = protocol=6 | dir=in | app=k:\1&1 multimessenger\messengr.exe |
"{B14B86BB-6B5F-4A77-A6C1-F76C1AC3FDD6}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{B55FEB22-1030-451C-8D58-F9082A890658}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BD2D2077-3183-4DED-A82C-E8B554ACC50D}" = protocol=6 | dir=in | app=c:\users\****\appdata\local\apps\2.0\zdbh2x81.p30\75rmbvoa.jr4\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\fritzbox-usb-fernanschluss.exe |
"{C58C9B4B-8D11-4BE7-82A5-949CD5856C28}" = protocol=17 | dir=in | app=c:\program files\fritz!\igd_finder.exe |
"{C97C38C4-B9CE-4B28-B6F7-2C3A3307D1C7}" = protocol=17 | dir=in | app=c:\program files\eurowin\maxtax deluxe\epupdate.exe |
"{CA9908F2-76BD-4432-B636-AED8892174EF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CB96474C-9017-4FA2-8794-85D95F821352}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CD434BC1-5CD0-47C2-B985-071D88B6FDF7}" = protocol=6 | dir=in | app=c:\program files\ninjalite\ninjalite\xproxy.exe |
"{CDCC9F88-203F-4A08-BAB9-8944D88B889A}" = protocol=17 | dir=in | app=c:\program files\eurowin\maxtax deluxe\stmaxtax.exe |
"{D5A1F3F1-7218-40D6-9082-9C3EE0F4F3FD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E0E02686-A483-417D-869A-EF6FDD14FBDF}" = protocol=17 | dir=in | app=c:\program files\eurowin\maxtax deluxe\maxtax.exe |
"{E355A7F0-0330-4302-A73F-91B7F72637D4}" = protocol=6 | dir=in | app=c:\program files\eurowin\maxtax deluxe\epupdate.exe |
"{E7489E38-90CA-40A5-83A9-E1A47B041572}" = protocol=6 | dir=out | app=system |
"{E7CB13DF-E10F-41F7-8BE2-7D21234A914A}" = protocol=6 | dir=in | app=c:\windows\system32\wfs.exe |
"{EAC7C9FA-EE66-431B-BC64-706C2BEB90FE}" = protocol=6 | dir=in | app=c:\program files\eurowin\maxtax deluxe\stmaxtax.exe |
"{EBF5DF4E-B0AD-432A-AA2B-AA69DAD54910}" = protocol=6 | dir=in | app=c:\program files\eurowin\maxtax deluxe\databasetool.exe |
"{F10FB82D-437D-4414-8819-2C479B00A178}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F567AD1C-F904-4C32-876C-7EE7EB8B566B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F8D027DE-DBE1-4489-BA25-012E6507FA4D}" = protocol=6 | dir=in | app=c:\program files\ninjalite\ninjalite\ninjali.exe |
"{FD8BA5AA-2F7C-4B23-8058-09F25D731E1E}" = protocol=6 | dir=in | app=c:\program files\fritz!\igd_finder.exe |
"TCP Query User{11CF5B4C-1672-47FC-B59A-FD29EFE96A82}C:\program files\space threat\space_threat_server.exe" = protocol=6 | dir=in | app=c:\program files\space threat\space_threat_server.exe |
"TCP Query User{13D0F55E-B091-4E6F-A42A-E5085E0FA27E}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{16D78EEC-4236-46B8-BE25-7AA9C6FEBA40}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{28776DE6-79A6-4AB9-A59A-4EDB3367E0F1}C:\program files\dradio-recorder\phonostar.exe" = protocol=6 | dir=in | app=c:\program files\dradio-recorder\phonostar.exe |
"TCP Query User{2A3B3308-035A-4B8E-97ED-437625BFCB84}C:\windows\system32\wfs.exe" = protocol=6 | dir=in | app=c:\windows\system32\wfs.exe |
"TCP Query User{37677313-CAAF-498D-B23A-DAC9FA2071EB}C:\program files\hausakte\bin\hausakteserver.exe" = protocol=6 | dir=in | app=c:\program files\hausakte\bin\hausakteserver.exe |
"TCP Query User{3FE04CF8-DC2A-4CF8-A2BA-DD60C3AB75D3}C:\downloads\software\fritz.box_fon_wlan_7050.04.31.recover-image.exe" = protocol=6 | dir=in | app=c:\downloads\software\fritz.box_fon_wlan_7050.04.31.recover-image.exe |
"TCP Query User{46B9EC4D-B48A-4023-AC62-52A2E866C131}K:\1&1 multimessenger\messengr.exe" = protocol=6 | dir=in | app=k:\1&1 multimessenger\messengr.exe |
"TCP Query User{47735FE9-7692-4CFD-AB19-B9325265AAA0}C:\program files\free download manager\fdm.exe" = protocol=6 | dir=in | app=c:\program files\free download manager\fdm.exe |
"TCP Query User{48A5B49F-42AE-41D7-9804-B420D889F975}C:\program files\jfritz\jfritz.exe" = protocol=6 | dir=in | app=c:\program files\jfritz\jfritz.exe |
"TCP Query User{60F8B743-ADD3-4841-9094-AEADE6661D12}C:\downloads\software\fritz.box_fon_wlan_7170.04.80.recover-image.exe" = protocol=6 | dir=in | app=c:\downloads\software\fritz.box_fon_wlan_7170.04.80.recover-image.exe |
"TCP Query User{61649917-17C4-4907-93ED-934A2E5F937F}C:\program files\dgp1000\note manager.exe" = protocol=6 | dir=in | app=c:\program files\dgp1000\note manager.exe |
"TCP Query User{641F8D31-B2C0-4585-AE87-B84E40BC775F}C:\users\****\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe" = protocol=6 | dir=in | app=c:\users\****\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe |
"TCP Query User{65340B56-6E4F-4E7F-9FEC-7B766CAF1D9D}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"TCP Query User{696AB71B-755A-4911-8932-172AB7D544A8}C:\program files\java\jre6\launch4j-tmp\autoupdate.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\autoupdate.exe |
"TCP Query User{7E86FE07-360F-4C27-B71D-F302B70A50FA}C:\program files\free download manager\fdmwi.exe" = protocol=6 | dir=in | app=c:\program files\free download manager\fdmwi.exe |
"TCP Query User{8233D25B-D0D8-4C46-80CA-E556E38B7F27}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{85B51D95-0F9F-4431-87D5-CD9B56C3219B}I:\emule\emule.exe" = protocol=6 | dir=in | app=%programfiles%\emule\emule.exe |
"TCP Query User{9009471C-1C09-4FF8-AA09-B0FBACED95C1}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"TCP Query User{94A11803-8A56-4929-B732-B2A81200BAC4}C:\downloads\software\support_freeedition_do94767783_de.exe" = protocol=6 | dir=in | app=c:\downloads\software\support_freeedition_do94767783_de.exe |
"TCP Query User{A4679D34-697F-433E-9660-FCEF757A245F}C:\program files\dgp1000\note manager.exe" = protocol=6 | dir=in | app=c:\program files\dgp1000\note manager.exe |
"TCP Query User{AC7706F6-D073-473F-96C5-FD9E6F3ABEB6}C:\downloads\software\fritz.box_fon_wlan_7050.04.31.recover-image.exe" = protocol=6 | dir=in | app=c:\downloads\software\fritz.box_fon_wlan_7050.04.31.recover-image.exe |
"TCP Query User{B3EE3D6A-CEC9-4ED0-AAA5-4E947CFBE04D}F:\hessen3d.exe" = protocol=6 | dir=in | app=f:\hessen3d.exe |
"TCP Query User{D197837B-D60B-4A2E-A4DF-155EA23F0B76}C:\users\****\appdata\local\temp\_istmp1.dir\_ins5576._mp" = protocol=6 | dir=in | app=c:\users\****\appdata\local\temp\_istmp1.dir\_ins5576._mp |
"TCP Query User{D5D5C9FC-A4E3-4294-949B-962D804C5B7A}C:\program files\fritz!\frifax32.exe" = protocol=6 | dir=in | app=c:\program files\fritz!\frifax32.exe |
"TCP Query User{DFF3A6D0-52BB-46FE-8581-F977F6152D54}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{F1F0D63C-083E-4111-8875-7F98DCB4C951}C:\program files\ispy\ispy\ispy.exe" = protocol=6 | dir=in | app=c:\program files\ispy\ispy\ispy.exe |
"TCP Query User{FF483B5F-B5BA-4362-855F-4644BF1F35A4}C:\program files\1&1\1&1 multimessenger\messengr.exe" = protocol=6 | dir=in | app=c:\program files\1&1\1&1 multimessenger\messengr.exe |
"UDP Query User{0B5F472C-B0A9-484E-BA3A-5A35E11C3BB7}C:\program files\java\jre6\launch4j-tmp\autoupdate.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\autoupdate.exe |
"UDP Query User{219CC222-3AFC-4C39-AAD8-2F5C349EE420}C:\users\****\appdata\local\temp\_istmp1.dir\_ins5576._mp" = protocol=17 | dir=in | app=c:\users\****\appdata\local\temp\_istmp1.dir\_ins5576._mp |
"UDP Query User{220FD576-79E7-4AE9-B1D3-8860D6A75EBB}C:\program files\1&1\1&1 multimessenger\messengr.exe" = protocol=17 | dir=in | app=c:\program files\1&1\1&1 multimessenger\messengr.exe |
"UDP Query User{26C05F2E-F522-4086-A93F-AC622E4EF2E5}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"UDP Query User{2B19483B-B9E7-4975-B622-7E6E9F7F34D7}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{32012F94-3D3D-4DC9-9B41-DA58AD1F2740}C:\program files\jfritz\jfritz.exe" = protocol=17 | dir=in | app=c:\program files\jfritz\jfritz.exe |
"UDP Query User{39983F8C-7B77-4991-8D34-693EA546DC43}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{4D6039C8-1AA5-47A7-9D02-378A78A40847}I:\emule\emule.exe" = protocol=17 | dir=in | app=%programfiles%\emule\emule.exe |
"UDP Query User{6AEFB385-DE65-4145-A32A-29C45E94A878}C:\downloads\software\fritz.box_fon_wlan_7050.04.31.recover-image.exe" = protocol=17 | dir=in | app=c:\downloads\software\fritz.box_fon_wlan_7050.04.31.recover-image.exe |
"UDP Query User{70DD2079-30A8-4E09-8392-40771801B297}C:\program files\dgp1000\note manager.exe" = protocol=17 | dir=in | app=c:\program files\dgp1000\note manager.exe |
"UDP Query User{7666D796-93FD-4A25-9D62-4587ED293BCA}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{7CBDB0BF-CDF4-4418-97F6-140D804D0398}C:\downloads\software\fritz.box_fon_wlan_7170.04.80.recover-image.exe" = protocol=17 | dir=in | app=c:\downloads\software\fritz.box_fon_wlan_7170.04.80.recover-image.exe |
"UDP Query User{7CC496BC-FC0C-4016-813F-7B526C5916DA}C:\program files\free download manager\fdmwi.exe" = protocol=17 | dir=in | app=c:\program files\free download manager\fdmwi.exe |
"UDP Query User{8114A5E5-4E35-4DCB-AAD0-E5AF002F2300}C:\program files\hausakte\bin\hausakteserver.exe" = protocol=17 | dir=in | app=c:\program files\hausakte\bin\hausakteserver.exe |
"UDP Query User{86DDA632-617B-4B98-8AB0-F6FA8B80A96B}C:\windows\system32\wfs.exe" = protocol=17 | dir=in | app=c:\windows\system32\wfs.exe |
"UDP Query User{895AEF11-CE54-4D64-AD7D-47D641AAF32E}K:\1&1 multimessenger\messengr.exe" = protocol=17 | dir=in | app=k:\1&1 multimessenger\messengr.exe |
"UDP Query User{96BEFB1E-A8A7-4D8C-95C0-6CDC9E18B21B}F:\hessen3d.exe" = protocol=17 | dir=in | app=f:\hessen3d.exe |
"UDP Query User{B212B35E-71F9-48B0-8E80-4C63E65119DB}C:\downloads\software\fritz.box_fon_wlan_7050.04.31.recover-image.exe" = protocol=17 | dir=in | app=c:\downloads\software\fritz.box_fon_wlan_7050.04.31.recover-image.exe |
"UDP Query User{B2D85AF0-A36F-476A-8DB8-ED3424E4A93B}C:\program files\ispy\ispy\ispy.exe" = protocol=17 | dir=in | app=c:\program files\ispy\ispy\ispy.exe |
"UDP Query User{B5360CA2-8118-45A6-881E-A2856A052D27}C:\downloads\software\support_freeedition_do94767783_de.exe" = protocol=17 | dir=in | app=c:\downloads\software\support_freeedition_do94767783_de.exe |
"UDP Query User{BAD8BEFB-B84D-4AAD-9195-7EEFE0BFA207}C:\program files\space threat\space_threat_server.exe" = protocol=17 | dir=in | app=c:\program files\space threat\space_threat_server.exe |
"UDP Query User{C80EAD03-B7BA-4B7F-BABE-8939F9648BCD}C:\program files\dradio-recorder\phonostar.exe" = protocol=17 | dir=in | app=c:\program files\dradio-recorder\phonostar.exe |
"UDP Query User{C98B97D7-9619-4F92-8C83-921BD9B55C1C}C:\program files\free download manager\fdm.exe" = protocol=17 | dir=in | app=c:\program files\free download manager\fdm.exe |
"UDP Query User{E29558D5-824A-405E-926D-DAD3F3AF6093}C:\program files\fritz!\frifax32.exe" = protocol=17 | dir=in | app=c:\program files\fritz!\frifax32.exe |
"UDP Query User{E621B0A8-9356-4BF4-A3AD-772AC485C348}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{F04D7D5D-CDE4-48D7-BCF8-2167E5E8F4D0}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{F42D82AF-6082-437E-A153-E4BA3A9452DA}C:\program files\dgp1000\note manager.exe" = protocol=17 | dir=in | app=c:\program files\dgp1000\note manager.exe |
"UDP Query User{F89D4BAB-DDA8-4D82-8AE9-8DF2E89AAEC9}C:\users\****\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe" = protocol=17 | dir=in | app=c:\users\****\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{0281B504-85AC-4041-9E16-D10AA814D69D}" = iSpy
"{188F5452-6C4E-4CA9-8E57-CF72E5331D2B}" = Note Manager Software
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3A6F4A31-8CFD-46B4-8385-E1F384DB121E}" = PDF-XChange Viewer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{408CD2E8-3977-449B-8102-76F158D4885F}" = Oracle VM VirtualBox 4.0.4
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53480150-81CB-4A86-B378-86B6F08AF80B}" = O&O DriveLED
"{53480870-02D8-48FB-BC27-72C956885168}" = O&O MediaRecovery
"{53B0213C-CC0C-4340-90BF-BFC7D3FE5BB4}" = QuickMark
"{556C14EF-56D1-4EC1-B886-CA36B8AE6E66}" = StarMoney 6.0
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5DC36978-AB9A-4A23-9C12-D90D2BB781B7}" = AVM FRITZ!Fernzugang
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7235252A-39A3-4889-AF58-18B82040310E}" = AVEO USB2.0 PC Camera
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{843DECF5-2CCA-49EA-AFB9-612388EB1A80}" = mh-tools
"{8732F9DD-0E44-4F8A-B460-A0B769AB1C13}" = calibre
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{94FA9FA6-5294-494D-A8F1-1E654CBB5736}" = Epson Easy Photo Print 2
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A00F8237-F496-44D2-0001-E3CCF8CD58AE}" = Photomizer
"{A62F50D4-EED7-4417-A382-E89ABCF11BAC}" = SketchUp DWG Importer
"{A82E3AFE-0BD9-4A17-9A58-9112B5C679C5}" = MyScript Notes Lite
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = 1&1 Surf-Stick
"{AA0FB0B5-D853-4F87-9261-A4BC7D503E0D}" = Microsoft Image Composite Editor
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF5B3ED5-70D3-48CF-A00F-FC29F5261A37}_is1" = JFritz 0.7.4.1
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B3B4E8E4-E2A4-11D6-8D31-00105A629F49}" = eMedia fortgeschrittene Keyboard-Schule
"{B4E10F9C-AB1E-4204-8700-A01C8490A149}" = KOMPAS-3D LT V8 Plus
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BEF106F8-2689-4530-925A-E1117836E8CD}" = Google SketchUp 7
"{BFBB91DB-9F0F-4A9C-9669-A97DA3512CF2}" = RealSpeak Solo fur Deutsch - Steffi
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DAB4E2E7-5E5C-499F-A533-303AAD4C8981}" = WiiGSC
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E6C44758-FF49-47D1-8182-65E3818ACE23}" = AuthenTec TrueSuite
"{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"{F9466082-90E9-4BE4-92F0-CF0AF195B0CF}" = hama PC-Webcam AC-140
"{FA761F4B-F2C3-4D07-9A44-BEEA137C6291}" = WISO Bau & Kauf Planung
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFCB1B04-5B1C-4A17-AA60-CA6F00BA50F9}" = StarMoney
"1&1 MultiMessenger" = 1&1 MultiMessenger
"7-Zip" = 7-Zip 4.65
"ABBYY FineReader 10.0.102.109" = ABBYY FineReader 10.0.102.109
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Any DWG DXF Converter_is1" = Any DWG DXF Converter 2010
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin
"AVIConverter" = AVIConverter 4.0.1
"Avira AntiVir Desktop" = Avira Free Antivirus
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Camtasia Studio 3" = Camtasia Studio 3
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CCleaner" = CCleaner
"DaumenkinoDruck" = Daumenkino - Druckmaschine
"DivX Setup.divx.com" = DivX-Setup
"dradio-Recorder_is1" = dradio-Recorder Version 3.02.6
"Duplicate Cleaner" = Duplicate Cleaner 2.1b
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"EPSON BX300F Series" = EPSON BX300F Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"FileEdit" = FileEdit 0.01.817
"FILEminimizer Pictures_is1" = FILEminimizer Pictures
"FileZilla Client" = FileZilla Client 3.3.1
"Free Download Manager_is1" = Free Download Manager 3.0
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.14.627
"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box
"GPL Ghostscript 9.04" = GPL Ghostscript
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Inkscape" = Inkscape 0.48.1
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"IrfanView" = IrfanView (remove only)
"IsoViewX30Uc" = ITEDO IsoView ActiveX Control 3.0
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.1.0
"LHTTSENG" = L&H TTS3000 British English
"LHTTSGED" = L&H TTS3000 Deutsch
"LiveUSB Creator" = LiveUSB Creator (remove only)
"LoqTTS-Stefan_is1" = Loquendo TTS: Stefan (German)
"LoqTTS-Ulrike_is1" = Loquendo TTS: Ulrike (German)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MARKEMENT_DEFRAG_PRO_is1" = PCSUITE DEFRAG
"MAXTAXDel" = eurowin maxtax
"Micam-1.4_is1" = Micam 1.4
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"Mozilla Thunderbird 17.0.4 (x86 de)" = Mozilla Thunderbird 17.0.4 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"Notepad++" = Notepad++
"Organizer V97.1" = Lotus Organizer 97 GS
"PCSUITE_INSPECTOR_PRO_is1" = PCSUITE INSPECTOR
"pepakura_designer3en" = Pepakura Designer 3
"PhotoStitch" = Canon Utilities PhotoStitch
"PowerISO" = PowerISO
"PrimoPDF" = PrimoPDF -- by Nitro PDF Software
"QuickTime" = QuickTime
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"ROM Papyrus Autor" = Papyrus Autor 14.01
"Shockwave" = Shockwave
"TomTom HOME" = TomTom HOME 2.8.2.2264
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"TVWiz" = Intel(R) TV Wizard
"VLC media player" = VLC media player 2.0.5
"WinPcapInst" = WinPcap 4.1.2
"Wireshark" = Wireshark 1.4.2
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 5.8.9
"WISO Bau & Kauf Finanzierung" = WISO Bau & Kauf Finanzierung
"Workshop Information System - WIS" = Workshop Information System - WIS
"XMind" = XMind
"XnView_is1" = XnView 1.98.2
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
"ZUB®-Bauteilkalkulator_is1" = ZUB®-Bauteilkalkulator 1.2.0.20
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3968005663-3115476455-970186232-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"NiedersachsenViewer Plus" = NiedersachsenViewer Plus
========== Last 20 Event Log Errors ==========
[ System Events ]
Error - 21.03.2013 16:33:12 | Computer Name = Lenovo | Source = DCOM | ID = 10010
Description =
< End of report >
Mfg civil |
|
22.03.2013, 12:32
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | mehrere Rechner im Heimnetzwerk, wo beginnen ?Zitat:
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner? Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.03.2013, 19:27
| #15 | |
| | mehrere Rechner im Heimnetzwerk, wo beginnen ? Hallo, Eset hat etwas gebraucht, daher hat es etwas gedauert. Zitat:
Hier der Log von Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.22.07 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16521 **** :: LENOVO [Administrator] Schutz: Deaktiviert 22.03.2013 16:42:00 mbam-log-2013-03-22 (16-42-00).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 252417 Laufzeit: 6 Minute(n), 55 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=68f69775a654594e85a2e96bd52821ab
# engine=13461
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-23 01:31:59
# local_time=2013-03-23 02:31:59 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 97 75374 229468809 68130 0
# compatibility_mode=5893 16776573 100 94 89933 115676710 0 0
# scanned=498659
# found=18
# cleaned=0
# scan_time=67628
sh=A0C45CD8429B65F654E8FAB829CE381763A7A115 ft=0 fh=0000000000000000 vn="probably a variant of Win32/Agent.DYXWUMY trojan" ac=I fn="C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\556445eb-4fe01eb1"
sh=83CEA41E9618E6768EFC247070A189D20279C104 ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen virus" ac=I fn="H:\LENOVO\Backup Set 2011-11-07 010033\Backup Files 2011-11-07 010033\Backup files 5.zip"
sh=26D46937C60C2E02B8EFCDDA79400BF849907550 ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen virus" ac=I fn="H:\LENOVO\Backup Set 2012-06-18 010005\Backup Files 2012-07-12 203441\Backup files 1.zip"
sh=B8BA46A601735AE72888CAE644E601E16F010695 ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen virus" ac=I fn="H:\LENOVO\Backup Set 2012-07-16 010011\Backup Files 2012-07-16 010011\Backup files 3.zip"
sh=E720ACC1E17EF9C92426808E48C646F24EA90B4F ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.NEO trojan" ac=I fn="H:\LENOVO\Backup Set 2012-08-20 010016\Backup Files 2012-09-03 010006\Backup files 1.zip"
sh=7B859D4C39694F9128D5DBC284CD50B30B109C4C ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="H:\LENOVO\Backup Set 2012-09-24 010031\Backup Files 2012-09-24 010031\Backup files 4.zip"
sh=44AC6E761F8233A01CD5C327055115241DBE80B4 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="H:\LENOVO\Backup Set 2012-10-29 010026\Backup Files 2012-10-29 010026\Backup files 5.zip"
sh=D89CEE96CEFD4F3BB048FA8D675C58D7D023B3AA ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="H:\LENOVO\Backup Set 2012-11-19 010002\Backup Files 2012-11-19 010002\Backup files 4.zip"
sh=0339B54736B0CB95D2189A44CD35A80648510121 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="H:\LENOVO\Backup Set 2012-12-17 010002\Backup Files 2012-12-17 010002\Backup files 6.zip"
sh=0A63C3FA7DD2B9A6706ABCC4CEE5A76EA5975F20 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="H:\LENOVO\Backup Set 2013-01-14 010002\Backup Files 2013-01-14 010002\Backup files 4.zip"
sh=1B458F04003F155F35623458D3D6D313C3C5B2AC ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="H:\LENOVO\Backup Set 2013-02-11 010004\Backup Files 2013-02-11 010004\Backup files 6.zip"
sh=FC05DEEFBF0C211A999BB77FF8281F30354E3661 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="H:\LENOVO\Backup Set 2013-03-04 010003\Backup Files 2013-03-04 010003\Backup files 5.zip"
sh=846EC3E43389851206846CDBF0A3084377C911CF ft=0 fh=0000000000000000 vn="Win32/Kapucen.B worm" ac=I fn="I:\UNSORTIERT\update-cd.zip"
sh=555A3C93BE78FD539A7C877193DE01F75D417E3F ft=0 fh=0000000000000000 vn="Win32/Kapucen.E worm" ac=I fn="I:\UNSORTIERT\karten.rar"
sh=9BB948F84F96ECECFCA300B3E7EF86A280776BF2 ft=0 fh=0000000000000000 vn="a variant of Win32/Agent.WRY trojan" ac=I fn="I:\UNSORTIERT\atari cdrom.zip"
sh=67FCB7EF68259D19C2C9BECE8099ED39B69094D1 ft=0 fh=0000000000000000 vn="Win16/Flooder.ICMP.ICMPBomb.A trojan" ac=I fn="I:\UNSORTIERT\TKR_isdn modem fax office SNr 0518bd016319.iso"
sh=6BEC551908FF250815814D1B03FF13B3C6957CD5 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="J:\LENOVO\Backup Set 2010-04-19 073254\Backup Files 2010-04-19 073254\Backup files 2.zip"
sh=DEB7E7FE1EEE04271D33E0FEC9F54A1B1B3D404B ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="J:\LENOVO\Backup Set 2010-05-03 010553\Backup Files 2010-05-03 010553\Backup files 2.zip"
Was mich aber wundert ist der Befall von "TKR_isdn modem fax office SNr 0518bd016319.iso", das ist eine Kopie von einer alten Original CD meiner Modemsoftware, die ist von Mitte der 1990er, da hatte ich noch einen Atari F030, entweder ist das uralte Schadsoftware oder die wurde beim erzeugen der ISO befallen ?! Im Ordner "I:\UNSORTIERT\" habe ich immer mal Treiber- und Software CDs meiner anderen (alten) Rechner zusammenkopiert, damit ich die CDs entsorgen kann. Mfg civil |
|
| Themen zu mehrere Rechner im Heimnetzwerk, wo beginnen ? |
| adware, aktuelle, anderen, anleitung, antivir, entfernen, firefox, firewall, fritzbox, gen, heimnetzwerk, javascript, keine viren, malwarebytes, mehrere rechner, neu, notebook, plugins, problem, rechner, superantispyware, tan, viren, voll, welchem, win, win7pro, windows, windows firewall |
Linear-Darstellung
