| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Virus nach installation von "hdplugin_firefox.exe" - Office und andere Programme gelöscht?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
17.03.2013, 20:38
| #1 |
 |  Virus nach installation von "hdplugin_firefox.exe" - Office und andere Programme gelöscht? Hallo, ich habe folgendes Problem: Ich habe auf einer Straming-Seite das Plugin "hdpugin_firefox.exe" herutergeladen und installiert. Das war nicht sehr schlau, das weiß ich jetzt auch. Folgendes ist passiert: - Zunächst haben sich alle laufenden Programme geschlossen, der Rechner hat angefangen richtig zu arbeiten und der Desktop ist eingefroren. Nach einem forced shutdown durch drücken des Netzschalters habe ich versucht im abgesicherten Modus hochzufahren, aber auch hier ist der Desktop nach dem Hochfahren eingefroren. - 2 Tage später habe ich den Rechner erneut - diesmal normal - hochgefahren und zunächst sah alles gut aus. Habe einen Virenscan mit avast durchgeführt und der hat 46 Viren gefunden, die alle in etwa so aussehen: Nach ein weinig Recherche habe ich festgestellt, dass das auch oft Falschmeldungen sind. Deshalb habe ich noch einen Scan mit " Malwarebytes Anti-Malware " gemacht, der diesmal nichts gefunden hat. Folgende Probleme treten auf - Alle Officeprodukte geben wenn ich sie im Startmenü öffnen möchte die Meldung "Der Vorgang ist nur für Produkte zulässig, die zurzeit installiert sind". Der Ordner in dem Office intalliert war ist so gut wie leer - In der Systemsteuerung werden nur noch ca 15 von eigentlich ca 100 programmen angezeigt, aber auch die Programme die nicht mehr angezeigt werden kann ich (mit ausnahme der Officeprodukte)noch öffnen und benutzen Scan Ergebnisse Ich habe Defogger ausgeführt (benutze Daemon Tool) und habe jetzt noch die Scans von OTL und GMER ausgeführt, hier die Ergebnisse: #OTL hxxp://www.xup.in/dl,10807976/OTL.Txt/ #Extras hxxp://www.xup.in/dl,17640144/Extras.Txt/ #GMER hxxp://www.xup.in/dl,19782411/GMER_17_03_13.log/ Ich konnte die Inhalte nicht so in den Text einfügen, weil er sonst zu lang gewesen wäre, ich hoffe es ist ok wenn ich sie verlinke. Wenn nicht, sagt bitte wie ich sie sonst hochladen soll. Wie ihr vielleicht seht benutze ich aufgrund meiner Arbeit sehr viele Programme und auch Netzwerkverbindungen, was eine Neuinstallation des Systems SEHR aufwendig machen würde. Hier noch meine Systeminformationen: Fujitsu Lifebook A Series Windows 7 64-Bit intel Core i5 2,67GhZ Noch etwas: Ich kann nicht 100% ausschliessen das ein Crack oder Keygen auf dem Rechner ist, wenn das so ist, dann sind die Dateien mindestens 4 Jahre alt und haben deshalb wohl kaum etwas mit dem bestehenden Problem zu tun. Falls irgendwo etwas auftaucht kann ich die Dateien natürlich sofort löschen. So und nun vielen Dank erstmal fürs Lesen, wäre wirklich sehr dankbar wenn mir jemand helfen kann. Noodlz |
|
18.03.2013, 12:47
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Virus nach installation von "hdplugin_firefox.exe" - Office und andere Programme gelöscht? Hallo,
__________________wenn die Logs zu groß sind bitte alle Logs zusammen in eine einzige ZIP Datei packen und hier in den Anhang posten, siehe http://www.trojaner-board.de/69886-a...tml#post566999
__________________ |
|
18.03.2013, 13:27
| #3 |
| | Virus nach installation von "hdplugin_firefox.exe" - Office und andere Programme gelöscht? Alles klar, hier die Logs als .zip
__________________Anhang 51790 |
|
18.03.2013, 13:56
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus nach installation von "hdplugin_firefox.exe" - Office und andere Programme gelöscht? Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
18.03.2013, 19:09
| #5 |
| | Virus nach installation von "hdplugin_firefox.exe" - Office und andere Programme gelöscht? Nein, wie gesagt, Malwarebites hat nichts gefunden und den von Avast habe ich oben ja gepostet. Würde auch den vollständigen posten, aber des geht nur über Screenshots, kann da keine txt exportieren oder so.. Habe jetzt festgestellt, dass es sich anscheinend (wahrscheinlich unter anderen) um den coupondropdown-Virus handelt. Das sieht dann ungefähr so aus: (bei Mouseover über "enthalten" in der ersten Zeile) |
|
18.03.2013, 23:29
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus nach installation von "hdplugin_firefox.exe" - Office und andere Programme gelöscht? Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> Virus nach installation von "hdplugin_firefox.exe" - Office und andere Programme gelöscht? |
|
19.03.2013, 13:35
| #7 |
| | Virus nach installation von "hdplugin_firefox.exe" - Office und andere Programme gelöscht? MBAR Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.18.15
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Noodlz :: NOODLZ-PC [administrator]
19.03.2013 01:41:55
mbar-log-2013-03-19 (01-41-55).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29934
Time elapsed: 11 minute(s), 43 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-19 02:44:12
-----------------------------
02:44:12.467 OS Version: Windows x64 6.1.7601 Service Pack 1
02:44:12.468 Number of processors: 4 586 0x2505
02:44:12.469 ComputerName: NOODLZ-PC UserName: Noodlz
02:44:12.986 Initialize success
02:44:13.043 AVAST engine defs: 13031800
02:45:50.293 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
02:45:50.298 Disk 0 Vendor: ST1000LM 2AR1 Size: 953869MB BusType: 3
02:45:50.433 Disk 0 MBR read successfully
02:45:50.437 Disk 0 MBR scan
02:45:50.442 Disk 0 Windows 7 default MBR code
02:45:50.447 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 82020 MB offset 2048
02:45:50.523 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 871848 MB offset 167979008
02:45:50.556 Disk 0 scanning C:\Windows\system32\drivers
02:46:01.811 Service scanning
02:46:21.792 Modules scanning
02:46:21.804 Disk 0 trace - called modules:
02:46:21.839 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys
02:46:21.846 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b83790]
02:46:22.179 3 CLASSPNP.SYS[fffff88001a3943f] -> nt!IofCallDriver -> [0xfffffa8004a5f950]
02:46:22.184 5 ACPI.sys[fffff88000fa67a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004b86050]
02:46:22.617 AVAST engine scan C:\Windows
02:46:24.359 AVAST engine scan C:\Windows\system32
02:49:01.649 AVAST engine scan C:\Windows\system32\drivers
02:49:15.296 AVAST engine scan C:\Users\Noodlz
02:54:52.399 AVAST engine scan C:\ProgramData
02:56:11.358 Scan finished successfully
08:31:25.524 Disk 0 MBR has been saved successfully to "C:\Users\Noodlz\Desktop\Virenbekämpfung\MBR.dat"
08:31:25.532 The log file has been saved successfully to "C:\Users\Noodlz\Desktop\Virenbekämpfung\aswMBR.txt"
TDSSKiller Code:
ATTFilter 12:16:41.0602 5012 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:16:41.0686 5012 ============================================================
12:16:41.0687 5012 Current date / time: 2013/03/19 12:16:41.0686
12:16:41.0687 5012 SystemInfo:
12:16:41.0687 5012
12:16:41.0687 5012 OS Version: 6.1.7601 ServicePack: 1.0
12:16:41.0687 5012 Product type: Workstation
12:16:41.0687 5012 ComputerName: NOODLZ-PC
12:16:41.0687 5012 UserName: Noodlz
12:16:41.0687 5012 Windows directory: C:\Windows
12:16:41.0687 5012 System windows directory: C:\Windows
12:16:41.0687 5012 Running under WOW64
12:16:41.0687 5012 Processor architecture: Intel x64
12:16:41.0687 5012 Number of processors: 4
12:16:41.0687 5012 Page size: 0x1000
12:16:41.0687 5012 Boot type: Normal boot
12:16:41.0687 5012 ============================================================
12:16:42.0051 5012 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:16:42.0054 5012 ============================================================
12:16:42.0054 5012 \Device\Harddisk0\DR0:
12:16:42.0054 5012 MBR partitions:
12:16:42.0054 5012 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xA032000
12:16:42.0054 5012 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xA032800, BlocksNum 0x6A6D4000
12:16:42.0054 5012 ============================================================
12:16:42.0081 5012 C: <-> \Device\Harddisk0\DR0\Partition1
12:16:42.0119 5012 D: <-> \Device\Harddisk0\DR0\Partition2
12:16:42.0119 5012 ============================================================
12:16:42.0119 5012 Initialize success
12:16:42.0119 5012 ============================================================
12:17:34.0352 3260 ============================================================
12:17:34.0352 3260 Scan started
12:17:34.0352 3260 Mode: Manual; SigCheck; TDLFS;
12:17:34.0352 3260 ============================================================
12:17:34.0630 3260 ================ Scan system memory ========================
12:17:34.0630 3260 System memory - ok
12:17:34.0631 3260 ================ Scan services =============================
12:17:34.0856 3260 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:17:34.0988 3260 1394ohci - ok
12:17:35.0026 3260 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:17:35.0045 3260 ACPI - ok
12:17:35.0081 3260 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:17:35.0190 3260 AcpiPmi - ok
12:17:35.0250 3260 [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs C:\Windows\system32\drivers\adfs.sys
12:17:35.0293 3260 adfs - ok
12:17:35.0465 3260 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:17:35.0487 3260 AdobeARMservice - ok
12:17:35.0635 3260 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:17:35.0663 3260 AdobeFlashPlayerUpdateSvc - ok
12:17:35.0723 3260 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
12:17:35.0759 3260 adp94xx - ok
12:17:35.0801 3260 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
12:17:35.0834 3260 adpahci - ok
12:17:35.0855 3260 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
12:17:35.0870 3260 adpu320 - ok
12:17:35.0900 3260 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:17:36.0028 3260 AeLookupSvc - ok
12:17:36.0069 3260 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
12:17:36.0125 3260 AFD - ok
12:17:36.0164 3260 [ 2DF431EBDB3BA7A493B3016F72B2270B ] AFSLibrary C:\Windows\system32\DRIVERS\AFSRedirLib.sys
12:17:36.0190 3260 AFSLibrary - ok
12:17:36.0209 3260 [ F987CA9B1F9D670A94053B95FFFD8CBE ] AFSRedirector C:\Windows\system32\DRIVERS\AFSRedir.sys
12:17:36.0224 3260 AFSRedirector - ok
12:17:36.0257 3260 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
12:17:36.0271 3260 agp440 - ok
12:17:36.0291 3260 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
12:17:36.0333 3260 ALG - ok
12:17:36.0365 3260 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
12:17:36.0380 3260 aliide - ok
12:17:36.0422 3260 [ 812349D328EB406815183A5D17B49E7C ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:17:36.0463 3260 AMD External Events Utility - ok
12:17:36.0499 3260 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
12:17:36.0510 3260 amdide - ok
12:17:36.0575 3260 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
12:17:36.0642 3260 AmdK8 - ok
12:17:36.0888 3260 [ 0415FFE1B6A6EA141FEAFCA57567F57F ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
12:17:37.0161 3260 amdkmdag - ok
12:17:37.0192 3260 [ DC24D6F38F17C0D643D9AA8A6852F8D0 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
12:17:37.0217 3260 amdkmdap - ok
12:17:37.0243 3260 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
12:17:37.0288 3260 AmdPPM - ok
12:17:37.0348 3260 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:17:37.0370 3260 amdsata - ok
12:17:37.0397 3260 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
12:17:37.0413 3260 amdsbs - ok
12:17:37.0428 3260 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:17:37.0439 3260 amdxata - ok
12:17:37.0468 3260 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
12:17:37.0493 3260 androidusb - ok
12:17:37.0533 3260 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
12:17:37.0645 3260 AppID - ok
12:17:37.0671 3260 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:17:37.0735 3260 AppIDSvc - ok
12:17:37.0784 3260 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
12:17:37.0874 3260 Appinfo - ok
12:17:37.0915 3260 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
12:17:37.0930 3260 arc - ok
12:17:37.0950 3260 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
12:17:37.0965 3260 arcsas - ok
12:17:38.0106 3260 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:17:38.0127 3260 aspnet_state - ok
12:17:38.0190 3260 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
12:17:38.0208 3260 aswFsBlk - ok
12:17:38.0228 3260 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
12:17:38.0241 3260 aswMonFlt - ok
12:17:38.0253 3260 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
12:17:38.0266 3260 aswRdr - ok
12:17:38.0340 3260 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
12:17:38.0380 3260 aswSnx - ok
12:17:38.0424 3260 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\Windows\system32\drivers\aswSP.sys
12:17:38.0440 3260 aswSP - ok
12:17:38.0504 3260 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
12:17:38.0514 3260 aswTdi - ok
12:17:38.0539 3260 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:17:38.0588 3260 AsyncMac - ok
12:17:38.0609 3260 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
12:17:38.0622 3260 atapi - ok
12:17:38.0677 3260 [ D6CAD7E5B05055BB8226BDCB1644DA27 ] athr C:\Windows\system32\DRIVERS\athrx.sys
12:17:38.0719 3260 athr - ok
12:17:38.0748 3260 [ FDA1E117A7E880BFF5540D180C06EA87 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
12:17:38.0758 3260 AtiHDAudioService - ok
12:17:38.0802 3260 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
12:17:38.0810 3260 AtiPcie - ok
12:17:38.0874 3260 [ 4AEF9EC86818375495FB78CA58DF4E18 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
12:17:38.0903 3260 atksgt ( UnsignedFile.Multi.Generic ) - warning
12:17:38.0903 3260 atksgt - detected UnsignedFile.Multi.Generic (1)
12:17:38.0961 3260 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:17:39.0030 3260 AudioEndpointBuilder - ok
12:17:39.0039 3260 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
12:17:39.0076 3260 AudioSrv - ok
12:17:39.0166 3260 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
12:17:39.0188 3260 avast! Antivirus - ok
12:17:39.0232 3260 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:17:39.0285 3260 AxInstSV - ok
12:17:39.0325 3260 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
12:17:39.0352 3260 b06bdrv - ok
12:17:39.0385 3260 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
12:17:39.0448 3260 b57nd60a - ok
12:17:39.0488 3260 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
12:17:39.0516 3260 BDESVC - ok
12:17:39.0539 3260 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
12:17:39.0604 3260 Beep - ok
12:17:39.0661 3260 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
12:17:39.0728 3260 BFE - ok
12:17:39.0750 3260 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
12:17:39.0809 3260 BITS - ok
12:17:39.0834 3260 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:17:39.0853 3260 blbdrive - ok
12:17:39.0890 3260 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:17:39.0922 3260 bowser - ok
12:17:39.0950 3260 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:17:39.0991 3260 BrFiltLo - ok
12:17:40.0003 3260 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:17:40.0026 3260 BrFiltUp - ok
12:17:40.0062 3260 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
12:17:40.0087 3260 Browser - ok
12:17:40.0120 3260 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:17:40.0160 3260 Brserid - ok
12:17:40.0184 3260 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:17:40.0226 3260 BrSerWdm - ok
12:17:40.0263 3260 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:17:40.0313 3260 BrUsbMdm - ok
12:17:40.0324 3260 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:17:40.0339 3260 BrUsbSer - ok
12:17:40.0373 3260 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
12:17:40.0400 3260 BthEnum - ok
12:17:40.0423 3260 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
12:17:40.0468 3260 BTHMODEM - ok
12:17:40.0495 3260 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
12:17:40.0522 3260 BthPan - ok
12:17:40.0552 3260 [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
12:17:40.0600 3260 BTHPORT - ok
12:17:40.0630 3260 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
12:17:40.0685 3260 bthserv - ok
12:17:40.0698 3260 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
12:17:40.0724 3260 BTHUSB - ok
12:17:40.0744 3260 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:17:40.0817 3260 cdfs - ok
12:17:40.0861 3260 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:17:40.0905 3260 cdrom - ok
12:17:40.0953 3260 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
12:17:41.0029 3260 CertPropSvc - ok
12:17:41.0053 3260 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
12:17:41.0093 3260 circlass - ok
12:17:41.0120 3260 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
12:17:41.0140 3260 CLFS - ok
12:17:41.0189 3260 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:17:41.0210 3260 clr_optimization_v2.0.50727_32 - ok
12:17:41.0249 3260 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:17:41.0271 3260 clr_optimization_v2.0.50727_64 - ok
12:17:41.0361 3260 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:17:41.0380 3260 clr_optimization_v4.0.30319_32 - ok
12:17:41.0410 3260 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:17:41.0429 3260 clr_optimization_v4.0.30319_64 - ok
12:17:41.0455 3260 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:17:41.0476 3260 CmBatt - ok
12:17:41.0501 3260 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:17:41.0515 3260 cmdide - ok
12:17:41.0547 3260 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
12:17:41.0578 3260 CNG - ok
12:17:41.0609 3260 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:17:41.0623 3260 Compbatt - ok
12:17:41.0656 3260 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
12:17:41.0720 3260 CompositeBus - ok
12:17:41.0734 3260 COMSysApp - ok
12:17:41.0866 3260 [ AB82A8885AB9687D82AA51A4B4F62E2D ] CoordinatorServiceHost D:\Programme\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
12:17:41.0886 3260 CoordinatorServiceHost - ok
12:17:41.0918 3260 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
12:17:41.0938 3260 crcdisk - ok
12:17:41.0970 3260 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:17:42.0019 3260 CryptSvc - ok
12:17:42.0091 3260 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:17:42.0175 3260 DcomLaunch - ok
12:17:42.0205 3260 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
12:17:42.0265 3260 defragsvc - ok
12:17:42.0302 3260 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:17:42.0372 3260 DfsC - ok
12:17:42.0410 3260 [ 105373D52E71D2D1355AD3ACD18259C3 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
12:17:42.0423 3260 dg_ssudbus - ok
12:17:42.0473 3260 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
12:17:42.0555 3260 Dhcp - ok
12:17:42.0584 3260 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
12:17:42.0638 3260 discache - ok
12:17:42.0699 3260 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
12:17:42.0723 3260 Disk - ok
12:17:42.0768 3260 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:17:42.0830 3260 Dnscache - ok
12:17:42.0868 3260 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
12:17:42.0949 3260 dot3svc - ok
12:17:42.0977 3260 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
12:17:43.0033 3260 DPS - ok
12:17:43.0068 3260 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:17:43.0093 3260 drmkaud - ok
12:17:43.0147 3260 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
12:17:43.0163 3260 dtsoftbus01 - ok
12:17:43.0205 3260 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:17:43.0243 3260 DXGKrnl - ok
12:17:43.0279 3260 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
12:17:43.0334 3260 EapHost - ok
12:17:43.0602 3260 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
12:17:43.0697 3260 ebdrv - ok
12:17:43.0719 3260 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
12:17:43.0757 3260 EFS - ok
12:17:43.0831 3260 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:17:43.0891 3260 ehRecvr - ok
12:17:43.0930 3260 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
12:17:43.0959 3260 ehSched - ok
12:17:44.0006 3260 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
12:17:44.0041 3260 elxstor - ok
12:17:44.0067 3260 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:17:44.0102 3260 ErrDev - ok
12:17:44.0135 3260 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
12:17:44.0196 3260 EventSystem - ok
12:17:44.0227 3260 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
12:17:44.0290 3260 exfat - ok
12:17:44.0321 3260 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:17:44.0406 3260 fastfat - ok
12:17:44.0451 3260 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
12:17:44.0494 3260 Fax - ok
12:17:44.0523 3260 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:17:44.0546 3260 fdc - ok
12:17:44.0580 3260 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
12:17:44.0623 3260 fdPHost - ok
12:17:44.0634 3260 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
12:17:44.0677 3260 FDResPub - ok
12:17:44.0696 3260 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:17:44.0707 3260 FileInfo - ok
12:17:44.0727 3260 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:17:44.0802 3260 Filetrace - ok
12:17:44.0879 3260 [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:17:44.0914 3260 FLEXnet Licensing Service - ok
12:17:44.0974 3260 [ F1A9C61436E12A637A647870DD6D9EEF ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
12:17:45.0017 3260 FLEXnet Licensing Service 64 - ok
12:17:45.0040 3260 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:17:45.0059 3260 flpydisk - ok
12:17:45.0103 3260 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:17:45.0134 3260 FltMgr - ok
12:17:45.0179 3260 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
12:17:45.0227 3260 FontCache - ok
12:17:45.0278 3260 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:17:45.0296 3260 FontCache3.0.0.0 - ok
12:17:45.0314 3260 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:17:45.0330 3260 FsDepends - ok
12:17:45.0363 3260 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:17:45.0377 3260 Fs_Rec - ok
12:17:45.0400 3260 [ BA0C1FFDA496D8BCBCAC63F8D98D20E3 ] FUJ02B1 C:\Windows\system32\DRIVERS\FUJ02B1.sys
12:17:45.0428 3260 FUJ02B1 - ok
12:17:45.0434 3260 [ 7135030CBF87D724B6037BB023923730 ] FUJ02E3 C:\Windows\system32\DRIVERS\FUJ02E3.sys
12:17:45.0466 3260 FUJ02E3 - ok
12:17:45.0502 3260 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:17:45.0531 3260 fvevol - ok
12:17:45.0552 3260 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
12:17:45.0565 3260 gagp30kx - ok
12:17:45.0594 3260 [ A4198F2BD8AA592CB90476277A81B5E1 ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys
12:17:45.0606 3260 ggflt - ok
12:17:45.0625 3260 [ D266350BDAAB9EB6C1AEC370EEAAFF3A ] ggsemc C:\Windows\system32\DRIVERS\ggsemc.sys
12:17:45.0638 3260 ggsemc - ok
12:17:45.0699 3260 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
12:17:45.0760 3260 gpsvc - ok
12:17:45.0841 3260 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:17:45.0862 3260 gupdate - ok
12:17:45.0887 3260 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:17:45.0904 3260 gupdatem - ok
12:17:45.0971 3260 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
12:17:45.0995 3260 gusvc - ok
12:17:46.0014 3260 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:17:46.0040 3260 hcw85cir - ok
12:17:46.0081 3260 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:17:46.0129 3260 HdAudAddService - ok
12:17:46.0151 3260 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
12:17:46.0182 3260 HDAudBus - ok
12:17:46.0219 3260 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
12:17:46.0233 3260 HECIx64 - ok
12:17:46.0264 3260 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
12:17:46.0282 3260 HidBatt - ok
12:17:46.0296 3260 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
12:17:46.0318 3260 HidBth - ok
12:17:46.0334 3260 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
12:17:46.0359 3260 HidIr - ok
12:17:46.0385 3260 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
12:17:46.0443 3260 hidserv - ok
12:17:46.0484 3260 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:17:46.0497 3260 HidUsb - ok
12:17:46.0535 3260 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:17:46.0608 3260 hkmsvc - ok
12:17:46.0641 3260 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:17:46.0705 3260 HomeGroupListener - ok
12:17:46.0735 3260 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:17:46.0763 3260 HomeGroupProvider - ok
12:17:46.0789 3260 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:17:46.0803 3260 HpSAMD - ok
12:17:46.0840 3260 [ F47CEC45FB85791D4AB237563AD0FA8F ] HTCAND64 C:\Windows\system32\Drivers\ANDROIDUSB.sys
12:17:46.0862 3260 HTCAND64 - ok
12:17:46.0895 3260 [ B8B1B284362E1D8135112573395D5DA5 ] htcnprot C:\Windows\system32\DRIVERS\htcnprot.sys
12:17:46.0909 3260 htcnprot - ok
12:17:46.0948 3260 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:17:47.0043 3260 HTTP - ok
12:17:47.0065 3260 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:17:47.0075 3260 hwpolicy - ok
12:17:47.0110 3260 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
12:17:47.0124 3260 i8042prt - ok
12:17:47.0150 3260 [ 2064090C9FAAD92C090D77E50E735B2E ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
12:17:47.0167 3260 iaStor - ok
12:17:47.0199 3260 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:17:47.0217 3260 iaStorV - ok
12:17:47.0283 3260 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:17:47.0320 3260 idsvc - ok
12:17:47.0457 3260 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
12:17:47.0619 3260 igfx - ok
12:17:47.0645 3260 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
12:17:47.0656 3260 iirsp - ok
12:17:47.0689 3260 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
12:17:47.0762 3260 IKEEXT - ok
12:17:47.0792 3260 [ 36FDF367A1DABFF903E2214023D71368 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
12:17:47.0839 3260 Impcd - ok
12:17:47.0929 3260 [ 42943BB3AB7A405B30EFF7C8283CC129 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
12:17:47.0974 3260 IntcAzAudAddService - ok
12:17:47.0992 3260 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
12:17:48.0003 3260 intelide - ok
12:17:48.0038 3260 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:17:48.0077 3260 intelppm - ok
12:17:48.0117 3260 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:17:48.0193 3260 IPBusEnum - ok
12:17:48.0212 3260 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:17:48.0271 3260 IpFilterDriver - ok
12:17:48.0303 3260 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:17:48.0349 3260 iphlpsvc - ok
12:17:48.0377 3260 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:17:48.0409 3260 IPMIDRV - ok
12:17:48.0437 3260 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:17:48.0494 3260 IPNAT - ok
12:17:48.0524 3260 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:17:48.0548 3260 IRENUM - ok
12:17:48.0571 3260 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:17:48.0587 3260 isapnp - ok
12:17:48.0602 3260 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:17:48.0623 3260 iScsiPrt - ok
12:17:48.0654 3260 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:17:48.0676 3260 kbdclass - ok
12:17:48.0702 3260 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:17:48.0725 3260 kbdhid - ok
12:17:48.0744 3260 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
12:17:48.0761 3260 KeyIso - ok
12:17:48.0787 3260 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:17:48.0803 3260 KSecDD - ok
12:17:48.0820 3260 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:17:48.0837 3260 KSecPkg - ok
12:17:48.0856 3260 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
12:17:48.0910 3260 ksthunk - ok
12:17:48.0941 3260 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
12:17:48.0990 3260 KtmRm - ok
12:17:49.0032 3260 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
12:17:49.0088 3260 LanmanServer - ok
12:17:49.0126 3260 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:17:49.0185 3260 LanmanWorkstation - ok
12:17:49.0216 3260 [ B658B7076B1ACAA5876524595630F183 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
12:17:49.0237 3260 lirsgt ( UnsignedFile.Multi.Generic ) - warning
12:17:49.0237 3260 lirsgt - detected UnsignedFile.Multi.Generic (1)
12:17:49.0368 3260 [ 20CDB07017497C94A0BAD253C4BAFCBC ] LkCitadelServer C:\Windows\SysWOW64\lkcitdl.exe
12:17:49.0408 3260 LkCitadelServer - ok
12:17:49.0437 3260 [ 777E031B6C740148E935066F37B49AF8 ] lkClassAds C:\Windows\SysWOW64\lkads.exe
12:17:49.0449 3260 lkClassAds - ok
12:17:49.0486 3260 [ 23A07F37756F44ED738BCD931EBFFCED ] lkTimeSync C:\Windows\SysWOW64\lktsrv.exe
12:17:49.0498 3260 lkTimeSync - ok
12:17:49.0533 3260 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:17:49.0590 3260 lltdio - ok
12:17:49.0626 3260 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:17:49.0737 3260 lltdsvc - ok
12:17:49.0754 3260 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:17:49.0801 3260 lmhosts - ok
12:17:49.0870 3260 [ A1C148801B4AF64847AEB9F3AD9594EF ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
12:17:49.0892 3260 LMS ( UnsignedFile.Multi.Generic ) - warning
12:17:49.0892 3260 LMS - detected UnsignedFile.Multi.Generic (1)
12:17:49.0936 3260 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
12:17:49.0957 3260 LSI_FC - ok
12:17:49.0971 3260 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
12:17:49.0991 3260 LSI_SAS - ok
12:17:50.0027 3260 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:17:50.0041 3260 LSI_SAS2 - ok
12:17:50.0065 3260 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:17:50.0080 3260 LSI_SCSI - ok
12:17:50.0111 3260 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
12:17:50.0164 3260 luafv - ok
12:17:50.0216 3260 [ 23488767CB18FC3FF39E3AF1DB3FB02C ] massfilter C:\Windows\system32\drivers\massfilter.sys
12:17:50.0247 3260 massfilter - ok
12:17:50.0281 3260 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:17:50.0307 3260 Mcx2Svc - ok
12:17:50.0334 3260 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
12:17:50.0354 3260 megasas - ok
12:17:50.0373 3260 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
12:17:50.0401 3260 MegaSR - ok
12:17:50.0438 3260 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
12:17:50.0555 3260 MMCSS - ok
12:17:50.0581 3260 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
12:17:50.0631 3260 Modem - ok
12:17:50.0686 3260 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:17:50.0716 3260 monitor - ok
12:17:50.0753 3260 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:17:50.0774 3260 mouclass - ok
12:17:50.0806 3260 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:17:50.0838 3260 mouhid - ok
12:17:50.0890 3260 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:17:50.0907 3260 mountmgr - ok
12:17:50.0936 3260 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
12:17:50.0954 3260 mpio - ok
12:17:50.0970 3260 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:17:51.0030 3260 mpsdrv - ok
12:17:51.0064 3260 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:17:51.0130 3260 MpsSvc - ok
12:17:51.0158 3260 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:17:51.0207 3260 MRxDAV - ok
12:17:51.0234 3260 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:17:51.0263 3260 mrxsmb - ok
12:17:51.0283 3260 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:17:51.0303 3260 mrxsmb10 - ok
12:17:51.0311 3260 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:17:51.0339 3260 mrxsmb20 - ok
12:17:51.0354 3260 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
12:17:51.0369 3260 msahci - ok
12:17:51.0384 3260 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:17:51.0400 3260 msdsm - ok
12:17:51.0413 3260 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
12:17:51.0430 3260 MSDTC - ok
12:17:51.0467 3260 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:17:51.0541 3260 Msfs - ok
12:17:51.0558 3260 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:17:51.0610 3260 mshidkmdf - ok
12:17:51.0623 3260 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:17:51.0635 3260 msisadrv - ok
12:17:51.0670 3260 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:17:51.0726 3260 MSiSCSI - ok
12:17:51.0729 3260 msiserver - ok
12:17:51.0754 3260 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:17:51.0801 3260 MSKSSRV - ok
12:17:51.0817 3260 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:17:51.0868 3260 MSPCLOCK - ok
12:17:51.0886 3260 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:17:51.0930 3260 MSPQM - ok
12:17:51.0961 3260 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:17:51.0978 3260 MsRPC - ok
12:17:52.0005 3260 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
12:17:52.0016 3260 mssmbios - ok
12:17:52.0096 3260 MSSQL$SQLEXPRESS - ok
12:17:52.0126 3260 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
12:17:52.0142 3260 MSSQLServerADHelper - ok
12:17:52.0172 3260 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:17:52.0235 3260 MSTEE - ok
12:17:52.0245 3260 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
12:17:52.0265 3260 MTConfig - ok
12:17:52.0280 3260 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
12:17:52.0290 3260 Mup - ok
12:17:52.0423 3260 [ 68C5321CBC7BE2FA7278809A2D6544D0 ] mxssvr D:\Programme\LabVIEW\MAX\nimxs.exe
12:17:52.0442 3260 mxssvr - ok
12:17:52.0475 3260 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
12:17:52.0560 3260 napagent - ok
12:17:52.0593 3260 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:17:52.0614 3260 NativeWifiP - ok
12:17:52.0667 3260 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
12:17:52.0697 3260 NDIS - ok
12:17:52.0729 3260 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:17:52.0773 3260 NdisCap - ok
12:17:52.0801 3260 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:17:52.0850 3260 NdisTapi - ok
12:17:52.0883 3260 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:17:52.0940 3260 Ndisuio - ok
12:17:52.0974 3260 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:17:53.0047 3260 NdisWan - ok
12:17:53.0082 3260 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:17:53.0142 3260 NDProxy - ok
12:17:53.0174 3260 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:17:53.0228 3260 NetBIOS - ok
12:17:53.0264 3260 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:17:53.0312 3260 NetBT - ok
12:17:53.0336 3260 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
12:17:53.0350 3260 Netlogon - ok
12:17:53.0372 3260 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
12:17:53.0432 3260 Netman - ok
12:17:53.0489 3260 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:17:53.0511 3260 NetMsmqActivator - ok
12:17:53.0517 3260 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:17:53.0529 3260 NetPipeActivator - ok
12:17:53.0548 3260 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
12:17:53.0612 3260 netprofm - ok
12:17:53.0633 3260 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:17:53.0644 3260 NetTcpActivator - ok
12:17:53.0647 3260 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:17:53.0657 3260 NetTcpPortSharing - ok
12:17:53.0696 3260 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
12:17:53.0720 3260 nfrd960 - ok
12:17:53.0842 3260 [ 2FADAD2DED79972C0B25570394AA519C ] NIApplicationWebServer D:\Programme\LabVIEW\Shared\NI WebServer\ApplicationWebServer.exe
12:17:53.0860 3260 NIApplicationWebServer - ok
12:17:53.0950 3260 [ B441512CE5E25B4DFF66AC5014F31EDF ] NIApplicationWebServer64 C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
12:17:53.0970 3260 NIApplicationWebServer64 - ok
12:17:54.0048 3260 [ 62E7B5EF6BEC714BC200C661BA940F54 ] NIDomainService D:\Programme\LabVIEW\Shared\Security\nidmsrv.exe
12:17:54.0075 3260 NIDomainService - ok
12:17:54.0199 3260 [ AA8896BCD689851665EFC02DC41181AC ] NILM License Manager D:\Programme\LabVIEW\Shared\License Manager\Bin\lmgrd.exe
12:17:54.0254 3260 NILM License Manager - ok
12:17:54.0331 3260 [ 902A9B8EC25EAC8C8DD5594F5866F80C ] nimDNSResponder D:\Programme\LabVIEW\Shared\mDNS Responder\nimdnsResponder.exe
12:17:54.0356 3260 nimDNSResponder - ok
12:17:54.0419 3260 [ DF0AB139C5C5ADEF39A88D7FE51F0CB4 ] NINetworkDiscovery D:\Programme\LabVIEW\Shared\NI Network Discovery\niDiscSvc.exe
12:17:54.0442 3260 NINetworkDiscovery - ok
12:17:54.0475 3260 [ D66D5FCC4911646347F9F5CD8C3F0000 ] niSvcLoc D:\Programme\LabVIEW\Shared\NI WebServer\SystemWebServer.exe
12:17:54.0494 3260 niSvcLoc - ok
12:17:54.0564 3260 [ 30B05E4E963E663E2A7D110048FD1A02 ] NITaggerService D:\Programme\LabVIEW\Shared\Tagger\tagsrv.exe
12:17:54.0597 3260 NITaggerService - ok
12:17:54.0636 3260 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:17:54.0678 3260 NlaSvc - ok
12:17:54.0728 3260 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:17:54.0766 3260 Npfs - ok
12:17:54.0790 3260 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
12:17:54.0836 3260 nsi - ok
12:17:54.0846 3260 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:17:54.0896 3260 nsiproxy - ok
12:17:54.0951 3260 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:17:54.0995 3260 Ntfs - ok
12:17:55.0006 3260 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
12:17:55.0055 3260 Null - ok
12:17:55.0087 3260 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:17:55.0100 3260 nvraid - ok
12:17:55.0112 3260 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:17:55.0126 3260 nvstor - ok
12:17:55.0164 3260 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:17:55.0189 3260 nv_agp - ok
12:17:55.0256 3260 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:17:55.0289 3260 odserv - ok
12:17:55.0324 3260 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:17:55.0361 3260 ohci1394 - ok
12:17:55.0451 3260 [ DA345DE3B450E9E1691E7B9956D8FFC3 ] OMSI download service D:\Programme\Sony Ericsson PC Suite\SupServ.exe
12:17:55.0476 3260 OMSI download service ( UnsignedFile.Multi.Generic ) - warning
12:17:55.0476 3260 OMSI download service - detected UnsignedFile.Multi.Generic (1)
12:17:55.0533 3260 [ 4B46978A6C6793312E39E0A41496E75E ] OpcEnum C:\Windows\SysWOW64\Opcenum.exe
12:17:55.0557 3260 OpcEnum - ok
12:17:55.0591 3260 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:17:55.0606 3260 ose - ok
12:17:55.0701 3260 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:17:55.0749 3260 p2pimsvc - ok
12:17:55.0792 3260 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
12:17:55.0840 3260 p2psvc - ok
12:17:55.0876 3260 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:17:55.0913 3260 Parport - ok
12:17:55.0942 3260 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:17:55.0962 3260 partmgr - ok
12:17:56.0007 3260 [ 8F873BD8188ED208922CAE9B79DD6A35 ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
12:17:56.0016 3260 PassThru Service ( UnsignedFile.Multi.Generic ) - warning
12:17:56.0016 3260 PassThru Service - detected UnsignedFile.Multi.Generic (1)
12:17:56.0031 3260 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:17:56.0086 3260 PcaSvc - ok
12:17:56.0108 3260 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
12:17:56.0122 3260 pci - ok
12:17:56.0152 3260 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
12:17:56.0165 3260 pciide - ok
12:17:56.0188 3260 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
12:17:56.0204 3260 pcmcia - ok
12:17:56.0220 3260 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
12:17:56.0232 3260 pcw - ok
12:17:56.0258 3260 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:17:56.0320 3260 PEAUTH - ok
12:17:56.0342 3260 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
12:17:56.0367 3260 PerfHost - ok
12:17:56.0422 3260 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
12:17:56.0494 3260 pla - ok
12:17:56.0527 3260 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:17:56.0564 3260 PlugPlay - ok
12:17:56.0578 3260 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:17:56.0601 3260 PNRPAutoReg - ok
12:17:56.0621 3260 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:17:56.0640 3260 PNRPsvc - ok
12:17:56.0686 3260 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:17:56.0751 3260 PolicyAgent - ok
12:17:56.0777 3260 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
12:17:56.0834 3260 Power - ok
12:17:56.0890 3260 [ 843BA5F09A391D52AC1F8486C5FC3D4F ] PowerSavingUtilityService C:\Program Files\Fujitsu\PSUtility\PSUService.exe
12:17:56.0908 3260 PowerSavingUtilityService - ok
12:17:56.0940 3260 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:17:57.0001 3260 PptpMiniport - ok
12:17:57.0023 3260 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
12:17:57.0065 3260 Processor - ok
12:17:57.0092 3260 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
12:17:57.0137 3260 ProfSvc - ok
12:17:57.0152 3260 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:17:57.0168 3260 ProtectedStorage - ok
12:17:57.0210 3260 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:17:57.0279 3260 Psched - ok
12:17:57.0353 3260 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
12:17:57.0409 3260 ql2300 - ok
12:17:57.0433 3260 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
12:17:57.0446 3260 ql40xx - ok
12:17:57.0476 3260 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
12:17:57.0506 3260 QWAVE - ok
12:17:57.0533 3260 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:17:57.0567 3260 QWAVEdrv - ok
12:17:57.0581 3260 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:17:57.0616 3260 RasAcd - ok
12:17:57.0633 3260 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:17:57.0674 3260 RasAgileVpn - ok
12:17:57.0686 3260 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
12:17:57.0723 3260 RasAuto - ok
12:17:57.0750 3260 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:17:57.0790 3260 Rasl2tp - ok
12:17:57.0838 3260 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
12:17:57.0899 3260 RasMan - ok
12:17:57.0922 3260 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:17:57.0959 3260 RasPppoe - ok
12:17:57.0970 3260 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:17:58.0023 3260 RasSstp - ok
12:17:58.0056 3260 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:17:58.0100 3260 rdbss - ok
12:17:58.0118 3260 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
12:17:58.0133 3260 rdpbus - ok
12:17:58.0150 3260 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:17:58.0212 3260 RDPCDD - ok
12:17:58.0241 3260 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:17:58.0285 3260 RDPENCDD - ok
12:17:58.0290 3260 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:17:58.0333 3260 RDPREFMP - ok
12:17:58.0369 3260 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:17:58.0396 3260 RDPWD - ok
12:17:58.0443 3260 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:17:58.0457 3260 rdyboost - ok
12:17:58.0482 3260 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:17:58.0533 3260 RemoteAccess - ok
12:17:58.0565 3260 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:17:58.0603 3260 RemoteRegistry - ok
12:17:58.0625 3260 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
12:17:58.0660 3260 RFCOMM - ok
12:17:58.0676 3260 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:17:58.0727 3260 RpcEptMapper - ok
12:17:58.0741 3260 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
12:17:58.0766 3260 RpcLocator - ok
12:17:58.0796 3260 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
12:17:58.0840 3260 RpcSs - ok
12:17:58.0880 3260 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:17:58.0916 3260 rspndr - ok
12:17:58.0943 3260 [ 4A25DC970C58104602ED274DACAFD784 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
12:17:58.0969 3260 RSUSBSTOR - ok
12:17:58.0982 3260 RTCore64 - ok
12:17:59.0025 3260 [ 4B42BC58294E83A6A92EC8B88C14C4A3 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
12:17:59.0042 3260 RTL8167 - ok
12:17:59.0046 3260 RtsUIR - ok
12:17:59.0086 3260 [ EA268BCE30691C2DD24F02E617FD2EB5 ] s0016bus C:\Windows\system32\DRIVERS\s0016bus.sys
12:17:59.0101 3260 s0016bus - ok
12:17:59.0136 3260 [ F5F9DEB89996D333EF976624D37E24E3 ] s0016mdfl C:\Windows\system32\DRIVERS\s0016mdfl.sys
12:17:59.0149 3260 s0016mdfl - ok
12:17:59.0171 3260 [ C17CE2AEE67480FEBCC36ECCB54C0BE8 ] s0016mdm C:\Windows\system32\DRIVERS\s0016mdm.sys
12:17:59.0187 3260 s0016mdm - ok
12:17:59.0214 3260 [ CC267F04C54C5EC5B7BD658D7628469F ] s0016mgmt C:\Windows\system32\DRIVERS\s0016mgmt.sys
12:17:59.0230 3260 s0016mgmt - ok
12:17:59.0247 3260 [ 30A35BBCE09D9FE67482FD62C61911FC ] s0016nd5 C:\Windows\system32\DRIVERS\s0016nd5.sys
12:17:59.0259 3260 s0016nd5 - ok
12:17:59.0289 3260 [ CA394DCC38579C7AD82E83EE64D798A0 ] s0016obex C:\Windows\system32\DRIVERS\s0016obex.sys
12:17:59.0302 3260 s0016obex - ok
12:17:59.0327 3260 [ EB267CCEA84E6E8598D92F73332AC67B ] s0016unic C:\Windows\system32\DRIVERS\s0016unic.sys
12:17:59.0341 3260 s0016unic - ok
12:17:59.0375 3260 [ 032F537623A7B2FB81AAA184C30B70C3 ] s0017bus C:\Windows\system32\DRIVERS\s0017bus.sys
12:17:59.0390 3260 s0017bus - ok
12:17:59.0417 3260 [ 9964A28E569B4FF105B446EF8978FD5C ] s0017mdfl C:\Windows\system32\DRIVERS\s0017mdfl.sys
12:17:59.0430 3260 s0017mdfl - ok
12:17:59.0443 3260 [ 06347087D274C23DCFA8C4AB5C4314DB ] s0017mdm C:\Windows\system32\DRIVERS\s0017mdm.sys
12:17:59.0460 3260 s0017mdm - ok
12:17:59.0479 3260 [ F0F0747B3FA50272DE6B1BF575FA4700 ] s0017mgmt C:\Windows\system32\DRIVERS\s0017mgmt.sys
12:17:59.0496 3260 s0017mgmt - ok
12:17:59.0513 3260 [ 7224412CEA2FF2DF7D4842C1B0E71045 ] s0017nd5 C:\Windows\system32\DRIVERS\s0017nd5.sys
12:17:59.0526 3260 s0017nd5 - ok
12:17:59.0539 3260 [ 3FEADBC7F09B8B596CBFB82F12ABA87F ] s0017obex C:\Windows\system32\DRIVERS\s0017obex.sys
12:17:59.0555 3260 s0017obex - ok
12:17:59.0571 3260 [ 2B63BEA31D939888B2A8F3F14D89B5C1 ] s0017unic C:\Windows\system32\DRIVERS\s0017unic.sys
12:17:59.0588 3260 s0017unic - ok
12:17:59.0604 3260 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
12:17:59.0622 3260 SamSs - ok
12:17:59.0645 3260 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:17:59.0657 3260 sbp2port - ok
12:17:59.0684 3260 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:17:59.0723 3260 SCardSvr - ok
12:17:59.0747 3260 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:17:59.0815 3260 scfilter - ok
12:17:59.0858 3260 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
12:17:59.0929 3260 Schedule - ok
12:17:59.0967 3260 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
12:18:00.0015 3260 SCPolicySvc - ok
12:18:00.0040 3260 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:18:00.0062 3260 SDRSVC - ok
12:18:00.0094 3260 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:18:00.0148 3260 secdrv - ok
12:18:00.0173 3260 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
12:18:00.0219 3260 seclogon - ok
12:18:00.0258 3260 [ EDE7A1D2715AAC2190D51DC07AFD44E3 ] seehcri C:\Windows\system32\DRIVERS\seehcri.sys
12:18:00.0272 3260 seehcri - ok
12:18:00.0297 3260 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
12:18:00.0348 3260 SENS - ok
12:18:00.0362 3260 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:18:00.0375 3260 SensrSvc - ok
12:18:00.0397 3260 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:18:00.0416 3260 Serenum - ok
12:18:00.0439 3260 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:18:00.0467 3260 Serial - ok
12:18:00.0501 3260 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
12:18:00.0531 3260 sermouse - ok
12:18:00.0569 3260 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
12:18:00.0652 3260 SessionEnv - ok
12:18:00.0673 3260 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:18:00.0708 3260 sffdisk - ok
12:18:00.0718 3260 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:18:00.0738 3260 sffp_mmc - ok
12:18:00.0746 3260 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:18:00.0774 3260 sffp_sd - ok
12:18:00.0788 3260 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
12:18:00.0801 3260 sfloppy - ok
12:18:00.0839 3260 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:18:00.0908 3260 SharedAccess - ok
12:18:00.0945 3260 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:18:00.0988 3260 ShellHWDetection - ok
12:18:01.0014 3260 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:18:01.0025 3260 SiSRaid2 - ok
12:18:01.0053 3260 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
12:18:01.0066 3260 SiSRaid4 - ok
12:18:01.0135 3260 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
12:18:01.0160 3260 SkypeUpdate - ok
12:18:01.0195 3260 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:18:01.0252 3260 Smb - ok
12:18:01.0290 3260 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:18:01.0326 3260 SNMPTRAP - ok
12:18:01.0375 3260 [ 4945020BC094C322571184A6E8056B3A ] SolidWorks Licensing Service C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
12:18:01.0384 3260 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - warning
12:18:01.0384 3260 SolidWorks Licensing Service - detected UnsignedFile.Multi.Generic (1)
12:18:01.0444 3260 [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
12:18:01.0460 3260 Sony PC Companion - ok
12:18:01.0497 3260 [ 12583AF6CBE0050651EAF2723B3AD7B3 ] speedfan C:\Windows\syswow64\speedfan.sys
12:18:01.0523 3260 speedfan - ok
12:18:01.0540 3260 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
12:18:01.0555 3260 spldr - ok
12:18:01.0586 3260 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
12:18:01.0637 3260 Spooler - ok
12:18:01.0722 3260 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
12:18:01.0831 3260 sppsvc - ok
12:18:01.0853 3260 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:18:01.0896 3260 sppuinotify - ok
12:18:02.0015 3260 [ 791227582A5070BD78B7E05285D13446 ] SProtection C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe
12:18:02.0079 3260 SProtection - ok
12:18:02.0135 3260 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
12:18:02.0160 3260 SQLBrowser - ok
12:18:02.0213 3260 [ 3C432A96363097870995E2A3C8B66ABD ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
12:18:02.0231 3260 SQLWriter - ok
12:18:02.0265 3260 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
12:18:02.0292 3260 srv - ok
12:18:02.0320 3260 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:18:02.0346 3260 srv2 - ok
12:18:02.0356 3260 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:18:02.0384 3260 srvnet - ok
12:18:02.0427 3260 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
12:18:02.0457 3260 ssadbus - ok
12:18:02.0479 3260 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
12:18:02.0497 3260 ssadmdfl - ok
12:18:02.0522 3260 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
12:18:02.0549 3260 ssadmdm - ok
12:18:02.0591 3260 [ D33D1BD3EC0E766211A234F56A12726D ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys
12:18:02.0624 3260 ssadserd - ok
12:18:02.0650 3260 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:18:02.0717 3260 SSDPSRV - ok
12:18:02.0737 3260 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:18:02.0775 3260 SstpSvc - ok
12:18:02.0813 3260 [ 74425FFA11C133D045E1C3BE2EAD481D ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
12:18:02.0838 3260 ssudmdm - ok
12:18:02.0855 3260 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
12:18:02.0877 3260 stexstor - ok
12:18:02.0926 3260 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
12:18:02.0987 3260 stisvc - ok
12:18:03.0010 3260 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
12:18:03.0020 3260 swenum - ok
12:18:03.0041 3260 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
12:18:03.0084 3260 swprv - ok
12:18:03.0120 3260 [ 2F827BB08CC7F1A17DF2EAD7B424D731 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
12:18:03.0148 3260 SynTP - ok
12:18:03.0193 3260 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
12:18:03.0262 3260 SysMain - ok
12:18:03.0292 3260 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:18:03.0329 3260 TabletInputService - ok
12:18:03.0341 3260 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
12:18:03.0393 3260 TapiSrv - ok
12:18:03.0423 3260 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
12:18:03.0467 3260 TBS - ok
12:18:03.0523 3260 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:18:03.0580 3260 Tcpip - ok
12:18:03.0613 3260 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:18:03.0649 3260 TCPIP6 - ok
12:18:03.0680 3260 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:18:03.0745 3260 tcpipreg - ok
12:18:03.0763 3260 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:18:03.0776 3260 TDPIPE - ok
12:18:03.0796 3260 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:18:03.0808 3260 TDTCP - ok
12:18:03.0828 3260 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:18:03.0864 3260 tdx - ok
12:18:03.0961 3260 [ 9F3E7CABE86BBDECA009DE291DB6D9E2 ] TeamViewer8 C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
12:18:04.0022 3260 TeamViewer8 - ok
12:18:04.0053 3260 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
12:18:04.0064 3260 TermDD - ok
12:18:04.0098 3260 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
12:18:04.0150 3260 TermService - ok
12:18:04.0233 3260 [ CBA4FA2089AA7A5A52EEF55B8376F144 ] TestHandler C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\HaDTMan.exe
12:18:04.0262 3260 TestHandler - ok
12:18:04.0287 3260 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
12:18:04.0338 3260 Themes - ok
12:18:04.0360 3260 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
12:18:04.0397 3260 THREADORDER - ok
12:18:04.0442 3260 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
12:18:04.0455 3260 TPM - ok
12:18:04.0567 3260 [ EDF8133C6B0E413C494BDD8CFFA39B6A ] TransarcAFSDaemon D:\Programme\OpenAFS\Client\Program\afsd_service.exe
12:18:04.0598 3260 TransarcAFSDaemon - ok
12:18:04.0624 3260 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
12:18:04.0689 3260 TrkWks - ok
12:18:04.0747 3260 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:18:04.0834 3260 TrustedInstaller - ok
12:18:04.0864 3260 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:18:04.0938 3260 tssecsrv - ok
12:18:04.0963 3260 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:18:04.0997 3260 TsUsbFlt - ok
12:18:05.0041 3260 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:18:05.0120 3260 tunnel - ok
12:18:05.0148 3260 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
12:18:05.0164 3260 uagp35 - ok
12:18:05.0199 3260 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:18:05.0251 3260 udfs - ok
12:18:05.0321 3260 [ 30B78A6296127B7A793CF42CA61B29B0 ] UI Assistant Service D:\Programme\Join Air\AssistantServices.exe
12:18:05.0342 3260 UI Assistant Service - ok
12:18:05.0368 3260 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:18:05.0392 3260 UI0Detect - ok
12:18:05.0428 3260 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:18:05.0452 3260 uliagpkx - ok
12:18:05.0480 3260 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
12:18:05.0502 3260 umbus - ok
12:18:05.0535 3260 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
12:18:05.0564 3260 UmPass - ok
12:18:05.0671 3260 [ 41118D920B2B268C0ADC36421248CDCF ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
12:18:05.0730 3260 UNS ( UnsignedFile.Multi.Generic ) - warning
12:18:05.0730 3260 UNS - detected UnsignedFile.Multi.Generic (1)
12:18:05.0762 3260 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
12:18:05.0804 3260 upnphost - ok
12:18:05.0830 3260 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:18:05.0843 3260 usbccgp - ok
12:18:05.0846 3260 USBCCID - ok
12:18:05.0881 3260 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:18:05.0898 3260 usbcir - ok
12:18:05.0922 3260 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
12:18:05.0955 3260 usbehci - ok
12:18:05.0978 3260 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:18:06.0011 3260 usbhub - ok
12:18:06.0022 3260 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:18:06.0051 3260 usbohci - ok
12:18:06.0089 3260 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:18:06.0132 3260 usbprint - ok
12:18:06.0158 3260 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
12:18:06.0197 3260 usbscan - ok
12:18:06.0225 3260 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:18:06.0275 3260 USBSTOR - ok
12:18:06.0288 3260 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
12:18:06.0320 3260 usbuhci - ok
12:18:06.0349 3260 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
12:18:06.0392 3260 usbvideo - ok
12:18:06.0418 3260 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
12:18:06.0490 3260 UxSms - ok
12:18:06.0505 3260 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
12:18:06.0517 3260 VaultSvc - ok
12:18:06.0545 3260 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:18:06.0555 3260 vdrvroot - ok
12:18:06.0600 3260 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
12:18:06.0655 3260 vds - ok
12:18:06.0692 3260 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:18:06.0720 3260 vga - ok
12:18:06.0733 3260 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
12:18:06.0781 3260 VgaSave - ok
12:18:06.0817 3260 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:18:06.0830 3260 vhdmp - ok
12:18:06.0861 3260 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
12:18:06.0872 3260 viaide - ok
12:18:06.0891 3260 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:18:06.0903 3260 volmgr - ok
12:18:06.0935 3260 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:18:06.0954 3260 volmgrx - ok
12:18:06.0966 3260 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:18:06.0983 3260 volsnap - ok
12:18:07.0016 3260 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
12:18:07.0044 3260 vsmraid - ok
12:18:07.0094 3260 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
12:18:07.0181 3260 VSS - ok
12:18:07.0211 3260 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
12:18:07.0255 3260 vwifibus - ok
12:18:07.0283 3260 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
12:18:07.0313 3260 vwififlt - ok
12:18:07.0340 3260 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
12:18:07.0362 3260 vwifimp - ok
12:18:07.0397 3260 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
12:18:07.0448 3260 W32Time - ok
12:18:07.0469 3260 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
12:18:07.0494 3260 WacomPen - ok
12:18:07.0546 3260 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:18:07.0613 3260 WANARP - ok
12:18:07.0619 3260 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:18:07.0660 3260 Wanarpv6 - ok
12:18:07.0716 3260 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
12:18:07.0767 3260 wbengine - ok
12:18:07.0791 3260 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:18:07.0819 3260 WbioSrvc - ok
12:18:07.0857 3260 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:18:07.0911 3260 wcncsvc - ok
12:18:07.0926 3260 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:18:07.0941 3260 WcsPlugInService - ok
12:18:07.0963 3260 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
12:18:07.0974 3260 Wd - ok
12:18:08.0011 3260 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:18:08.0049 3260 Wdf01000 - ok
12:18:08.0059 3260 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:18:08.0089 3260 WdiServiceHost - ok
12:18:08.0092 3260 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:18:08.0112 3260 WdiSystemHost - ok
12:18:08.0142 3260 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
12:18:08.0165 3260 WebClient - ok
12:18:08.0181 3260 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:18:08.0226 3260 Wecsvc - ok
12:18:08.0243 3260 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:18:08.0296 3260 wercplsupport - ok
12:18:08.0323 3260 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
12:18:08.0362 3260 WerSvc - ok
12:18:08.0384 3260 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:18:08.0419 3260 WfpLwf - ok
12:18:08.0436 3260 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:18:08.0446 3260 WIMMount - ok
12:18:08.0471 3260 WinDefend - ok
12:18:08.0477 3260 WinHttpAutoProxySvc - ok
12:18:08.0525 3260 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:18:08.0590 3260 Winmgmt - ok
12:18:08.0648 3260 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
12:18:08.0728 3260 WinRM - ok
12:18:08.0784 3260 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
12:18:08.0820 3260 WinUsb - ok
12:18:08.0873 3260 [ C2208229A0761B05E874E10FFB341A64 ] WirelessSelectorService C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe
12:18:08.0884 3260 WirelessSelectorService - ok
12:18:08.0923 3260 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
12:18:08.0964 3260 Wlansvc - ok
12:18:08.0991 3260 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:18:09.0004 3260 WmiAcpi - ok
12:18:09.0027 3260 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:18:09.0052 3260 wmiApSrv - ok
12:18:09.0084 3260 WMPNetworkSvc - ok
12:18:09.0111 3260 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:18:09.0136 3260 WPCSvc - ok
12:18:09.0164 3260 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:18:09.0183 3260 WPDBusEnum - ok
12:18:09.0200 3260 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:18:09.0241 3260 ws2ifsl - ok
12:18:09.0269 3260 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
12:18:09.0302 3260 wscsvc - ok
12:18:09.0306 3260 WSearch - ok
12:18:09.0379 3260 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
12:18:09.0457 3260 wuauserv - ok
12:18:09.0485 3260 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:18:09.0553 3260 WudfPf - ok
12:18:09.0584 3260 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:18:09.0635 3260 WUDFRd - ok
12:18:09.0658 3260 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:18:09.0694 3260 wudfsvc - ok
12:18:09.0715 3260 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
12:18:09.0750 3260 WwanSvc - ok
12:18:09.0828 3260 [ 24FB8DB6D1D55E2C5D0A53DFE48E6AF8 ] Yontoo Desktop Updater C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe
12:18:09.0848 3260 Yontoo Desktop Updater ( UnsignedFile.Multi.Generic ) - warning
12:18:09.0848 3260 Yontoo Desktop Updater - detected UnsignedFile.Multi.Generic (1)
12:18:09.0885 3260 [ FF5A03A65B68DB7E02A12880399D40D4 ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
12:18:09.0910 3260 ZTEusbmdm6k - ok
12:18:09.0946 3260 [ FF5A03A65B68DB7E02A12880399D40D4 ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
12:18:09.0967 3260 ZTEusbnmea - ok
12:18:09.0984 3260 [ FF5A03A65B68DB7E02A12880399D40D4 ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
12:18:10.0004 3260 ZTEusbser6k - ok
12:18:10.0037 3260 ================ Scan global ===============================
12:18:10.0063 3260 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:18:10.0096 3260 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
12:18:10.0108 3260 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
12:18:10.0137 3260 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:18:10.0171 3260 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:18:10.0179 3260 [Global] - ok
12:18:10.0180 3260 ================ Scan MBR ==================================
12:18:10.0189 3260 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:18:10.0436 3260 \Device\Harddisk0\DR0 - ok
12:18:10.0437 3260 ================ Scan VBR ==================================
12:18:10.0441 3260 [ 2E6A0CF6C3EF7050EB55662B35FFB390 ] \Device\Harddisk0\DR0\Partition1
12:18:10.0443 3260 \Device\Harddisk0\DR0\Partition1 - ok
12:18:10.0478 3260 [ 4EFDCEF5A45C745E35B633F1EDEA4DD6 ] \Device\Harddisk0\DR0\Partition2
12:18:10.0480 3260 \Device\Harddisk0\DR0\Partition2 - ok
12:18:10.0481 3260 ============================================================
12:18:10.0481 3260 Scan finished
12:18:10.0481 3260 ============================================================
12:18:10.0496 3396 Detected object count: 8
12:18:10.0496 3396 Actual detected object count: 8
12:18:35.0876 3396 atksgt ( UnsignedFile.Multi.Generic ) - skipped by user
12:18:35.0876 3396 atksgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:18:35.0878 3396 lirsgt ( UnsignedFile.Multi.Generic ) - skipped by user
12:18:35.0878 3396 lirsgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:18:35.0880 3396 LMS ( UnsignedFile.Multi.Generic ) - skipped by user
12:18:35.0880 3396 LMS ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:18:35.0881 3396 OMSI download service ( UnsignedFile.Multi.Generic ) - skipped by user
12:18:35.0881 3396 OMSI download service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:18:35.0884 3396 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:18:35.0884 3396 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:18:35.0886 3396 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:18:35.0886 3396 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:18:35.0888 3396 UNS ( UnsignedFile.Multi.Generic ) - skipped by user
12:18:35.0888 3396 UNS ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:18:35.0889 3396 Yontoo Desktop Updater ( UnsignedFile.Multi.Generic ) - skipped by user
12:18:35.0890 3396 Yontoo Desktop Updater ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:18:38.0222 5976 Deinitialize success
|
|
19.03.2013, 13:57
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus nach installation von "hdplugin_firefox.exe" - Office und andere Programme gelöscht? Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.03.2013, 15:58
| #9 |
| | Virus nach installation von "hdplugin_firefox.exe" - Office und andere Programme gelöscht? Log von Combofix Combofix Logfile: Code:
ATTFilter ComboFix 13-03-19.01 - Noodlz 19.03.2013 15:27:00.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3957.2036 [GMT 1:00]
ausgeführt von:: c:\users\Noodlz\Desktop\Virenbekõmpfung\Programme\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Windows Live\Messenger\msacm32.dll
c:\programdata\hpe736A.dll
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-19 bis 2013-03-19 ))))))))))))))))))))))))))))))
.
.
2013-03-19 14:37 . 2013-03-19 14:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-18 20:46 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD4EB2CD-886F-4B46-9DC8-0E98E4633AD8}\mpengine.dll
2013-03-17 16:13 . 2013-03-17 16:13 -------- d-----w- c:\users\Noodlz\AppData\Roaming\Malwarebytes
2013-03-17 16:13 . 2013-03-17 16:13 -------- d-----w- c:\programdata\Malwarebytes
2013-03-17 16:13 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-16 11:33 . 2013-02-02 07:31 17815040 ----a-w- c:\windows\system32\mshtml.dll
2013-03-16 11:33 . 2013-02-02 06:58 10925568 ----a-w- c:\windows\system32\ieframe.dll
2013-03-14 01:11 . 2013-03-14 01:11 -------- d-----w- c:\programdata\Iminent
2013-03-14 01:11 . 2013-03-14 01:11 -------- d-----w- c:\program files (x86)\Common Files\Umbrella
2013-03-14 01:11 . 2013-03-14 01:11 -------- d-----w- c:\program files (x86)\Iminent
2013-03-14 01:10 . 2013-03-19 14:17 -------- d-----w- c:\users\Noodlz\AppData\Roaming\Yontoo
2013-03-14 01:10 . 2013-03-14 01:10 -------- d-----w- c:\program files (x86)\Yontoo
2013-03-14 01:10 . 2013-03-14 01:10 -------- d-----w- c:\programdata\Tarma Installer
2013-03-14 01:10 . 2013-03-14 01:10 -------- d-----w- c:\program files (x86)\Movie2KDownloader.com
2013-03-14 01:10 . 2013-03-14 01:10 -------- d-----w- c:\program files (x86)\hdvidcodec.com
2013-03-13 03:12 . 2013-03-13 03:12 16486616 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-03-05 10:38 . 2013-03-05 10:37 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-24 21:40 . 1999-12-17 07:13 86016 ----a-w- c:\windows\unvise32.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-16 11:35 . 2011-04-17 20:50 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-03-13 03:12 . 2012-04-10 07:54 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 03:12 . 2011-05-26 14:33 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-05 10:37 . 2012-09-07 07:39 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-03-05 10:37 . 2011-05-11 11:23 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-01-17 00:28 . 2011-04-07 09:37 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-05 05:53 . 2013-02-13 06:42 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-13 06:42 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 06:42 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46 . 2013-02-13 06:42 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-13 06:42 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-13 06:42 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-13 06:42 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-13 06:42 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-13 06:42 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-13 06:42 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-13 06:42 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-13 06:42 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-13 06:42 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}]
2011-04-14 04:37 252832 ----a-w- c:\program files (x86)\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2013-03-13 21:26 197920 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AFS Mount Point Overlay (32-bit)]
@="{DC515C27-6CAC-11D1-BAE7-00C04FD140D2}"
[HKEY_CLASSES_ROOT\CLSID\{DC515C27-6CAC-11D1-BAE7-00C04FD140D2}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AFS Symlink Overlay (32-bit)]
@="{DC515C27-6CAC-11D1-BAE7-00C04FD140D3}"
[HKEY_CLASSES_ROOT\CLSID\{DC515C27-6CAC-11D1-BAE7-00C04FD140D3}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Noodlz\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Noodlz\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Noodlz\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NIRegistrationWizard"="d:\programme\LabVIEW\Shared\RegistrationWizard\Bin\RegistrationWizard.exe" [2010-06-21 846520]
"Yontoo Desktop"="c:\users\Noodlz\AppData\Roaming\Yontoo\YontooDesktop.exe" [2013-03-13 42784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IndicatorUtility"="c:\program files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2009-10-09 47976]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"StartCCC"="d:\treiber\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-25 343168]
"UIExec"="d:\programme\Join Air\UIExec.exe" [2010-04-27 138072]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"PDFPrint"="d:\programme\PDF24\pdf24.exe" [2012-12-12 163000]
"NI Update Service"="d:\programme\LabVIEW\Shared\Update Service\NIUpdateService.exe" [2012-06-08 851592]
"Iminent"="c:\program files (x86)\Iminent\Iminent.exe" [2013-01-25 1074736]
"IminentMessenger"="c:\program files (x86)\Iminent\Iminent.Messengers.exe" [2013-01-25 884784]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Network Identity Manager.lnk - c:\program files (x86)\MIT\Kerberos\bin\netidmgr.exe [2007-10-22 442368]
NI Error Reporting.lnk - d:\programme\LabVIEW\Shared\NI Error Reporting\nierserver.exe [2012-5-29 659648]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LaunchCenter.lnk - c:\program files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe [2010-10-11 360448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MIT_KFW]
2007-10-22 08:32 23040 ----a-w- c:\windows\SysWOW64\kfwlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 OMSI download service;Sony Ericsson OMSI download service;d:\programme\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 36328]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;d:\programme\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2009-10-15 87336]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-07-30 102240]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-06-23 1315592]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2011-06-06 13352]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-01-05 11776]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-05-08 215552]
R3 RTCore64;RTCore64;d:\programme)\RMClock\RTCore64.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 115240]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 19496]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 158760]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 137256]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 34344]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 136744]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 151592]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 113704]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 19496]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 152616]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 133160]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 34856]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 128552]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 145960]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-06-02 146920]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-07-30 203104]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R4 NIApplicationWebServer64;NI Application Web Server (64-bit);c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2012-05-22 76488]
S1 AFSRedirector;AFSRedirector;c:\windows\system32\DRIVERS\AFSRedir.sys [2012-03-14 92560]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-09 283200]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-26 204288]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 NIApplicationWebServer;NI Application Web Server;d:\programme\LabVIEW\Shared\NI WebServer\ApplicationWebServer.exe [2012-05-22 53960]
S2 nimDNSResponder;NI mDNS Responder Service;d:\programme\LabVIEW\Shared\mDNS Responder\nimdnsResponder.exe [2012-05-31 258776]
S2 NINetworkDiscovery;NI Network Discovery;d:\programme\LabVIEW\Shared\NI Network Discovery\niDiscSvc.exe [2012-06-05 169192]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-05-04 81408]
S2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe [2009-07-30 63336]
S2 SProtection;SProtection;c:\program files (x86)\Common Files\Umbrella\umbrella.exe [2013-01-25 2663976]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]
S2 UI Assistant Service;UI Assistant Service;d:\programme\Join Air\AssistantServices.exe [2010-04-27 247152]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-01 2314240]
S2 WirelessSelectorService;WirelessSelectorService;c:\program files\Fujitsu\WirelessSelector\WSUService.exe [2009-07-21 62312]
S2 Yontoo Desktop Updater;Yontoo Desktop Updater;c:\program files (x86)\Yontoo\Y2Desktop.Updater.exe [2013-03-13 23552]
S3 AFSLibrary;AFSLibrary;c:\windows\system32\DRIVERS\AFSRedirLib.sys [2012-03-14 258448]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-08-16 116240]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [2006-11-01 7296]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-11-01 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2011-06-06 34032]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 03:12]
.
2013-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-10 11:09]
.
2013-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-10 11:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}]
2011-04-14 04:37 296352 ----a-w- c:\program files (x86)\Mein Gutscheincode Finder\Internet Explorer\x64\ConversionOneIE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AFS Mount Point Overlay]
@="{5F820CA1-3DDE-11DB-B2CE-001558092DB5}"
[HKEY_CLASSES_ROOT\CLSID\{5F820CA1-3DDE-11DB-B2CE-001558092DB5}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AFS Symlink Overlay]
@="{5F820CA1-3DDE-11DB-B2CE-001558092DB6}"
[HKEY_CLASSES_ROOT\CLSID\{5F820CA1-3DDE-11DB-B2CE-001558092DB6}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Noodlz\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Noodlz\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Noodlz\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Noodlz\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2009-10-15 157544]
"LoadBtnHnd"="c:\program files\Fujitsu\Application Panel\BtnHnd.exe" [2009-10-15 35176]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-28 8312352]
"Eraser"="d:\progra~1\Eraser\Eraser.exe" [2012-05-22 980920]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.iminent.com/?appId=28F204A6-F339-461D-B54D-312F6C1F3C1D
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Alles mit FDM herunterladen - file://d:\programme\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://d:\programme\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://d:\programme\Free Download Manager\dllink.htm
IE: Free YouTube Download - c:\users\Noodlz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Noodlz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Videos mit FDM herunterladen - file://d:\programme\Free Download Manager\dlfvideo.htm
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - d:\programme\ICQ\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 130.149.7.7
FF - ProfilePath - c:\users\Noodlz\AppData\Roaming\Mozilla\Firefox\Profiles\dtocvpuv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);FF - user.js: extentions.y2layers.installId - 33d6fe87-e621-45d5-b2bf-ff6b08aa1c35
FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,buzzdock,YontooNewOffers
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-19 15:52:53
ComboFix-quarantined-files.txt 2013-03-19 14:52
.
Vor Suchlauf: 16 Verzeichnis(se), 30.032.510.976 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 31.210.180.608 Bytes frei
.
- - End Of File - - C536B9C9F9502B28273674A053A0D93F
Combofix.txt Combofix Logfile: Code:
ATTFilter ComboFix 13-03-19.01 - Noodlz 19.03.2013 15:27:00.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3957.2036 [GMT 1:00]
ausgeführt von:: c:\users\Noodlz\Desktop\Virenbekõmpfung\Programme\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Windows Live\Messenger\msacm32.dll
c:\programdata\hpe736A.dll
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-19 bis 2013-03-19 ))))))))))))))))))))))))))))))
.
.
2013-03-19 14:37 . 2013-03-19 14:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-18 20:46 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD4EB2CD-886F-4B46-9DC8-0E98E4633AD8}\mpengine.dll
2013-03-17 16:13 . 2013-03-17 16:13 -------- d-----w- c:\users\Noodlz\AppData\Roaming\Malwarebytes
2013-03-17 16:13 . 2013-03-17 16:13 -------- d-----w- c:\programdata\Malwarebytes
2013-03-17 16:13 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-16 11:33 . 2013-02-02 07:31 17815040 ----a-w- c:\windows\system32\mshtml.dll
2013-03-16 11:33 . 2013-02-02 06:58 10925568 ----a-w- c:\windows\system32\ieframe.dll
2013-03-14 01:11 . 2013-03-14 01:11 -------- d-----w- c:\programdata\Iminent
2013-03-14 01:11 . 2013-03-14 01:11 -------- d-----w- c:\program files (x86)\Common Files\Umbrella
2013-03-14 01:11 . 2013-03-14 01:11 -------- d-----w- c:\program files (x86)\Iminent
2013-03-14 01:10 . 2013-03-19 14:17 -------- d-----w- c:\users\Noodlz\AppData\Roaming\Yontoo
2013-03-14 01:10 . 2013-03-14 01:10 -------- d-----w- c:\program files (x86)\Yontoo
2013-03-14 01:10 . 2013-03-14 01:10 -------- d-----w- c:\programdata\Tarma Installer
2013-03-14 01:10 . 2013-03-14 01:10 -------- d-----w- c:\program files (x86)\Movie2KDownloader.com
2013-03-14 01:10 . 2013-03-14 01:10 -------- d-----w- c:\program files (x86)\hdvidcodec.com
2013-03-13 03:12 . 2013-03-13 03:12 16486616 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-03-05 10:38 . 2013-03-05 10:37 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-24 21:40 . 1999-12-17 07:13 86016 ----a-w- c:\windows\unvise32.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-16 11:35 . 2011-04-17 20:50 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-03-13 03:12 . 2012-04-10 07:54 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 03:12 . 2011-05-26 14:33 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-05 10:37 . 2012-09-07 07:39 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-03-05 10:37 . 2011-05-11 11:23 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-01-17 00:28 . 2011-04-07 09:37 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-05 05:53 . 2013-02-13 06:42 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-13 06:42 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 06:42 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46 . 2013-02-13 06:42 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-13 06:42 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-13 06:42 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-13 06:42 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-13 06:42 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-13 06:42 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-13 06:42 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-13 06:42 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-13 06:42 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-13 06:42 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}]
2011-04-14 04:37 252832 ----a-w- c:\program files (x86)\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2013-03-13 21:26 197920 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AFS Mount Point Overlay (32-bit)]
@="{DC515C27-6CAC-11D1-BAE7-00C04FD140D2}"
[HKEY_CLASSES_ROOT\CLSID\{DC515C27-6CAC-11D1-BAE7-00C04FD140D2}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AFS Symlink Overlay (32-bit)]
@="{DC515C27-6CAC-11D1-BAE7-00C04FD140D3}"
[HKEY_CLASSES_ROOT\CLSID\{DC515C27-6CAC-11D1-BAE7-00C04FD140D3}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Noodlz\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Noodlz\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Noodlz\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NIRegistrationWizard"="d:\programme\LabVIEW\Shared\RegistrationWizard\Bin\RegistrationWizard.exe" [2010-06-21 846520]
"Yontoo Desktop"="c:\users\Noodlz\AppData\Roaming\Yontoo\YontooDesktop.exe" [2013-03-13 42784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IndicatorUtility"="c:\program files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2009-10-09 47976]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"StartCCC"="d:\treiber\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-25 343168]
"UIExec"="d:\programme\Join Air\UIExec.exe" [2010-04-27 138072]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"PDFPrint"="d:\programme\PDF24\pdf24.exe" [2012-12-12 163000]
"NI Update Service"="d:\programme\LabVIEW\Shared\Update Service\NIUpdateService.exe" [2012-06-08 851592]
"Iminent"="c:\program files (x86)\Iminent\Iminent.exe" [2013-01-25 1074736]
"IminentMessenger"="c:\program files (x86)\Iminent\Iminent.Messengers.exe" [2013-01-25 884784]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Network Identity Manager.lnk - c:\program files (x86)\MIT\Kerberos\bin\netidmgr.exe [2007-10-22 442368]
NI Error Reporting.lnk - d:\programme\LabVIEW\Shared\NI Error Reporting\nierserver.exe [2012-5-29 659648]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LaunchCenter.lnk - c:\program files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe [2010-10-11 360448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MIT_KFW]
2007-10-22 08:32 23040 ----a-w- c:\windows\SysWOW64\kfwlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 OMSI download service;Sony Ericsson OMSI download service;d:\programme\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 36328]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;d:\programme\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2009-10-15 87336]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-07-30 102240]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-06-23 1315592]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2011-06-06 13352]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-01-05 11776]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-05-08 215552]
R3 RTCore64;RTCore64;d:\programme)\RMClock\RTCore64.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 115240]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 19496]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 158760]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 137256]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 34344]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 136744]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 151592]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 113704]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 19496]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 152616]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 133160]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 34856]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 128552]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 145960]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-06-02 146920]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-07-30 203104]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R4 NIApplicationWebServer64;NI Application Web Server (64-bit);c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2012-05-22 76488]
S1 AFSRedirector;AFSRedirector;c:\windows\system32\DRIVERS\AFSRedir.sys [2012-03-14 92560]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-09 283200]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-26 204288]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 NIApplicationWebServer;NI Application Web Server;d:\programme\LabVIEW\Shared\NI WebServer\ApplicationWebServer.exe [2012-05-22 53960]
S2 nimDNSResponder;NI mDNS Responder Service;d:\programme\LabVIEW\Shared\mDNS Responder\nimdnsResponder.exe [2012-05-31 258776]
S2 NINetworkDiscovery;NI Network Discovery;d:\programme\LabVIEW\Shared\NI Network Discovery\niDiscSvc.exe [2012-06-05 169192]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-05-04 81408]
S2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe [2009-07-30 63336]
S2 SProtection;SProtection;c:\program files (x86)\Common Files\Umbrella\umbrella.exe [2013-01-25 2663976]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]
S2 UI Assistant Service;UI Assistant Service;d:\programme\Join Air\AssistantServices.exe [2010-04-27 247152]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-01 2314240]
S2 WirelessSelectorService;WirelessSelectorService;c:\program files\Fujitsu\WirelessSelector\WSUService.exe [2009-07-21 62312]
S2 Yontoo Desktop Updater;Yontoo Desktop Updater;c:\program files (x86)\Yontoo\Y2Desktop.Updater.exe [2013-03-13 23552]
S3 AFSLibrary;AFSLibrary;c:\windows\system32\DRIVERS\AFSRedirLib.sys [2012-03-14 258448]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-08-16 116240]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [2006-11-01 7296]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-11-01 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2011-06-06 34032]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 03:12]
.
2013-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-10 11:09]
.
2013-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-10 11:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}]
2011-04-14 04:37 296352 ----a-w- c:\program files (x86)\Mein Gutscheincode Finder\Internet Explorer\x64\ConversionOneIE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AFS Mount Point Overlay]
@="{5F820CA1-3DDE-11DB-B2CE-001558092DB5}"
[HKEY_CLASSES_ROOT\CLSID\{5F820CA1-3DDE-11DB-B2CE-001558092DB5}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AFS Symlink Overlay]
@="{5F820CA1-3DDE-11DB-B2CE-001558092DB6}"
[HKEY_CLASSES_ROOT\CLSID\{5F820CA1-3DDE-11DB-B2CE-001558092DB6}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Noodlz\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Noodlz\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Noodlz\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Noodlz\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2009-10-15 157544]
"LoadBtnHnd"="c:\program files\Fujitsu\Application Panel\BtnHnd.exe" [2009-10-15 35176]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-28 8312352]
"Eraser"="d:\progra~1\Eraser\Eraser.exe" [2012-05-22 980920]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.iminent.com/?appId=28F204A6-F339-461D-B54D-312F6C1F3C1D
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Alles mit FDM herunterladen - file://d:\programme\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://d:\programme\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://d:\programme\Free Download Manager\dllink.htm
IE: Free YouTube Download - c:\users\Noodlz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Noodlz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Videos mit FDM herunterladen - file://d:\programme\Free Download Manager\dlfvideo.htm
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - d:\programme\ICQ\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 130.149.7.7
FF - ProfilePath - c:\users\Noodlz\AppData\Roaming\Mozilla\Firefox\Profiles\dtocvpuv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);FF - user.js: extentions.y2layers.installId - 33d6fe87-e621-45d5-b2bf-ff6b08aa1c35
FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,buzzdock,YontooNewOffers
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-19 15:52:53
ComboFix-quarantined-files.txt 2013-03-19 14:52
.
Vor Suchlauf: 16 Verzeichnis(se), 30.032.510.976 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 31.210.180.608 Bytes frei
.
- - End Of File - - C536B9C9F9502B28273674A053A0D93F
|
|
19.03.2013, 16:24
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus nach installation von "hdplugin_firefox.exe" - Office und andere Programme gelöscht? JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.03.2013, 20:00
| #11 |
| | Virus nach installation von "hdplugin_firefox.exe" - Office und andere Programme gelöscht? JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.2 (03.15.2013:1)
OS: Windows 7 Home Premium x64
Ran by Noodlz on 19.03.2013 at 18:54:15,26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
Successfully stopped: [Service] sprotection
Successfully deleted: [Service] sprotection
~~~ Registry Values
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\iminent
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\iminentmessenger
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2390501894-3314027886-3818468573-1001\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2390501894-3314027886-3818468573-1001\software\microsoft\internet explorer\searchscopes\\DefaultScope
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_current_user\software\1clickdownload
Successfully deleted: [Registry Key] hkey_current_user\software\ilivid
Successfully deleted: [Registry Key] hkey_local_machine\software\iminent
Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] hkey_current_user\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\yontooieclient.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\applications\ilividsetupv1.exe
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\dttoolbar.toolbandobj
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\dttoolbar.toolbandobj.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.api
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.api.1
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\ilividsetupv1_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\ilividsetupv1_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\iminentsetup_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\iminentsetup_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\setupdatamngr_searchqu_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\setupdatamngr_searchqu_rasmancs
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{bffed5ca-8bdf-47cc-aed0-23f4e6d77732}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{bffed5ca-8bdf-47cc-aed0-23f4e6d77732}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{fd72061e-9fde-484d-a58a-0bab4151cad8}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{fd72061e-9fde-484d-a58a-0bab4151cad8}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\iminent"
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\Noodlz\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\Noodlz\AppData\Roaming\pdfforge"
Failed to delete: [Folder] "C:\Users\Noodlz\AppData\Roaming\yontoo"
Successfully deleted: [Folder] "C:\Users\Noodlz\appdata\local\ilivid player"
Successfully deleted: [Folder] "C:\Users\Noodlz\appdata\locallow\boost_interprocess"
Successfully deleted: [Folder] "C:\Program Files (x86)\daemon tools toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\ilivid"
Successfully deleted: [Folder] "C:\Program Files (x86)\iminent"
Failed to delete: [Folder] "C:\Program Files (x86)\yontoo"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\umbrella"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.03.2013 at 19:02:39,43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.115 - Datei am 19/03/2013 um 19:11:17 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Noodlz - NOODLZ-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Noodlz\Desktop\Virenbekämpfung\Programme\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : Yontoo Desktop Updater
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Noodlz\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
Datei Gelöscht : C:\Users\Noodlz\AppData\Roaming\Mozilla\Firefox\Profiles\dtocvpuv.default\searchplugins\daemon-search.xml
Ordner Gelöscht : C:\Program Files (x86)\hdvidcodec.com
Ordner Gelöscht : C:\Program Files (x86)\Mein Gutscheincode Finder
Ordner Gelöscht : C:\Program Files (x86)\Movie2KDownloader.com
Ordner Gelöscht : C:\Program Files (x86)\Yontoo
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
Ordner Gelöscht : C:\Users\Noodlz\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Noodlz\AppData\Roaming\Mozilla\Firefox\Profiles\dtocvpuv.default\jetpack
Ordner Gelöscht : C:\Users\Noodlz\AppData\Roaming\Yontoo
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\Software\Umbrella
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16470
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v11.0 (de)
Datei : C:\Users\Noodlz\AppData\Roaming\Mozilla\Firefox\Profiles\dtocvpuv.default\prefs.js
C:\Users\Noodlz\AppData\Roaming\Mozilla\Firefox\Profiles\dtocvpuv.default\user.js ... Gelöscht !
Gelöscht : user_pref("extentions.y2layers.defaultEnableAppsList", "DropDownDeals,buzzdock,YontooNewOffers");
Gelöscht : user_pref("extentions.y2layers.installId", "33d6fe87-e621-45d5-b2bf-ff6b08aa1c35");
*************************
AdwCleaner[S1].txt - [5528 octets] - [19/03/2013 19:11:17]
########## EOF - C:\AdwCleaner[S1].txt - [5588 octets] ##########
Code:
ATTFilter OTL logfile created on: 3/19/2013 7:24:12 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Noodlz\Desktop\Virenbekämpfung\Programme 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.86 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 62.55% Memory free 9.86 Gb Paging File | 8.20 Gb Available in Paging File | 83.15% Paging File free Paging file location(s): c:\pagefile.sys 6144 6144 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 80.10 Gb Total Space | 28.95 Gb Free Space | 36.14% Space Free | Partition Type: NTFS Drive D: | 851.41 Gb Total Space | 378.00 Gb Free Space | 44.40% Space Free | Partition Type: NTFS Computer Name: NOODLZ-PC | User Name: Noodlz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Noodlz\Desktop\Virenbekämpfung\Programme\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) PRC - D:\Programme\PDF24\pdf24.exe (Geek Software GmbH) PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - D:\Programme\LabVIEW\Shared\Tagger\tagsrv.exe (National Instruments Corporation) PRC - D:\Programme\LabVIEW\Shared\NI Network Discovery\niDiscSvc.exe (National Instruments Corporation) PRC - D:\Programme\LabVIEW\Shared\Security\nidmsrv.exe (National Instruments Corporation) PRC - C:\Windows\SysWOW64\lktsrv.exe (National Instruments Corporation) PRC - C:\Windows\SysWOW64\lkads.exe (National Instruments Corporation) PRC - D:\Programme\LabVIEW\Shared\mDNS Responder\nimdnsResponder.exe (National Instruments Corporation) PRC - D:\Programme\LabVIEW\Shared\NI Error Reporting\nierserver.exe (National Instruments Corporation) PRC - D:\Programme\LabVIEW\MAX\nimxs.exe (National Instruments Corporation) PRC - D:\Programme\LabVIEW\Shared\NI WebServer\SystemWebServer.exe (National Instruments Corporation) PRC - D:\Programme\LabVIEW\Shared\NI WebServer\ApplicationWebServer.exe (National Instruments Corporation) PRC - C:\Windows\SysWOW64\lkcitdl.exe (National Instruments, Inc.) PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () PRC - D:\Programme\Join Air\UIExec.exe () PRC - D:\Programme\Join Air\AssistantServices.exe () PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED) PRC - D:\Programme\Sony Ericsson PC Suite\SupServ.exe () PRC - C:\Program Files (x86)\MIT\Kerberos\bin\netidmgr.exe (Massachusetts Institute of Technology) PRC - C:\Program Files (x86)\MIT\Kerberos\bin\krbcc32s.exe (Massachusetts Institute of Technology) ========== Modules (No Company Name) ========== MOD - D:\Programme\LabVIEW\Shared\NI Error Reporting\niwsrp.dll () MOD - D:\Programme\LabVIEW\Shared\License Manager\Bin\xerces-depdom_2_6.dll () MOD - D:\Programme\Join Air\UIExec.exe () ========== Services (SafeList) ========== SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.) SRV:64bit: - (NIApplicationWebServer64) -- C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe (National Instruments Corporation) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (PowerSavingUtilityService) -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe (FUJITSU LIMITED) SRV:64bit: - (WirelessSelectorService) -- C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe () SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (SolidWorks Licensing Service) -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks) SRV - (NITaggerService) -- D:\Programme\LabVIEW\Shared\Tagger\tagsrv.exe (National Instruments Corporation) SRV - (NINetworkDiscovery) -- D:\Programme\LabVIEW\Shared\NI Network Discovery\niDiscSvc.exe (National Instruments Corporation) SRV - (NIDomainService) -- D:\Programme\LabVIEW\Shared\Security\nidmsrv.exe (National Instruments Corporation) SRV - (lkTimeSync) -- C:\Windows\SysWOW64\lktsrv.exe (National Instruments Corporation) SRV - (lkClassAds) -- C:\Windows\SysWOW64\lkads.exe (National Instruments Corporation) SRV - (nimDNSResponder) -- D:\Programme\LabVIEW\Shared\mDNS Responder\nimdnsResponder.exe (National Instruments Corporation) SRV - (mxssvr) -- D:\Programme\LabVIEW\MAX\nimxs.exe (National Instruments Corporation) SRV - (niSvcLoc) -- D:\Programme\LabVIEW\Shared\NI WebServer\SystemWebServer.exe (National Instruments Corporation) SRV - (NIApplicationWebServer) -- D:\Programme\LabVIEW\Shared\NI WebServer\ApplicationWebServer.exe (National Instruments Corporation) SRV - (OpcEnum) -- C:\Windows\SysWOW64\Opcenum.exe (OPC Foundation) SRV - (TransarcAFSDaemon) -- D:\Programme\OpenAFS\Client\Program\afsd_service.exe (OpenAFS Project) SRV - (Sony PC Companion) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe (Avanquest Software) SRV - (LkCitadelServer) -- C:\Windows\SysWOW64\lkcitdl.exe (National Instruments, Inc.) SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () SRV - (TestHandler) -- C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\HaDTMan.exe (Fujitsu Technology Solutions) SRV - (NILM License Manager) -- D:\Programme\LabVIEW\Shared\License Manager\Bin\lmgrd.exe (Macrovision Corporation) SRV - (UI Assistant Service) -- D:\Programme\Join Air\AssistantServices.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (CoordinatorServiceHost) -- D:\Programme\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe (Dassault Systèmes SolidWorks Corp.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (OMSI download service) -- D:\Programme\Sony Ericsson PC Suite\SupServ.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software) DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software) DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software) DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (AFSLibrary) -- C:\Windows\SysNative\drivers\AFSRedirLib.sys (OpenAFS Project) DRV:64bit: - (AFSRedirector) -- C:\Windows\SysNative\drivers\AFSRedir.sys (OpenAFS Project) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (seehcri) -- C:\Windows\SysNative\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation) DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation) DRV:64bit: - (ssadserd) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation) DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.) DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV:64bit: - (s0017unic) -- C:\Windows\SysNative\drivers\s0017unic.sys (MCCI Corporation) DRV:64bit: - (s0017obex) -- C:\Windows\SysNative\drivers\s0017obex.sys (MCCI Corporation) DRV:64bit: - (s0017nd5) -- C:\Windows\SysNative\drivers\s0017nd5.sys (MCCI Corporation) DRV:64bit: - (s0017mdm) -- C:\Windows\SysNative\drivers\s0017mdm.sys (MCCI Corporation) DRV:64bit: - (s0017mgmt) -- C:\Windows\SysNative\drivers\s0017mgmt.sys (MCCI Corporation) DRV:64bit: - (s0017mdfl) -- C:\Windows\SysNative\drivers\s0017mdfl.sys (MCCI Corporation) DRV:64bit: - (s0017bus) -- C:\Windows\SysNative\drivers\s0017bus.sys (MCCI Corporation) DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.) DRV:64bit: - (s0016mdm) -- C:\Windows\SysNative\drivers\s0016mdm.sys (MCCI Corporation) DRV:64bit: - (s0016unic) -- C:\Windows\SysNative\drivers\s0016unic.sys (MCCI Corporation) DRV:64bit: - (s0016mgmt) -- C:\Windows\SysNative\drivers\s0016mgmt.sys (MCCI Corporation) DRV:64bit: - (s0016obex) -- C:\Windows\SysNative\drivers\s0016obex.sys (MCCI Corporation) DRV:64bit: - (s0016nd5) -- C:\Windows\SysNative\drivers\s0016nd5.sys (MCCI Corporation) DRV:64bit: - (s0016mdfl) -- C:\Windows\SysNative\drivers\s0016mdfl.sys (MCCI Corporation) DRV:64bit: - (s0016bus) -- C:\Windows\SysNative\drivers\s0016bus.sys (MCCI Corporation) DRV:64bit: - (FUJ02E3) -- C:\Windows\SysNative\drivers\fuj02e3.sys (FUJITSU LIMITED) DRV:64bit: - (FUJ02B1) -- C:\Windows\SysNative\drivers\fuj02b1.sys (FUJITSU LIMITED) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{F1DC9CAE-EFB0-4DDF-934A-9A3B4D3C1A5A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSF IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{AB5303EB-EDA0-4405-A6C2-348CFC6FFAE6}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSF IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\.DEFAULT\..\SearchScopes,defaultscope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-18\..\SearchScopes,defaultscope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-19\..\SearchScopes,defaultscope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-20\..\SearchScopes,defaultscope = IE - HKU\S-1-5-21-2390501894-3314027886-3818468573-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectd [Binary data over 200 bytes] IE - HKU\S-1-5-21-2390501894-3314027886-3818468573-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-2390501894-3314027886-3818468573-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2390501894-3314027886-3818468573-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: D:\Programme\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: D:\Programme\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\Programme\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: D:\Programme\SE Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/22 13:12:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/01/04 22:15:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: D:\Programme\Mozilla Firefox\components [2013/03/08 16:13:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2013/03/18 22:52:57 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files (x86)\Mein Gutscheincode Finder\Firefox FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: D:\Programme\Mozilla Firefox\components [2013/03/08 16:13:55 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2013/03/18 22:52:57 | 000,000,000 | ---D | M] [2011/04/08 18:20:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Noodlz\AppData\Roaming\mozilla\Extensions [2013/03/18 22:33:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Noodlz\AppData\Roaming\mozilla\Firefox\Profiles\dtocvpuv.default\extensions [2012/12/13 11:28:03 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\Users\Noodlz\AppData\Roaming\mozilla\Firefox\Profiles\dtocvpuv.default\extensions\fdm_ffext@freedownloadmanager.org [2012/12/13 11:28:03 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Noodlz\AppData\Roaming\mozilla\firefox\profiles\dtocvpuv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013/02/14 17:55:35 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Noodlz\AppData\Roaming\mozilla\firefox\profiles\dtocvpuv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi O1 HOSTS File: ([2013/03/19 15:37:33 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Eraser] D:\Programme\Eraser\Eraser.exe (The Eraser Project) O4:64bit: - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [NI Update Service] D:\Programme\LabVIEW\Shared\Update Service\NIUpdateService.exe (National Instruments) O4 - HKLM..\Run: [PDFPrint] D:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [StartCCC] D:\Treiber\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UIExec] D:\Programme\Join Air\UIExec.exe () O4 - HKU\S-1-5-21-2390501894-3314027886-3818468573-1001..\Run: [NIRegistrationWizard] D:\Programme\LabVIEW\Shared\RegistrationWizard\Bin\RegistrationWizard.exe () O4 - HKU\S-1-5-21-2390501894-3314027886-3818468573-1001..\Run: [Yontoo Desktop] "C:\Users\Noodlz\AppData\Roaming\Yontoo\YontooDesktop.exe" File not found O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk = C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk = C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2390501894-3314027886-3818468573-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2390501894-3314027886-3818468573-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2390501894-3314027886-3818468573-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - D:\Programme\Free Download Manager\dlall.htm () O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - D:\Programme\Free Download Manager\dlselected.htm () O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - D:\Programme\Free Download Manager\dllink.htm () O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Noodlz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Noodlz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - D:\Programme\Free Download Manager\dlfvideo.htm () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Alles mit FDM herunterladen - D:\Programme\Free Download Manager\dlall.htm () O8 - Extra context menu item: Auswahl mit FDM herunterladen - D:\Programme\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - D:\Programme\Free Download Manager\dllink.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Noodlz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Noodlz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Videos mit FDM herunterladen - D:\Programme\Free Download Manager\dlfvideo.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - D:\Programme\ICQ\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - D:\Programme\ICQ\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - D:\Programme\LabVIEW\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 10.17.2) O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30EF018C-6A46-47DF-86E6-89DC5E0FF9CA}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{38A3942C-CF91-4B56-9245-75B92101B25D}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86C74059-2028-4152-909B-36601BA6C82B}: DhcpNameServer = 130.149.7.7 193.174.75.142 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\AfsLogon: DllName - (D:\Programme\OpenAFS\Client\Program\afslogon.dll) - D:\Programme\OpenAFS\Client\Program\afslogon.dll (OpenAFS Project) O20 - Winlogon\Notify\MIT_KFW: DllName - (C:\Windows\SysWOW64\kfwlogon.dll) - C:\Windows\SysWOW64\kfwlogon.dll (Massachusetts Institute of Technology.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/03/19 18:54:12 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013/03/19 18:53:51 | 000,000,000 | ---D | C] -- C:\JRT [2013/03/19 16:22:23 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2013/03/19 16:16:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/03/19 15:25:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/03/19 15:25:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/03/19 15:25:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/03/19 15:24:51 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/03/19 15:24:26 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/03/17 18:22:00 | 000,000,000 | ---D | C] -- C:\Users\Noodlz\Desktop\Virenbekämpfung [2013/03/17 17:13:52 | 000,000,000 | ---D | C] -- C:\Users\Noodlz\AppData\Roaming\Malwarebytes [2013/03/17 17:13:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware [2013/03/17 17:13:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/03/17 17:13:41 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/03/16 12:34:09 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013/03/16 12:34:09 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/03/16 12:34:08 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/03/16 12:34:08 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013/03/16 12:34:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013/03/16 12:34:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/03/16 12:34:08 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013/03/16 12:34:08 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013/03/16 12:34:07 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013/03/16 12:34:07 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013/03/16 12:34:06 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/03/16 12:34:06 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/03/16 12:34:04 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/03/16 12:34:04 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/03/16 12:34:04 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013/03/13 04:12:11 | 016,486,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [2013/03/05 11:38:16 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013/03/05 11:38:10 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013/03/05 11:38:10 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013/03/05 11:38:10 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013/02/24 22:40:57 | 000,086,016 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe [2013/02/24 22:40:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Postal 2 ========== Files - Modified Within 30 Days ========== [2013/03/19 19:22:59 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/03/19 19:22:59 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/03/19 19:15:50 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/03/19 19:15:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/03/19 19:15:06 | 3111,567,360 | -HS- | M] () -- C:\hiberfil.sys [2013/03/19 19:12:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/03/19 19:09:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/03/19 19:08:55 | 000,034,959 | ---- | M] () -- C:\Users\Noodlz\Desktop\Unbenannt.png [2013/03/19 15:37:33 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013/03/19 08:55:20 | 003,077,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/03/19 02:43:53 | 000,000,000 | ---- | M] () -- C:\Users\Noodlz\defogger_reenable [2013/03/14 02:11:25 | 000,000,274 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog [2013/03/13 12:43:18 | 001,753,422 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/03/13 12:43:18 | 000,747,300 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013/03/13 12:43:18 | 000,701,972 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/03/13 12:43:18 | 000,166,998 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013/03/13 12:43:18 | 000,139,778 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/03/13 04:12:16 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/03/13 04:12:16 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/03/13 04:12:11 | 016,486,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [2013/03/06 13:32:42 | 000,001,435 | ---- | M] () -- C:\Users\Noodlz\AppData\Local\recently-used.xbel [2013/03/05 11:37:55 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013/03/05 11:37:55 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013/03/05 11:37:55 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013/03/05 11:37:55 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013/03/05 11:37:54 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll [2013/03/05 11:37:54 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013/03/02 14:51:58 | 000,000,966 | ---- | M] () -- C:\Users\Noodlz\Documents\Mappe1.csv [2013/02/26 21:39:24 | 000,001,094 | ---- | M] () -- C:\Users\Noodlz\Documents\Luftdruck_Tempelhof.csv [2013/02/22 12:00:19 | 000,000,896 | ---- | M] () -- C:\Users\Noodlz\Desktop\Auswertung Tools - Verknüpfung.lnk ========== Files Created - No Company Name ========== [2013/03/19 19:07:32 | 000,034,959 | ---- | C] () -- C:\Users\Noodlz\Desktop\Unbenannt.png [2013/03/19 15:25:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/03/19 15:25:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/03/19 15:25:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/03/19 15:25:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/03/19 15:25:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/03/19 02:43:53 | 000,000,000 | ---- | C] () -- C:\Users\Noodlz\defogger_reenable [2013/03/14 02:11:22 | 000,000,274 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog [2013/03/06 13:32:42 | 000,001,435 | ---- | C] () -- C:\Users\Noodlz\AppData\Local\recently-used.xbel [2013/03/02 14:51:56 | 000,000,966 | ---- | C] () -- C:\Users\Noodlz\Documents\Mappe1.csv [2013/02/26 21:39:21 | 000,001,094 | ---- | C] () -- C:\Users\Noodlz\Documents\Luftdruck_Tempelhof.csv [2013/02/22 12:00:19 | 000,000,896 | ---- | C] () -- C:\Users\Noodlz\Desktop\Auswertung Tools - Verknüpfung.lnk [2012/07/30 13:16:18 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012/07/30 13:16:18 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012/07/30 13:16:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012/07/30 13:16:18 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012/07/08 18:11:01 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2012/06/25 17:09:46 | 000,010,641 | ---- | C] () -- C:\Users\Noodlz\AppData\Local\Temp_table.xml [2012/06/25 17:04:46 | 000,000,000 | ---- | C] () -- C:\Users\Noodlz\AppData\Local\Temptable.xml [2012/06/23 11:07:16 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI [2012/05/23 14:50:42 | 000,000,244 | ---- | C] () -- C:\Windows\SysWow64\nirpc.ini [2012/03/26 21:44:12 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2012/03/26 21:44:12 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2012/03/26 21:44:11 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2012/01/04 20:30:13 | 000,017,408 | ---- | C] () -- C:\Users\Noodlz\AppData\Local\WebpageIcons.db [2011/12/08 22:51:44 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2011/12/08 22:51:44 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2011/12/08 22:51:44 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2011/12/08 22:34:26 | 000,031,009 | ---- | C] () -- C:\Windows\DIIUnin.dat [2011/10/26 02:38:38 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2011/10/26 02:38:38 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011/10/25 21:21:48 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll [2011/10/25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll [2011/10/05 18:38:29 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin [2011/09/12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011/05/19 16:13:06 | 001,731,316 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/05/13 00:20:49 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011/05/03 21:47:41 | 000,006,656 | ---- | C] () -- C:\Users\Noodlz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/04/12 23:08:23 | 000,007,606 | ---- | C] () -- C:\Users\Noodlz\AppData\Local\Resmon.ResmonCfg [2011/04/08 18:33:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011/04/07 18:16:40 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:58DD92AC < End of report > Code:
ATTFilter OTL Extras logfile created on: 3/19/2013 7:24:12 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Noodlz\Desktop\Virenbekämpfung\Programme
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.86 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 62.55% Memory free
9.86 Gb Paging File | 8.20 Gb Available in Paging File | 83.15% Paging File free
Paging file location(s): c:\pagefile.sys 6144 6144 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 80.10 Gb Total Space | 28.95 Gb Free Space | 36.14% Space Free | Partition Type: NTFS
Drive D: | 851.41 Gb Total Space | 378.00 Gb Free Space | 44.40% Space Free | Partition Type: NTFS
Computer Name: NOODLZ-PC | User Name: Noodlz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2390501894-3314027886-3818468573-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- D:\Programme\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "D:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- D:\Programme\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "D:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CB5762A-FDCB-41D4-A26B-0106BCD43DE7}" = lport=137 | protocol=17 | dir=in | app=system |
"{1156ECB8-6259-4993-9684-2A5B1034C1BE}" = lport=7001 | protocol=17 | dir=in | app=d:\programme\openafs\client\program\afsd_service.exe |
"{159D57C0-8E33-4796-B61B-9E9402134F3C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{17CAC721-D987-41B9-BB5F-A5AB0F787391}" = rport=137 | protocol=17 | dir=out | app=system |
"{1EF0335D-8DE9-4903-86DA-3810B46FF70C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2FB2FF5B-F167-4FA5-A4C8-E017924E3C0F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{31CEBBB2-BA17-4ABE-B8BE-5EC10695B48C}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{3F2853F1-01BC-4899-A789-24033BC8F8D5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{53D6AF4D-350C-45A4-9C35-ABC41733325F}" = lport=6004 | protocol=17 | dir=in | app=d:\programme\microsoft office\office12\outlook.exe |
"{567A325B-06D2-4709-9727-036653324336}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5F3C6AFA-5F7B-4D3F-8EE4-6D6CA2386AFF}" = rport=445 | protocol=6 | dir=out | app=system |
"{611388FF-7152-4A62-9323-F2E107B9899B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6314ED6B-3FAB-43C5-AB01-8BCA3A9F05E4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6D125C54-5205-4038-BD05-6D0E2F126E3E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{76473D15-B757-4790-A6BA-C6929360E3C9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7F50B811-8C1D-46A5-8BA5-10DC926829F5}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{8E58382C-466C-40B8-94D7-4CE5BE0A40BE}" = rport=139 | protocol=6 | dir=out | app=system |
"{A8B3D5B9-C2BC-4B55-BA6E-2FDBA2779013}" = lport=138 | protocol=17 | dir=in | app=system |
"{B461703E-EA9C-46EC-8BD0-8E090CAABBF9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BB1BC277-E2F3-42FA-A4AA-1CAD302040B0}" = rport=138 | protocol=17 | dir=out | app=system |
"{C48B4686-C703-4DA9-9F38-F4FD58642EA5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CAF91BA7-A314-48A8-B94D-21FE3AFA33DE}" = lport=139 | protocol=6 | dir=in | app=system |
"{CC8E4986-E9F7-41A1-878A-B838B22D4713}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CD4A55A3-AC69-4910-B11D-11764353D2A1}" = lport=3580-3581 | protocol=17 | dir=in | app=d:\programme\labview\shared\ni webserver\systemwebserver.exe |
"{D75D2866-9F4C-4082-8432-3544324CF93E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DCB85339-FE0B-4C7C-964B-D549B2D218F0}" = lport=445 | protocol=6 | dir=in | app=system |
"{DE8A77A6-9CEE-4309-BFAC-0F3F2744A867}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{E9F3CA92-CAD3-46F6-BDA4-C9D733553497}" = lport=3580-3581 | protocol=6 | dir=in | app=d:\programme\labview\shared\ni webserver\systemwebserver.exe |
"{F48A5F5C-D4E6-4E01-8444-86174B882B6A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F8662B4D-55E0-4603-B8B2-D4C46961A1F9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FAC5D362-4385-4FAA-BFA5-BDBD57009465}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FC422EE9-A8DC-4A1B-8E18-26239B7234AA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06D814BA-8A02-4484-B074-F15A447EAE81}" = protocol=6 | dir=in | app=d:\programme\sony ericsson update service\update service.exe |
"{0CBC8E92-397B-4A2F-8D66-07C29FD2D30E}" = protocol=17 | dir=in | app=d:\programme\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe |
"{0E683E00-2BFA-46B1-8D9A-717F0538EAC2}" = protocol=6 | dir=in | app=d:\programme\maxwell\maxwell13\ansoftrsmservice.exe |
"{1CE95789-91E1-4A07-A25E-ED1A3E07A2C8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{208081D6-E56A-48E0-8D75-B071FEF237D1}" = protocol=6 | dir=in | app=d:\programme\maxwell\maxwell13\ansoftrsmservice.exe |
"{21EF876A-D77F-4B50-84C6-101500E5AE91}" = protocol=6 | dir=in | app=c:\users\noodlz\appdata\roaming\dropbox\bin\dropbox.exe |
"{22EC3136-CADE-4416-9D77-F40268D55AD2}" = protocol=6 | dir=in | app=d:\programme\labview\shared\ni webserver\applicationwebserver.exe |
"{23EBF342-9CB7-45DC-B3F8-718B6236E0B4}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{308F3486-093F-40EE-BC00-79753E73051B}" = protocol=6 | dir=in | app=d:\programme\icq\icq7.7\icq.exe |
"{3176C4FC-3372-48D0-B20C-675675BD1465}" = protocol=6 | dir=in | app=d:\programme\maxwell\maxwell13\desktopproxy.exe |
"{32BD7673-4D5E-402C-B134-C612F68004A7}" = protocol=17 | dir=in | app=c:\users\noodlz\appdata\roaming\dropbox\bin\dropbox.exe |
"{337AECB9-454B-4AD2-ADBC-7959688EC33E}" = protocol=6 | dir=in | app=d:\programme\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe |
"{33D7F06A-C3B7-4662-B95C-892B7F8A04FB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3474C44E-D378-4F68-9A81-6268DFEB7C69}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{35D54F1D-B967-4F98-8A0A-C8E4F3CB9637}" = protocol=6 | dir=in | app=d:\programme\maxwell\maxwell13\desktopproxy.exe |
"{3AAB3734-B1EF-4C6E-A813-3F7ACCAB2343}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3B848BF1-A2CB-49D8-BEDD-6E15C4BDB929}" = protocol=17 | dir=in | app=d:\programme\labview\shared\ni webserver\applicationwebserver.exe |
"{3C6EAD07-1556-4EE5-A099-9670C0AF8DFA}" = protocol=6 | dir=in | app=d:\programme\maxwell\maxwell13\maxwell.exe |
"{3D060E5C-F72F-41AA-8B70-7CD7EC338B1D}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4010AA37-9F85-4FDA-8098-9393AF303F90}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{40F4C3A7-2A57-4E81-94CC-06A5C8EA5797}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{433802C4-3077-4E86-BE0C-0D864864BED8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{45A0DA5A-6522-47C0-9B11-5C2CE0D615EF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4D9CB16E-BDC2-4625-A36C-DE1DF2B134F5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4F08CF52-B016-4A68-944C-1304C9C0BE35}" = protocol=6 | dir=in | app=c:\program files\national instruments\shared\ni webserver\applicationwebserver.exe |
"{517CE38F-010B-46BC-949F-2F81D5F228F6}" = dir=in | app=c:\program files (x86)\iminent\iminent.messengers.exe |
"{56508F3E-8EB2-4C5B-AA8E-66E6D0AC48F4}" = protocol=6 | dir=in | app=d:\programme\maxwell\maxwell13\maxwell.exe |
"{56E9BC69-2F4F-4A2F-A5A7-296A9AC8E254}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{585AEF4B-E14A-4C31-97CC-3BE0D2E42CBA}" = protocol=17 | dir=in | app=d:\programme\icq\icq7.7\icq.exe |
"{58ACFE06-E01E-4688-A719-CDAFF1803030}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5F5525D2-406D-47D0-906F-AC50659202B2}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{5FA51233-9ED3-4F1A-BC84-BC66FD84E6E2}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{62268856-9647-461F-ABCB-C8264920B25D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{64049C9C-7810-486F-AC9D-36C9E4C05244}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{652C238E-A3F0-4269-BE50-29FE764DF57F}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{77793A58-9819-4645-B67B-8705AE95FE71}" = protocol=17 | dir=in | app=d:\programme\maxwell\maxwell13\ansoftrsmservice.exe |
"{797783B0-8051-4990-89B6-1CA028612AEA}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{7BA34FE5-7689-4B1F-A376-D59A151AB77E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7F888A8D-F118-4F9F-954F-FDF8E9869AEC}" = protocol=6 | dir=out | app=system |
"{862E284E-8ADF-4F29-8091-AA7ECAD9CFF6}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{8862AA0E-CF7B-4FCD-BF7D-C191311E5A4A}" = dir=in | app=c:\program files (x86)\iminent\iminent.exe |
"{91162102-7BD6-4E93-A4CF-664AD6246D50}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{96B9AD31-F4B5-4355-B21C-FACEFE8473F6}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{983130B9-CDE1-4D1D-8BC1-A4F49D0873C8}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{A307C18B-2960-4E18-9DA2-0AB7BBF0DA10}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A4D0B0C0-9006-4726-AC16-E42DA9989900}" = protocol=17 | dir=in | app=d:\programme\sony ericsson update service\update service.exe |
"{A7398895-FFD3-4162-8DB8-8F86B2B7C888}" = protocol=17 | dir=in | app=d:\programme\maxwell\maxwell13\desktopproxy.exe |
"{AE7CCD60-2EE5-489A-B45F-A89F823DFCBC}" = protocol=17 | dir=in | app=d:\programme\maxwell\maxwell13\desktopproxy.exe |
"{AE9A8844-582B-463A-875A-FB6927FD0E31}" = protocol=17 | dir=in | app=d:\programme\maxwell\maxwell13\maxwell.exe |
"{B199AD24-9F77-4F8F-8915-6F393042DF2D}" = protocol=6 | dir=in | app=d:\programme\icq\icq7.7\icq.exe |
"{B56033FD-F1B6-438D-9463-170B4D427C01}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B638E6A7-07EC-4C65-A0B6-7CD5027E9C0C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B6C7DF3F-F2FB-4E40-B2F3-9D90003D05E7}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{BF580D28-494D-4B25-820C-678AFF3516B3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C0B86426-D62C-47DA-A3D2-C006C497D09F}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C229CA86-D1D2-4089-A45B-2E31E803BAF1}" = protocol=17 | dir=in | app=c:\program files\national instruments\shared\ni webserver\applicationwebserver.exe |
"{C2330E40-556F-428D-B588-8993B2007E8C}" = protocol=17 | dir=in | app=d:\programme\icq\icq7.7\icq.exe |
"{C7F405F9-DB13-4C56-8CF2-CD5325529DF8}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{D4026AF0-DA74-443A-B807-27394A9B3EC8}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{D48AC922-D8F6-48DA-A6E4-1A08446169C5}" = protocol=17 | dir=in | app=d:\programme\maxwell\maxwell13\ansoftrsmservice.exe |
"{D6679AED-ED88-43E5-A29D-D81545F2D38F}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{D921B6B6-69F6-4CE6-83B3-D785BCB1B83A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{E16AA0ED-9EFD-40A9-B50B-3DE46B6430DF}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{F1B153E4-E0DD-4C67-A3B4-3CAF2CDEAEF5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F499F5F2-2F3E-4F8E-9E3E-55E94F229645}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{F5C13C43-6F56-40A7-AACA-271CD3E57678}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{F73A183A-545A-4182-ABE7-AA1D1F67D0C3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F911AFBF-E474-46C2-A8B3-371292AB2363}" = protocol=17 | dir=in | app=d:\programme\maxwell\maxwell13\maxwell.exe |
"{FC2E0057-A337-4701-9B39-EBA2ED8BE756}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"TCP Query User{13C0712B-55E0-4F6D-89B5-160938AD4AEF}C:\Program Files (x86)\Java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{CEDCD6B5-3CA5-4BC6-BA48-98243CDCF846}D:\programme\winamp\winamp.exe" = protocol=6 | dir=in | app=d:\programme\winamp\winamp.exe |
"TCP Query User{E2920E67-445B-4A5B-935A-1805055AE99C}C:\users\noodlz\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\noodlz\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{4AF6A6C8-010A-47B0-9EF4-FAE06A7F2041}C:\Program Files (x86)\Java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{A80BE48B-1332-4619-A6C4-D4580F24D967}D:\programme\winamp\winamp.exe" = protocol=17 | dir=in | app=d:\programme\winamp\winamp.exe |
"UDP Query User{EDD0FBEE-272E-4659-940B-486D07BEC9F0}C:\users\noodlz\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\noodlz\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000A570E-F926-4808-956C-A57EE91B75F6}" = NI TDM Streaming 2.4 (64 Bit)
"{00606A59-716C-484A-AE64-5F7E3F23B3BD}" = NI GMP Windows 64-bit Installer 12.0.0
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07E00E94-7A78-40FA-9BEF-71C190E98041}" = NI VC2008MSMs x64
"{0C2486A3-EF0D-4C6C-9947-C63D6E8C6E4C}" = NI LabWindows/CVI 2010 SP1 Network Variable Library (64-bit)
"{0EA4894B-C99B-48E4-976A-94B55CB89239}" = NI MXS 5.3.0 for 64 Bit Windows
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series" = Canon MG5100 series MP Drivers
"{176468CE-41AB-4A9A-AC38-45A146D39688}" = NI LabWindows/CVI 2010 SP1 Run-Time Engine (64-bit)
"{197B80EB-D791-4DA4-9398-B5F029738E22}" = NI System State Publisher (64-bit)
"{1E0A5B20-9D36-4861-BEF8-9B9B4C278218}" = NI TDM Excel Add-In 3.4 64-bit
"{20971CBE-1866-404E-BAA7-62A8FB62CB22}" = OpenAFS for Windows (64-bit)
"{20F3F8E0-7CCF-4A4E-A23C-58B188E87F4F}" = NI System Configuration Runtime 5.3.0 for Windows 64-bit
"{25DECAB0-6580-4B9C-8174-5AC6C9E2D823}" = NI LabWindows/CVI 2010 SP1 TDM Streaming Library (64-bit)
"{28324488-BF50-488F-BE40-6ED3CFA40C26}" = NI Variable Engine (64-bit)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{2D8D14CC-5B31-44B9-87FC-BEC3D8AFFD1D}" = SolidWorks Explorer 2010 SP0 x64 Edition
"{32C65538-80DA-41C9-B990-EED4D260B50F}" = NI System API Windows 64-bit 5.3.0
"{3F7CDE88-3B1B-42C1-ACDF-05720E0B04BB}" = NI Web Application Server 12.0 (64 Bit)
"{41B541B6-3518-4343-8A67-46FF9A4AA1A3}" = NI USI 2.0.0 64-Bit
"{443A416C-BD21-9746-78C4-8139DFAA18B7}" = AMD Media Foundation Decoders
"{45A790D5-C7EB-4BE0-B71A-10C550844AF6}" = NI Portable Configuration for 64 Bit Windows 5.3.0
"{46EF0477-FBC0-47D4-B9B6-81DB345C18E9}" = NI Network Discovery 5.3 for Windows 64-bit
"{49DADDE6-41A1-5A2B-C518-0EBE12261352}" = AMD Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4DD08E99-6FC1-4188-9A2E-0AF968279E41}" = NI mDNS Responder 2.1 for Windows 64-bit
"{4EBBC187-6988-4B10-A846-E1DBD2AD2B8D}" = NI Math Kernel Libraries (64-bit)
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{50B2D9D8-87B6-49EE-BC5C-874119FD6B7B}" = NI Xerces Delay Load 2.7.3 64-bit
"{51692C66-5505-41B8-92A7-548C69FB867C}" = Wireless Selector
"{542DDF04-9F91-4F36-B2F4-2638B788A4C8}" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"{58A9B4F6-2E67-464A-9F71-95F6D7159702}" = NI Math Kernel Libraries (64-bit)
"{5A59ABAE-5F06-4241-B607-6376C29F9F31}" = NI Logos64 XT Support
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6E5159B4-A519-41EF-80EF-AD58371515DF}" = Eraser 6.0.10.2620
"{7254349B-460B-488F-B4DB-A96100C5C48B}" = Power Saving Utility
"{774510C7-E6AC-4ECB-ACEF-D5284FED4D0A}" = NI-RPC 4.3.0f0 for 64 Bit Windows
"{79253283-47EB-4A67-9014-0CBEC8AE4D0C}" = NI VC2010MSMs x64
"{7E9984FD-DF5D-D0D9-E552-7872964F00CC}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{824088E6-2B7A-4CD3-9835-D2AE8BB55EBF}" = NI-DAQmx/LabVIEW shared documentation for 64 Bit Windows 9.5.5
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{86F88524-6AF8-4D10-9F3C-AFB0DA2A3F39}" = NI-ActiveX-Container (64-bit)
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8CF8CB9F-1FF7-4029-8B3D-9A40100B4A09}" = NI Logos 5.4 (64 Bit)
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{9C10623C-BF56-4D66-8F1F-B2D667E44986}" = NI System Web Server Base 12.0.0 (64-bit)
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{A7DE0CB6-DE87-4065-9596-5A1E9FED3297}" = NI Assistant Framework 64-bit
"{ACA45A9D-5C68-429F-AE87-0F2917136FCC}" = Unterstützung für NI SSL (64 Bit)
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AFE7987B-E282-42CE-AD5A-E333BE31E204}" = NI Curl 12.0.0 (64-bit)
"{B618335B-11D2-4780-B5CE-AA2D111DB693}" = NI Authentication 12.0.0 (64-bit)
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{B9254715-D10D-4B4B-B002-54CBA61E6F64}" = NI LabVIEW Broker (64 bit)
"{B9293F41-3CB1-4E86-9523-010F8ACB782D}" = NI Xalan Delay Load 1.10.2 64-bit
"{BD432073-6A5D-4F0F-8952-43B3C21A31C3}" = NI Trace Engine (64-bit)
"{BE2DC247-C185-4EC2-840F-484B46AA1B0E}" = NI MAX Remote Configuration 64-bit Installer 5.3
"{C3D647DC-7317-41F3-A8DB-CC6B98239C6E}" = NI MAX Support for 64 Bit Windows
"{CCC79B52-19CF-4A50-BE60-AEE3DE96B3EA}" = NI Web Pipeline 2.0.1 64-bit support
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{D754C95D-A80F-471C-819B-EEEDD07C9B0A}" = NI-Mesa
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DABB1D70-482A-4B92-8B24-052AD650A2B0}" = NI LabWindows/CVI 2010 SP1 Analysis Library (64-bit)
"{DCEF4AB3-3E07-4517-9A92-9599C903E32B}" = NI DataSocket 5.0 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E3867DF9-81D4-40BC-880C-1F134FECF995}" = NI Help Assistant (64bit)
"{E3E3E625-8F74-44CE-A6D2-C31CB43DA23D}" = NI VC2005MSMs x64
"{E3EB4126-0930-4926-B135-1F85452E7975}" = Math-Kernel-Bibliotheken (64 Bit)
"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"{E9173A5F-22A6-4152-848E-45851DB99162}" = SolidWorks 2010 x64 Edition SP0
"{EA8B28A2-D84F-447E-B588-9C255F1EDC0A}" = Solid Edge ST3
"{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"MatlabR2009a" = MATLAB R2009a
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"R for Windows 2.13.0_is1" = R for Windows 2.13.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2390501894-3314027886-3818468573-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ OSession Events ]
Error - 7/3/2012 9:50:44 AM | Computer Name = Noodlz-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 146
seconds with 0 seconds of active time. This session ended with a crash.
Error - 8/23/2012 4:59:24 AM | Computer Name = Noodlz-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 54183
seconds with 300 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 3/19/2013 2:04:08 PM | Computer Name = Noodlz-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Bluetooth Device (RFCOMM Protocol TDI)" wurde aufgrund
folgenden Fehlers nicht gestartet: %%1058
Error - 3/19/2013 2:04:33 PM | Computer Name = Noodlz-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Error - 3/19/2013 2:04:33 PM | Computer Name = Noodlz-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Error - 3/19/2013 2:15:13 PM | Computer Name = Noodlz-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Bluetooth Device (RFCOMM Protocol TDI)" wurde aufgrund
folgenden Fehlers nicht gestartet: %%1058
Error - 3/19/2013 2:15:34 PM | Computer Name = Noodlz-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Error - 3/19/2013 2:15:34 PM | Computer Name = Noodlz-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
< End of report >
|
|
20.03.2013, 12:57
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus nach installation von "hdplugin_firefox.exe" - Office und andere Programme gelöscht? Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.03.2013, 19:20
| #13 |
| | Virus nach installation von "hdplugin_firefox.exe" - Office und andere Programme gelöscht? Malwarebites Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.20.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Noodlz :: NOODLZ-PC [Administrator] 20.03.2013 13:17:02 mbam-log-2013-03-20 (13-17-02).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 260602 Laufzeit: 3 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Hab den Log von Eset leider mit dem Ordner zusammen gelöscht.. Hat aber nichts gefunden. Falls es das jetzt war erstmal vielen Dank! Ich weiß nicht was ich ohne deine Hilfe gamacht hätte! Hab nur noch ein paar kleine Fragen: - Wie siehts aus mit meinen Passwörtern? Sollte ich die ändern? - Was war das für ein Virus? Kann man das sagen? - In meiner Systemsteuerung sind immer noch fast keine Programme, ist das egal, also soll ich dann einfach gegebenenfalls über die Setup-Dateien deinstallieren und das sonst ignorieren, oder gibt es da noch Probleme mit? Vielen Dank nochmal! |
|
20.03.2013, 23:04
| #14 | |||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus nach installation von "hdplugin_firefox.exe" - Office und andere Programme gelöscht?Zitat:
Zitat:
Zitat:
Sieht soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.03.2013, 13:14
| #15 |
| | Virus nach installation von "hdplugin_firefox.exe" - Office und andere Programme gelöscht? Ich hab mir mal das zu den Hosts files durchgelesen, und so wie ich das verstanden habe muss ich dazu DNS Client Service deaktivieren, ich benutze aber viele Netzwerkverbindungen und benutze meinen Rechner auch auf der Arbeit im Netzwerk, deshalb traue ich mich nicht da was umzustellen (was ich nicht ganz versteh). Aber wenn alle cookies beim beenden des Browsers zu löschen den gleichen Effekt bringt, würde ich wahrscheinlich dazu tendieren. Wegen den Programmen im "Programme und Funktionen" Menü der Systemsteuerung habe ich eigentlich nur Fragen wollen ob es vielleicht auch ein Zeichen für ein ernsthaftes Problem ist wenn da nichts angezeigt wird, wollte es dir nur sagen weil es eben nicht normal ist. Außerdem habe ich festgestellt, dass einige Ordneroptionen "von alleine" verstellt wurden, also "Endungen bekannter Dateien ausblenden" und "versteckte Dateien und Ordner ausblenden" wurde angehakt, obwohl ich es abgehakt hatte. Sonst konnte ich nichts feststellen, habe Office wieder installiert und das läuft auch. Vielen Dank nochmal! |
|
| Themen zu Virus nach installation von "hdplugin_firefox.exe" - Office und andere Programme gelöscht? |
| 100%, anti-malware, avast, dateien, desktop, down, festgestellt, folge, gelöscht, gmer, installation, keygen, malwarebytes, netzwerkverbindungen, nicht mehr, office, ordner, problem, probleme, programme, rechner, scan, shutdown, systemsteuerung, virus |
WARNUNG an die MITLESER: 
Linear-Darstellung
