| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Unbekanntes Programm: Prozess iftutilx.exe gestoppt – von MSE geblockt CVE-2012-1723.gen + PWS:Win32/FareitWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
06.04.2013, 23:59
| #1 |
 |  Unbekanntes Programm: Prozess iftutilx.exe gestoppt – von MSE geblockt CVE-2012-1723.gen + PWS:Win32/Fareit Zugang zu einer potenziell gefährlichen Webseite erfolgreich gestoppt – Unbekanntes Programm Prozess iftutilx.exe gestoppt – von MSE geblockt CVE-2012-1723.gen + PWS:Win32/Fareit Hallo Forum, nachdem ich vor einigen Tagen auf einem meiner 2 Notebooks „Malwarebytes Anti-Malware 1.70.0.1100 installiert hatte, bekam ich die Meldung: Zugang zu einer potenziell gefährlichen Webseite erfolgreich gestoppt: 82.98.97.185 Art: ausgehend Port 49384, Prozess iftutilx.exe Lt. Recherche im Internet gibt es dieses Programm nicht. Das Programm befindet sich in C:\Windows\system32\iftutilx.exe auf beiden Rechnern. Eine Meldung von Malwarebytes Anti-Malware bekam ich nur auf Nootebook2 Starten des Programms erzeugt untenstehende Peport.wer-Datei. Da mir diese Informationen nicht wirklich weiterhalfen, starte ich den Kaspersky Securitity Scan (aus dem Internet). Der Schnelldurchlauf brachte keine Ergebnisse, Die Intensiv-Analyse über Nacht aber auf beiden Notebooks 1 HEUR:Exploit.Java.CVE-2012-1723.gen Auf Notebook1 wurde der sogar 2 mal gefunden 1 HEUR:Exploit.Java.CVE-2012-1723.gen jar_cache648460621962179590.tmp C:\Documents and Settings\NS\AppData\Local\Temp 2 HEUR:Exploit.2. Java.CVE-2012-1723.gen Keine Ahnung, ob die beiden etwas miteinander zu tun haben (man kann auch Flöhe und Läuse haben). Nachdem ich gemäß Forumanweisungen Microsoft Security Essentials deaktiviert und nach Abwicklung der Analyseprogramme MSE wieder gestartet habe, habe ich bemerkt, dass .CVE-2012-1723.gen von MSE bereits erkannt und unter Quarantäne gestellt wurde. Dto. auch auf Notebook2 Des weiteren hat MSE noch PWS:Win32/Fareit unter Quarantäne gestellt. Beim starten von GMER habe ich leider übersehen, dass Malwarebytes Anti-Malware noch aktiv war (MSE Echtzeitschutz habe ich deaktiviert). Leider ist mir nun der Rechner schon 2 mal abgeschmiert, nachdem ich GMER ohne Malwarebytes Anti-Malware gestartet habe. Jetzt melde ich einfach mal den aktuellen Stand in der Hoffnung, dass mir jemand weiterhelfen und mir sagen kann, was auf meinen Rechnern abgeht. Viele Grüße Norbert Anhang: Kurzfassung System Malwarebytes Anti-Malware (Testergebniss) Report.wer – Report bei manuellen Start von iftutilx.exe OTL logfile OTL Extras logfile GMER Rootkit scan x---------------------------- Zum System: Aldi-Notebook / Medion Md98920 (P7624) Win7 64Bit Microsoft Security Essentials Firefox (selten IE) Wlan / Lan Getrennte Partitionen für System und Daten Pc2 Datenlaufwerk in HomeNetz freigegeben (Pc2 nicht) – Systemlaufwerke bei beiden nicht freigegeben Auf beiden Rechnern neu installiert: IrfanView (über Chip.de) …… x----------------------------- Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.04.06.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16521 NS :: NS_MD98920 [Administrator] Schutz: Aktiviert 06.04.2013 21:05:24 mbam-log-2013-04-06 (21-05-24).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 363033 Laufzeit: 9 Minute(n), 54 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) x-------------------------------------------------- Report.wer Version=1 EventType=BEX64 EventTime=130089336546434658 ReportType=2 Consent=1 UploadTime=130089336553795079 ReportIdentifier=32c6032c-9783-11e2-a519-00262dca4dea IntegratorReportIdentifier=32c6032b-9783-11e2-a519-00262dca4dea Response.BucketId=3547766021 Response.BucketTable=5 Response.type=4 Sig[0].Name=Anwendungsname Sig[0].Value=iftutilx.exe Sig[1].Name=Anwendungsversion Sig[1].Value=1.0.0.1 Sig[2].Name=Anwendungszeitstempel Sig[2].Value=5141614d Sig[3].Name=Fehlermodulname Sig[3].Value=unknown Sig[4].Name=Fehlermodulversion Sig[4].Value=0.0.0.0 Sig[5].Name=Fehlermodulzeitstempel Sig[5].Value=00000000 Sig[6].Name=Ausnahmeoffset Sig[6].Value=00000000008870aa Sig[7].Name=Ausnahmecode Sig[7].Value=c0000005 Sig[8].Name=Ausnahmedaten Sig[8].Value=0000000000000008 DynamicSig[1].Name=Betriebsystemversion DynamicSig[1].Value=6.1.7601.2.1.0.768.3 DynamicSig[2].Name=Gebietsschema-ID DynamicSig[2].Value=1031 UI[2]=C:\Windows\system32\iftutilx.exe UI[3]=iftutilx.exe funktioniert nicht mehr UI[4]=Windows kann online nach einer Lösung für das Problem suchen. UI[5]=Online nach einer Lösung suchen (empfohlen) UI[6]=Später nach einer Lösung suchen (empfohlen) UI[7]=Schließen UI[8]=iftutilx.exe wurde beendet und geschlossen. UI[9]=Die Anwendung wird aufgrund eines Problems nicht mehr richtig ausgeführt. Sie erhalten Nachricht, wenn eine Lösung verfügbar ist. UI[10]=S&chließen State[0].Key=Transport.DoneStage1 State[0].Value=1 State[1].Key=DataRequest State[1].Value=iData=1/nDumpFile=//Upload//iCab//363c7286d0f84b80b5ba763682ff53e e-3ddb1d0b250c7daf8bb3618216e94600-5--747201275-BEX64-6-1-7601-2.cab/nDumpServer =watson.microsoft.com/nResponseServer=watson.microsoft.com/nResponseURL=//dw//Ge nericFour.asp?iBucket=-747201275&szCab=363c7286d0f84b80b5ba763682ff53ee.cab&Even tType=BEX64&BucketHash=3ddb1d0b250c7daf8bb3618216e94600&MID=CB98B7F8-8CB2-456E-8 13F-74B156C3D77F/nBucket=-747201275/nBucketTable=5/nResponse=1/n FriendlyEventName=Nicht mehr funktionsfähig ConsentKey=BEX64 AppName=iftutilx.exe AppPath=C:\Windows\system32\iftutilx.exe |
|
08.04.2013, 11:59
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Unbekanntes Programm: Prozess iftutilx.exe gestoppt – von MSE geblockt CVE-2012-1723.gen + PWS:Win32/Fareit Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Ist dein Virenscanner jemals fündig geworden? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
08.04.2013, 21:26
| #3 |
| | Unbekanntes Programm: Prozess iftutilx.exe gestoppt – von MSE geblockt CVE-2012-1723.gen + PWS:Win32/Fareit Hallo cosinus,
__________________zunächst vielen Dank, dass Du Dir meine Anfrage angeschaut hast. Logs habe ich keine. Mein Virenscanner Microsoft Security Essentials sagt mir nur, dass er am 20.12.2012 12:37 PWS:Win32/Fareit 23.12.2012 12:11 CVE-2012-1723 30.12.2012 12:16 CVE-2012-1723 unter Quarantäne gestellt hat. Ich bin mir nicht bewusst, eine Meldung erhalten zu haben, allerdings war diese Zeit gerade etwas stressig, so dass ich mir nicht sicher bin, ob ich eine Meldung nicht weggedrückt habe. Ich vermute aber, dass diese beiden nicht das Problem sind. Einen Verweis auf Log-Dateien habe ich nicht gefunden. Blöderweise ist die letzte vollständige Überprüfung auch gestern Nachmittag automatisch abgelaufen (ohne Fehlerhinweise). Das Ergebnis von Kaspersky habe ich in eine PDF-Datei gedruckt – siehe unten (keine Ahnung ob der eine Log-Datei anlegt – gefunden habe ich keine). Ich habe mal einen Suchbefehl abgesetzt und anscheinend scheint die Adresse 82.98.97.185 sehr häufig mit Virusproblemen in Verbindung zu stehen. z.B.: Neue Anfrage im Board mit eventuell ähnlichem Verursacher: http://www.trojaner-board.de/107022-...-97-205-a.html Noch ein Hinweis, bei Umstellung auf Win7 gefiel mir die Scann-Funktion von Paint.net nicht (zu viele Zwischenschritte), und mein altes Programm Picture Publisher ließ sich unter Win7 nicht installieren. Also war ich auf der Suche nach einem Nachfolgeprogramm das einfacher für Scanns zu Händeln ist. Gelandet bin ich dann bei IrfanView. Plötzlich wurde meine Standardsuchmaschine von Google auf ask.com umgestellt und es fanden sich weitere Suchmaschinen wie Delta-Search etc. die sich nicht löschen ließen bzw. immer wieder auftauchten und Google löschten. Auch unter Programme und Funktionen standen plötzlich Programme wie DeltaSaerch … die neu installiert wurden, ohne dass ich mir bewusst war, dies aktiv veranlasst zu haben. Diese habe ich alle deinstalliert und die Einträge in Firefox gelöscht. Delta Search ist aber in Firefox schon wieder aufgetaucht. Ich kann aber auch nicht ausschließen, dass ich mir die Probleme schon auf der Suche nach „Free Commander“ (installiert 19.1.13) eingefangen habe. Aufgrund dieser Probleme habe ich dann Malwarebytes Anti-Malware 1.70.0.1100 installiert und aufgrund der Untersuchungsergebnisse weitere Maßnahmen ergriffen. Ich hoffe jetzt, dass mir hier im Forum jemand dabei helfen kann, an einer Neuinstallation vorbeizukommen. Bei meinem Umstieg von WinXp auf Win7 saß ich schon tagelang daran, bis ich meine Daten wie Mails, Fax, GoggleEarth-Orte, Polar-Daten etc. übertragen hatte. Und immer wieder stellt man dann fest, dass irgenetwas doch noch übersehen wurde, oder liebgewordene Programme aus Sonderaktionen nicht mehr nachinstalliert werden können. Ich überliege mir gerade, ob ich auf Kaspersky PURE 3.0 Total Security umsteigen soll und dort über die höchste Sicherheitsstufe alle Zugriffe überwachen soll. Allerdings habe ich da die Befürchtung, dass ich dann nur noch am Analysieren bin, wofür die einzelnen Zugriffe erforderlich sind (/unter Xp hatte ich Kaspersky schon mal und bin dann genervt auf MSE umgestiegen, nachdem ist gehört hatte, dass der auch ganz gut sein soll). Vielleicht gibt es da auch etwas besseres was einfacher zu Händeln ist. In der Hoffnung, dass Du mir weiterhelfen kannst, viele Grüße Norbert Code:
ATTFilter Detaillierter Bericht - Kaspersky
Gefundene Probleme
Untersuchungsdatum:
Update-Datum der Antiviren-
Datenbanken:
Produktversion:
06.04.2013
08:50
06.04.2013
04:33
12.0.1.117
(a.b)
HEUR:Exploit.Java.CVE-2012-1723.gen
jar_cache648460621962179590.tmp
C:\Documents and Settings\NS\AppData\Local\Temp
1.
HEUR:Exploit.2. Java.CVE-2012-1723.gen
Computerschutz (0)
Informationen zum installierten Antiviren-Programm und
der Firewall auf dem Computer.
Kaspersky empfiehlt
Schädliche Programme (2)
Informationen zu den auf dem Computer gefundenen
Schadprogrammen.
file:///C:/ProgramData/Kaspersky Lab/KSS2/DataRoot/HtmlReport/in...
1 von 2 06.04.2013 09:18
C:\Program Files (x86)\Google\Picasa3\plugins\expwebsites\1. expwebsites.yti
2. C:\Program Files (x86)\Java\jre6\bin\java.exe
1. "Autostart von Festplatten ist aktiviert"
2. "Autostart von Netzlaufwerken ist aktiviert"
3. "Autostart von CD/DVD ist aktiviert"
4. "Autostart von Wechseldatenträgern ist aktiviert"
5. "Element Ausführen im Startmenü wurde blockiert"
6. "Microsoft Internet Explorer: Verlauf der besuchten URL-Adressen löschen"
7. "Microsoft Internet Explorer: Zwischenspeicherung von über geschützten Kanal empfangenen Daten ist aktiviert"
8. "Microsoft Internet Explorer: Senden von Fehlerberichten deaktivieren"
9. "Microsoft Internet Explorer: Liste der vertrauenswürdigen Domains leeren"
"Microsoft Internet Explorer: Automatisches Leeren des Zwischenspeichers beim Beenden des Browsers
aktivieren"
10.
11. "Microsoft Internet Explorer: Startseite leeren"
Schwachstellen (2)
Informationen zu den Programmen und Komponenten
des Betriebssystems, in denen Schwachstellen
gefunden wurden.
Andere Probleme (11)
Informationen zu Schwachstellen, die mit den
Einstellungen der installierten Programme und des
Betriebssystems zusammenhängen.
file:///C:/ProgramData/Kaspersky Lab/KSS2/DataRoot/HtmlReport/in...
2 von 2 06.04.2013 09:18
|
|
08.04.2013, 21:31
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Unbekanntes Programm: Prozess iftutilx.exe gestoppt – von MSE geblockt CVE-2012-1723.gen + PWS:Win32/Fareit Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
09.04.2013, 16:37
| #5 |
| | Unbekanntes Programm: Prozess iftutilx.exe gestoppt – von MSE geblockt CVE-2012-1723.gen + PWS:Win32/Fareit Hallo cosinus, Das war ja eine superschnelle Rückantwort. Da brauche ich schon etwas länger, allein bis ich die Programme gefunden habe (leider habe ich Thema nicht aufgemacht und bin nach ausgedruckter Email vorgegangen – und da fehlen die Links und die Hinweise). Und dass es im System über 45.000 .tmp-Dateien gibt, brauchte auch noch mal einige Zeit (ich hätte nicht gedacht, dass Win7 noch mehr tmp-Dateien anlegt als XP – muss ich nach Klärung des aktuellen Problems auf jeden Fall im Auge behalten und öfter löschen). MBar und aswMBR habe ich abgewickelt. Im Moment hänge ich beim TDSSkiller an der Stelle der Anleitung „Bitte die Funde nicht selbst Entfernen, sondern auf Anweisungen des Helfers warten!“ TDSSkiller hat dort 3 unsigned file gefunden: epmntdrv, EuGdiDrv und RichVideo Mir ist jetzt unklar, ob ich mit „continue“ weitermachen, oder Deinen Bescheid abwarten soll, da ich nicht erkennen kann was TDSSkiller als nächstes macht. Im Moment hänge ich an diesem Punkt. Ich warte jetzt einfach mal eine Weile ab und lasse das Programm dort hängen. Und an der Stelle sollte ich noch etwas klarstellen: Ich habe Eingangs meiner Meldung erwähnt, dass ich mit 2 Notebooks arbeite (Nb1 und Nb2). Nb1 ist mein erstes Win7 Notebook (02/12) und sozusagen mein Test und Kommunikations-Pc für email, Naturprojekte etc.. Änderungen werden erst mal an dem Pc vorgenommen und wenn ich mir relativ sicher bin, dass alles läuft, auf Nb2 übernommen. Nb2 ist genau das gleiche Gerät, gekauft 02/13 aufgerüstet mit neuer Festplatte und geklont von Nb1. Dieses Nb dient als „Büro“-Nb für Bank, Steuer, Verwaltung … . Die Datei iftutilx.exe ist auf beiden Nbs vorhanden. Mein Sohn hat die Datei mal analysiert und meint, dass der Name und die Dateigröße mit einem Zufallsgenerator erzeugt werden um nicht enttarnt werden zu können. Außerdem scheint die Datei nur als Kommunikationspunkt zu fungieren, der von einem anderen Programm angestoßen wird. Aufgefallen ist mir das Problem bei Nb2 mit der Meldung von Malwarebytes Anti-Malware. Nachdem dann einige Zeit keine Meldung mehr kam, habe ich mir Nb1 als vermutlichen Ausgangspunkt vorgenommen und dort ebenfalls Malwarebytes Anti-Malware installiert, und Nb2 mal vorübergehend ausgeschaltet. Von Nb1 stammen auch meine aktuellen Daten. Bisher habe ich aber noch keine negative Meldung von Malwarebytes Anti-Malware auf Nb1 erhalten. Nachdem die Analyseprogramme anscheinend kein Ergebnis gebracht haben, kommen mir aber jetzt doch bedenken, dass ich eventuell auf der falschen Baustelle unterwegs bin. Auch wenn das erkannte Programm auch hier vorhanden ist, scheint eine Komponente zu fehlen, die den Zugriff anstößt (vielleicht aber auch nur auf eine andere Adresse oder in Lauerstellung?). Nun habe ich Nb2 wieder in Betrieb genommen und zunächst mal MBAR gestartet. Dabei kam auch gleich wieder die Meldung mit einem Zugriffsversuch auf 82.98.97.185. Änderungen Nb2 zu Nb1: Erweiterung IrfanView um RIOT Plugin (Vorgabe der Dateigröße) Treibersoftware für Usb-Faxmodem (zwei verschiedene / einmal von der Herstellerseite, einmal von CD) Ausnahmsweise zuerst auf Nb2 intalliert da Scanner und Faxanschluss bei Nb2. Und Nb2 hängt am Lan, Nb1 an WLan. Ich hoffe, jetzt nicht für Verwirrung gesorgt zu haben, aber vielleicht ist die Fragestellung, warum der Virus bei Nb2 aktiviert wurde und bei Pc1 (event.) nicht, auch von Bedeutung und kann zur Klärung beitragen. Viele Grüße und sorry, dass ich die Schilderung nicht gleich gemacht habe, aber dass da Ganze so in die Tiefe geht, habe ich nicht erwartet. Norbert Und eben habe ich erst das Thema aufgemacht um die Antwort hineinzukopieren und bemerkt, dass zusätzlich zur Mail noch Hinweise vorhanden sind. aswMBR natürlich das letzte Mal nicht mit Admin-Rechten gestartet (Mbar auch nicht?) und wiederholt. Dabei leider Systemabsturz bei Mbar mit AdminRechten: Problemsignatur: Problemereignisname: BlueScreen Betriebsystemversion: 6.1.7601.2.1.0.768.3 Gebietsschema-ID: 1031 Zusatzinformationen zum Problem: BCCode: 109 BCP1: A3A039D8A54AA50E BCP2: B3B7465EF7C8E160 BCP3: FFFFF880033705C0 BCP4: 0000000000000002 OS Version: 6_1_7601 Service Pack: 1_0 Product: 768_1 Dateien, die bei der Beschreibung des Problems hilfreich sind: C:\Windows\Minidump\040913-25708-01.dmp C:\Users\NS\AppData\Local\Temp\WER-99637-0.sysdata.xml Lesen Sie unsere Datenschutzbestimmungen online: hxxp://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0407 Wenn die Onlinedatenschutzbestimmungen nicht verfügbar sind, lesen Sie unsere Datenschutzbestimmungen offline: C:\Windows\system32\de-DE\erofflps.txt 2. Versuch nach Neustart: write error „aswCmnB.dll. Der Prozess kann nicht auf die Daten … Und jetzt weiß ich nicht mehr weiter. Viele Grüße Norbert Ps.: Zur Zeit habe ich MBAR auf Nb2 laufen umd wollte das Ergebnis eigentlich hier anhängen. Aber das Nb wird nicht fertig und ich habe noch einen längeren Termin. Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org
Database version: v2013.04.09.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16521
NS :: NS_MD98920 [administrator]
09.04.2013 12:39:47
mbar-log-2013-04-09 (12-39-47).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 41026
Time elapsed: 3 hour(s), 31 minute(s), 16 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-09 12:52:11
-----------------------------
12:52:11.439 OS Version: Windows x64 6.1.7601 Service Pack 1
12:52:11.439 Number of processors: 4 586 0x2A07
12:52:11.440 ComputerName: NS_MD98920 UserName: NS
12:52:13.670 Initialize success
12:52:26.136 AVAST engine defs: 13040802
12:52:26.512 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:52:26.516 Disk 0 Vendor: ST950032 0003 Size: 476940MB BusType: 3
12:52:26.518 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
12:52:26.519 Disk 1 Vendor: ST950032 0003 Size: 476940MB BusType: 3
12:52:26.696 Disk 0 MBR read successfully
12:52:26.703 Disk 0 MBR scan
12:52:26.737 Disk 0 unknown MBR code
12:52:26.819 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
12:52:26.921 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 100007 MB offset 206848
12:52:27.210 Disk 0 Partition 3 00 12 Compaq diag NTFS 1024 MB offset 974673920
12:52:27.268 Disk 0 Partition - 00 0F Extended LBA 375806 MB offset 205021530
12:52:27.303 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 304121 MB offset 205021593
12:52:27.324 Disk 0 Partition - 00 05 Extended 71680 MB offset 827873217
12:52:27.766 Disk 0 Partition 5 00 07 HPFS/NTFS NTFS 71680 MB offset 827873280
12:52:27.994 Disk 0 scanning C:\Windows\system32\drivers
12:52:49.198 Service scanning
12:53:45.288 Modules scanning
12:53:45.303 Disk 0 trace - called modules:
12:53:45.369 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
12:53:45.380 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009d2b060]
12:53:45.392 3 CLASSPNP.SYS[fffff88001dbe43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800748d050]
12:53:46.252 AVAST engine scan C:\Windows
12:53:49.608 AVAST engine scan C:\Windows\system32
12:58:33.790 AVAST engine scan C:\Windows\system32\drivers
12:58:58.869 AVAST engine scan C:\Users\NS
12:59:47.931 Disk 0 MBR has been saved successfully to "D:\PRIV\System\Sicherheit\MBR.dat"
12:59:47.938 The log file has been saved successfully to "D:\PRIV\System\Sicherheit\aswMBR_130409_1255.txt"
|
|
09.04.2013, 21:49
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Unbekanntes Programm: Prozess iftutilx.exe gestoppt – von MSE geblockt CVE-2012-1723.gen + PWS:Win32/Fareit Eine Bitte: behandeln in einem Strang auch nur einen Rechner, sonst geht das Chaos los und man weiß nicht mehr welches Log bzw welcher Fix auf welchem Rechner anzuwenden ist - oder diente der Hinweis mit dem anderen Notebook nur zur Info? Den tdsskiller solltest du so ausführen, dass er etwaige Funde einfach nur "skipped" also nichts weiter mit ihnen macht. BITTE NICHTS löschen damit, denn das Tool scannt sehr aggressiv, kann also auch sehr viele legitime Einträge auflisten.
__________________ --> Unbekanntes Programm: Prozess iftutilx.exe gestoppt – von MSE geblockt CVE-2012-1723.gen + PWS:Win32/Fareit |
|
10.04.2013, 01:10
| #7 |
| | Unbekanntes Programm: Prozess iftutilx.exe gestoppt – von MSE geblockt CVE-2012-1723.gen + PWS:Win32/Fareit Hallo cosinus, Die bisher gemeldeten Daten stammen alle von Notebook1 – mit Ausnahme der Meldung: Zugang zu einer potenziell gefährlichen Webseite erfolgreich gestoppt – Unbekanntes Programm Prozess iftutilx.exe gestoppt – von MSE geblockt CVE-2012-1723.gen + PWS:Win32/Fareit die kam von Notebook2. Dies wollte ich Klarstellen um Missverständnisse zu vermeiden. Da die dort aufgeführte Datei auch auf Nb1 existiert, Nb2 von Nb1 geklont wurde, ist mit großer Wahrscheinlichkeit davon auszugehen, dass die Datei beim klonen von Nb1 übernommen wurde. Aus dem Grund bin ich auf den Ursprung Nb1 zurückgegangen und habe die Reports dort erstellt. Aktiv und entdeckt wurde das Programm aber nur bei Nb2. Sollte es mit Deiner Mithilfe gelingen, dieses Notebook wieder zu bereinigen, würde ich wahrscheinlich Nb2 platt machen und wieder von diesem Notebook aus klonen. Mal sehen, was herauskommt. Im Anhang nun noch mal aswMBR – diesmal mit Administratorrechten – und das Ergebnis von TDSSkiller. Viele Grüße Norbert Ps.: MBAR hat auf Nb2 auch nichts gefunden, obwohl dort die Meldung von iftutilx.exe kam. Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-10 01:12:37
-----------------------------
01:12:37.783 OS Version: Windows x64 6.1.7601 Service Pack 1
01:12:37.783 Number of processors: 4 586 0x2A07
01:12:37.784 ComputerName: NS_MD98920 UserName: NS
01:12:38.537 Initialize success
01:12:48.624 AVAST engine defs: 13040901
01:12:55.746 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
01:12:55.752 Disk 0 Vendor: ST950032 0003 Size: 476940MB BusType: 3
01:12:55.758 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
01:12:55.763 Disk 1 Vendor: ST950032 0003 Size: 476940MB BusType: 3
01:12:55.893 Disk 0 MBR read successfully
01:12:55.899 Disk 0 MBR scan
01:12:55.926 Disk 0 unknown MBR code
01:12:55.937 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
01:12:55.974 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 100007 MB offset 206848
01:12:56.025 Disk 0 Partition 3 00 12 Compaq diag NTFS 1024 MB offset 974673920
01:12:56.066 Disk 0 Partition - 00 0F Extended LBA 375806 MB offset 205021530
01:12:56.103 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 304121 MB offset 205021593
01:12:56.110 Disk 0 Partition - 00 05 Extended 71680 MB offset 827873217
01:12:56.137 Disk 0 Partition 5 00 07 HPFS/NTFS NTFS 71680 MB offset 827873280
01:12:56.366 Disk 0 scanning C:\Windows\system32\drivers
01:13:18.842 Service scanning
01:14:14.162 Modules scanning
01:14:14.177 Disk 0 trace - called modules:
01:14:14.312 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
01:14:14.323 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009d49060]
01:14:14.335 3 CLASSPNP.SYS[fffff88001c6b43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800785f050]
01:14:15.371 AVAST engine scan C:\Windows
01:14:18.766 AVAST engine scan C:\Windows\system32
01:18:55.915 AVAST engine scan C:\Windows\system32\drivers
01:19:26.733 AVAST engine scan C:\Users\NS
01:27:52.879 Disk 0 MBR has been saved successfully to "D:\PRIV\System\Sicherheit\MBR.dat"
01:27:52.886 The log file has been saved successfully to "D:\PRIV\System\Sicherheit\aswMBR_130410_0112_MitAdmin.txt"
Code:
ATTFilter Report tdsskiller.exe
01:31:47.0433 6660 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
01:31:47.0697 6660 ============================================================
01:31:47.0697 6660 Current date / time: 2013/04/10 01:31:47.0697
01:31:47.0698 6660 SystemInfo:
01:31:47.0698 6660
01:31:47.0698 6660 OS Version: 6.1.7601 ServicePack: 1.0
01:31:47.0698 6660 Product type: Workstation
01:31:47.0698 6660 ComputerName: NS_MD98920
01:31:47.0698 6660 UserName: NS
01:31:47.0698 6660 Windows directory: C:\Windows
01:31:47.0698 6660 System windows directory: C:\Windows
01:31:47.0698 6660 Running under WOW64
01:31:47.0699 6660 Processor architecture: Intel x64
01:31:47.0699 6660 Number of processors: 4
01:31:47.0699 6660 Page size: 0x1000
01:31:47.0699 6660 Boot type: Normal boot
01:31:47.0699 6660 ============================================================
01:31:48.0610 6660 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:31:48.0624 6660 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:31:48.0660 6660 Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
01:31:48.0662 6660 ============================================================
01:31:48.0662 6660 \Device\Harddisk0\DR0:
01:31:48.0680 6660 MBR partitions:
01:31:48.0680 6660 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
01:31:48.0680 6660 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC35395A
01:31:48.0694 6660 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC386199, BlocksNum 0x251FC8B3
01:31:48.0716 6660 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x31585800, BlocksNum 0x8C00000
01:31:48.0716 6660 \Device\Harddisk1\DR1:
01:31:48.0717 6660 MBR partitions:
01:31:48.0717 6660 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
01:31:48.0717 6660 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x33D50800
01:31:48.0717 6660 \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x33D83000, BlocksNum 0x6400000
01:31:48.0717 6660 \Device\Harddisk2\DR2:
01:31:48.0718 6660 MBR partitions:
01:31:48.0718 6660 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
01:31:48.0718 6660 ============================================================
01:31:48.0765 6660 C: <-> \Device\Harddisk0\DR0\Partition2
01:31:49.0102 6660 E: <-> \Device\Harddisk1\DR1\Partition1
01:31:49.0114 6660 D: <-> \Device\Harddisk0\DR0\Partition3
01:31:49.0146 6660 F: <-> \Device\Harddisk0\DR0\Partition4
01:31:49.0501 6660 J: <-> \Device\Harddisk2\DR2\Partition1
01:31:49.0503 6660 G: <-> \Device\Harddisk1\DR1\Partition2
01:31:49.0503 6660 H: <-> \Device\Harddisk1\DR1\Partition3
01:31:49.0503 6660 ============================================================
01:31:49.0503 6660 Initialize success
01:31:49.0503 6660 ============================================================
01:31:57.0909 4996 ============================================================
01:31:57.0909 4996 Scan started
01:31:57.0909 4996 Mode: Manual; SigCheck; TDLFS;
01:31:57.0909 4996 ============================================================
01:31:58.0692 4996 ================ Scan system memory ========================
01:31:58.0692 4996 System memory - ok
01:31:58.0693 4996 ================ Scan services =============================
01:31:58.0855 4996 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
01:31:58.0938 4996 1394ohci - ok
01:31:58.0975 4996 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
01:31:58.0992 4996 ACPI - ok
01:31:59.0029 4996 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
01:31:59.0055 4996 AcpiPmi - ok
01:31:59.0172 4996 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
01:31:59.0200 4996 AdobeARMservice - ok
01:31:59.0353 4996 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
01:31:59.0380 4996 AdobeFlashPlayerUpdateSvc - ok
01:31:59.0433 4996 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
01:31:59.0472 4996 adp94xx - ok
01:31:59.0502 4996 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
01:31:59.0539 4996 adpahci - ok
01:31:59.0553 4996 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
01:31:59.0570 4996 adpu320 - ok
01:31:59.0598 4996 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
01:31:59.0644 4996 AeLookupSvc - ok
01:31:59.0706 4996 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
01:31:59.0754 4996 AFD - ok
01:31:59.0778 4996 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
01:31:59.0789 4996 agp440 - ok
01:31:59.0820 4996 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
01:31:59.0879 4996 ALG - ok
01:31:59.0910 4996 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
01:31:59.0924 4996 aliide - ok
01:31:59.0958 4996 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
01:31:59.0972 4996 amdide - ok
01:31:59.0992 4996 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
01:32:00.0011 4996 AmdK8 - ok
01:32:00.0021 4996 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
01:32:00.0038 4996 AmdPPM - ok
01:32:00.0073 4996 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
01:32:00.0101 4996 amdsata - ok
01:32:00.0149 4996 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
01:32:00.0163 4996 amdsbs - ok
01:32:00.0174 4996 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
01:32:00.0183 4996 amdxata - ok
01:32:00.0213 4996 [ 3BC90482A834F998C3B7A9C934A20342 ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys
01:32:00.0258 4996 AMPPAL - ok
01:32:00.0266 4996 [ 3BC90482A834F998C3B7A9C934A20342 ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys
01:32:00.0277 4996 AMPPALP - ok
01:32:00.0379 4996 [ A47D7FEBD9381D34DDB4FF38B15A67FE ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
01:32:00.0442 4996 AMPPALR3 - ok
01:32:00.0472 4996 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
01:32:00.0515 4996 AppID - ok
01:32:00.0574 4996 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
01:32:00.0654 4996 AppIDSvc - ok
01:32:00.0700 4996 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
01:32:00.0733 4996 Appinfo - ok
01:32:00.0767 4996 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
01:32:00.0795 4996 arc - ok
01:32:00.0817 4996 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
01:32:00.0829 4996 arcsas - ok
01:32:00.0863 4996 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
01:32:00.0937 4996 AsyncMac - ok
01:32:00.0973 4996 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
01:32:00.0993 4996 atapi - ok
01:32:01.0035 4996 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
01:32:01.0105 4996 AudioEndpointBuilder - ok
01:32:01.0134 4996 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
01:32:01.0178 4996 AudioSrv - ok
01:32:01.0224 4996 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
01:32:01.0279 4996 AxInstSV - ok
01:32:01.0325 4996 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
01:32:01.0384 4996 b06bdrv - ok
01:32:01.0424 4996 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
01:32:01.0462 4996 b57nd60a - ok
01:32:01.0516 4996 [ 0D1EA7509F394D8B705B239EE71F5118 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
01:32:01.0551 4996 BBSvc - ok
01:32:01.0582 4996 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
01:32:01.0643 4996 BDESVC - ok
01:32:01.0683 4996 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
01:32:01.0790 4996 Beep - ok
01:32:01.0907 4996 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
01:32:02.0004 4996 BFE - ok
01:32:02.0068 4996 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
01:32:02.0164 4996 BITS - ok
01:32:02.0198 4996 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
01:32:02.0240 4996 blbdrive - ok
01:32:02.0338 4996 [ 55B0C8441DE7D91A819A39D0351154A2 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
01:32:02.0396 4996 Bluetooth Device Monitor - ok
01:32:02.0436 4996 [ 7E262330DF0C4BE4ECE853B59B9CBE4C ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
01:32:02.0488 4996 Bluetooth Media Service - ok
01:32:02.0524 4996 [ 8BF4B9956E13871A88A3810074E2E110 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
01:32:02.0576 4996 Bluetooth OBEX Service - ok
01:32:02.0612 4996 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
01:32:02.0654 4996 bowser - ok
01:32:02.0689 4996 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
01:32:02.0707 4996 BrFiltLo - ok
01:32:02.0722 4996 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
01:32:02.0751 4996 BrFiltUp - ok
01:32:02.0798 4996 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
01:32:02.0853 4996 Browser - ok
01:32:02.0890 4996 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
01:32:02.0950 4996 Brserid - ok
01:32:02.0970 4996 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
01:32:03.0018 4996 BrSerWdm - ok
01:32:03.0048 4996 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
01:32:03.0067 4996 BrUsbMdm - ok
01:32:03.0081 4996 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
01:32:03.0113 4996 BrUsbSer - ok
01:32:03.0160 4996 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
01:32:03.0209 4996 BthEnum - ok
01:32:03.0252 4996 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
01:32:03.0308 4996 BTHMODEM - ok
01:32:03.0339 4996 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
01:32:03.0358 4996 BthPan - ok
01:32:03.0401 4996 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
01:32:03.0450 4996 BTHPORT - ok
01:32:03.0484 4996 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
01:32:03.0555 4996 bthserv - ok
01:32:03.0592 4996 [ 9E2AF97302B9F4BF97E952A865EB31AE ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
01:32:03.0606 4996 BTHSSecurityMgr - ok
01:32:03.0638 4996 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
01:32:03.0669 4996 BTHUSB - ok
01:32:03.0708 4996 [ 270FBA230E78E25726D065A924589A72 ] btmaux C:\Windows\system32\DRIVERS\btmaux.sys
01:32:03.0773 4996 btmaux - ok
01:32:03.0798 4996 [ 0010A54571F525A97EED8C091E96EAA9 ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys
01:32:03.0856 4996 btmhsf - ok
01:32:03.0891 4996 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
01:32:03.0959 4996 cdfs - ok
01:32:04.0009 4996 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
01:32:04.0038 4996 cdrom - ok
01:32:04.0078 4996 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
01:32:04.0162 4996 CertPropSvc - ok
01:32:04.0199 4996 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
01:32:04.0242 4996 circlass - ok
01:32:04.0295 4996 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
01:32:04.0336 4996 CLFS - ok
01:32:04.0399 4996 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:32:04.0425 4996 clr_optimization_v2.0.50727_32 - ok
01:32:04.0461 4996 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:32:04.0473 4996 clr_optimization_v2.0.50727_64 - ok
01:32:04.0555 4996 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:32:04.0578 4996 clr_optimization_v4.0.30319_32 - ok
01:32:04.0616 4996 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:32:04.0631 4996 clr_optimization_v4.0.30319_64 - ok
01:32:04.0673 4996 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
01:32:04.0687 4996 clwvd - ok
01:32:04.0712 4996 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
01:32:04.0749 4996 CmBatt - ok
01:32:04.0764 4996 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
01:32:04.0778 4996 cmdide - ok
01:32:04.0829 4996 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
01:32:04.0881 4996 CNG - ok
01:32:04.0923 4996 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
01:32:04.0934 4996 Compbatt - ok
01:32:04.0957 4996 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
01:32:04.0980 4996 CompositeBus - ok
01:32:04.0983 4996 COMSysApp - ok
01:32:05.0088 4996 [ DF3E8C2C443D3618260DFF5705CE2DF5 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
01:32:05.0118 4996 cphs - ok
01:32:05.0157 4996 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
01:32:05.0169 4996 crcdisk - ok
01:32:05.0220 4996 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
01:32:05.0260 4996 CryptSvc - ok
01:32:05.0330 4996 [ 7F5CD87CA5BDB4D83F992D8C77201483 ] CyberLink PowerDVD 10 MS Monitor Service C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
01:32:05.0350 4996 CyberLink PowerDVD 10 MS Monitor Service - ok
01:32:05.0371 4996 [ 9FAF58E876A3B1DB3030A0A5805F2D86 ] CyberLink PowerDVD 10 MS Service C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
01:32:05.0388 4996 CyberLink PowerDVD 10 MS Service - ok
01:32:05.0427 4996 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
01:32:05.0512 4996 DcomLaunch - ok
01:32:05.0539 4996 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
01:32:05.0592 4996 defragsvc - ok
01:32:05.0628 4996 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
01:32:05.0691 4996 DfsC - ok
01:32:05.0723 4996 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
01:32:05.0747 4996 Dhcp - ok
01:32:05.0766 4996 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
01:32:05.0816 4996 discache - ok
01:32:05.0866 4996 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
01:32:05.0896 4996 Disk - ok
01:32:05.0915 4996 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
01:32:05.0981 4996 Dnscache - ok
01:32:06.0017 4996 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
01:32:06.0090 4996 dot3svc - ok
01:32:06.0105 4996 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
01:32:06.0152 4996 DPS - ok
01:32:06.0186 4996 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
01:32:06.0200 4996 drmkaud - ok
01:32:06.0236 4996 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
01:32:06.0308 4996 DXGKrnl - ok
01:32:06.0331 4996 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
01:32:06.0383 4996 EapHost - ok
01:32:06.0526 4996 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
01:32:06.0661 4996 ebdrv - ok
01:32:06.0690 4996 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
01:32:06.0728 4996 EFS - ok
01:32:06.0800 4996 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
01:32:06.0916 4996 ehRecvr - ok
01:32:06.0929 4996 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
01:32:06.0959 4996 ehSched - ok
01:32:06.0993 4996 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
01:32:07.0013 4996 elxstor - ok
01:32:07.0059 4996 [ 9EAFB3B3B60B8AD958985152A9309ACA ] epmntdrv C:\Windows\system32\epmntdrv.sys
01:32:07.0066 4996 epmntdrv ( UnsignedFile.Multi.Generic ) - warning
01:32:07.0066 4996 epmntdrv - detected UnsignedFile.Multi.Generic (1)
01:32:07.0092 4996 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
01:32:07.0112 4996 ErrDev - ok
01:32:07.0157 4996 [ FB949ED2C93C878A189039F3D7730942 ] EuGdiDrv C:\Windows\system32\EuGdiDrv.sys
01:32:07.0172 4996 EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning
01:32:07.0173 4996 EuGdiDrv - detected UnsignedFile.Multi.Generic (1)
01:32:07.0235 4996 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
01:32:07.0297 4996 EventSystem - ok
01:32:07.0456 4996 [ B20A788579E443F768AAB1A24F705D0A ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
01:32:07.0534 4996 EvtEng - ok
01:32:07.0579 4996 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
01:32:07.0644 4996 exfat - ok
01:32:07.0659 4996 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
01:32:07.0706 4996 fastfat - ok
01:32:07.0760 4996 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
01:32:07.0837 4996 Fax - ok
01:32:07.0869 4996 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
01:32:07.0886 4996 fdc - ok
01:32:07.0928 4996 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
01:32:07.0990 4996 fdPHost - ok
01:32:08.0003 4996 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
01:32:08.0037 4996 FDResPub - ok
01:32:08.0061 4996 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
01:32:08.0072 4996 FileInfo - ok
01:32:08.0091 4996 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
01:32:08.0139 4996 Filetrace - ok
01:32:08.0162 4996 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
01:32:08.0176 4996 flpydisk - ok
01:32:08.0192 4996 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
01:32:08.0210 4996 FltMgr - ok
01:32:08.0265 4996 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
01:32:08.0317 4996 FontCache - ok
01:32:08.0366 4996 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:32:08.0375 4996 FontCache3.0.0.0 - ok
01:32:08.0394 4996 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
01:32:08.0406 4996 FsDepends - ok
01:32:08.0468 4996 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
01:32:08.0478 4996 fssfltr - ok
01:32:08.0574 4996 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
01:32:08.0631 4996 fsssvc - ok
01:32:08.0669 4996 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
01:32:08.0678 4996 Fs_Rec - ok
01:32:08.0719 4996 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
01:32:08.0759 4996 fvevol - ok
01:32:08.0787 4996 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
01:32:08.0797 4996 gagp30kx - ok
01:32:08.0874 4996 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
01:32:08.0894 4996 GoogleDesktopManager-051210-111108 - ok
01:32:08.0934 4996 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
01:32:09.0005 4996 gpsvc - ok
01:32:09.0064 4996 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:32:09.0086 4996 gupdate - ok
01:32:09.0094 4996 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:32:09.0108 4996 gupdatem - ok
01:32:09.0156 4996 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
01:32:09.0173 4996 gusvc - ok
01:32:09.0203 4996 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
01:32:09.0259 4996 hcw85cir - ok
01:32:09.0297 4996 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
01:32:09.0345 4996 HdAudAddService - ok
01:32:09.0384 4996 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
01:32:09.0408 4996 HDAudBus - ok
01:32:09.0425 4996 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
01:32:09.0451 4996 HidBatt - ok
01:32:09.0492 4996 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
01:32:09.0535 4996 HidBth - ok
01:32:09.0562 4996 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
01:32:09.0579 4996 HidIr - ok
01:32:09.0601 4996 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
01:32:09.0650 4996 hidserv - ok
01:32:09.0729 4996 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
01:32:09.0755 4996 HidUsb - ok
01:32:09.0779 4996 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
01:32:09.0848 4996 hkmsvc - ok
01:32:09.0874 4996 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
01:32:09.0929 4996 HomeGroupListener - ok
01:32:09.0962 4996 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
01:32:09.0997 4996 HomeGroupProvider - ok
01:32:10.0079 4996 [ 55711085B763DE9C5A87F1A536EF8B8D ] hotcore3 C:\Windows\syswow64\drivers\hotcore3.sys
01:32:10.0103 4996 hotcore3 - ok
01:32:10.0134 4996 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
01:32:10.0153 4996 HpSAMD - ok
01:32:10.0194 4996 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
01:32:10.0260 4996 HTTP - ok
01:32:10.0275 4996 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
01:32:10.0284 4996 hwpolicy - ok
01:32:10.0314 4996 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
01:32:10.0326 4996 i8042prt - ok
01:32:10.0373 4996 [ 2FDAEC4B02729C48C0FD1B0B4695995B ] iaStor C:\Windows\system32\drivers\iaStor.sys
01:32:10.0410 4996 iaStor - ok
01:32:10.0482 4996 [ D41861E56E7552C13674D7F147A02464 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
01:32:10.0502 4996 IAStorDataMgrSvc - ok
01:32:10.0536 4996 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
01:32:10.0563 4996 iaStorV - ok
01:32:10.0582 4996 [ DE9E40BAEE2E48FD1E3EB423074C014C ] iBtFltCoex C:\Windows\system32\DRIVERS\iBtFltCoex.sys
01:32:10.0621 4996 iBtFltCoex - ok
01:32:10.0679 4996 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:32:10.0736 4996 idsvc - ok
01:32:11.0153 4996 [ 276EE9CDAB16C50E1DF0E4CEFA882F5F ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
01:32:11.0584 4996 igfx - ok
01:32:11.0597 4996 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
01:32:11.0606 4996 iirsp - ok
01:32:11.0646 4996 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
01:32:11.0755 4996 IKEEXT - ok
01:32:11.0785 4996 [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
01:32:11.0794 4996 intaud_WaveExtensible - ok
01:32:11.0900 4996 [ A5F7CEF8A939EBE270462EDEFD629F20 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
01:32:12.0026 4996 IntcAzAudAddService - ok
01:32:12.0070 4996 [ AE594CC17C33AC146739494615E14851 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
01:32:12.0113 4996 IntcDAud - ok
01:32:12.0133 4996 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
01:32:12.0158 4996 intelide - ok
01:32:12.0188 4996 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
01:32:12.0202 4996 intelppm - ok
01:32:12.0237 4996 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
01:32:12.0280 4996 IPBusEnum - ok
01:32:12.0302 4996 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:32:12.0368 4996 IpFilterDriver - ok
01:32:12.0420 4996 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
01:32:12.0484 4996 iphlpsvc - ok
01:32:12.0515 4996 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
01:32:12.0548 4996 IPMIDRV - ok
01:32:12.0581 4996 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
01:32:12.0645 4996 IPNAT - ok
01:32:12.0681 4996 [ 05360B1EA5A2ABF620D1D96EBD8BD8F1 ] irda C:\Windows\system32\DRIVERS\irda.sys
01:32:12.0736 4996 irda - ok
01:32:12.0764 4996 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
01:32:12.0797 4996 IRENUM - ok
01:32:12.0820 4996 [ 3848384AB383F0A8F506C4370635C1F9 ] Irmon C:\Windows\System32\irmon.dll
01:32:12.0850 4996 Irmon - ok
01:32:12.0893 4996 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
01:32:12.0917 4996 isapnp - ok
01:32:12.0952 4996 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
01:32:12.0974 4996 iScsiPrt - ok
01:32:13.0015 4996 [ 00CB3B7A1B166B425F9A330CA51E3568 ] IT9135BDA C:\Windows\system32\Drivers\IT9135BDA.sys
01:32:13.0072 4996 IT9135BDA - ok
01:32:13.0103 4996 [ 716F66336F10885D935B08174DC54242 ] iwdbus C:\Windows\system32\drivers\iwdbus.sys
01:32:13.0119 4996 iwdbus - ok
01:32:13.0137 4996 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
01:32:13.0155 4996 kbdclass - ok
01:32:13.0170 4996 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
01:32:13.0207 4996 kbdhid - ok
01:32:13.0238 4996 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
01:32:13.0257 4996 KeyIso - ok
01:32:13.0288 4996 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
01:32:13.0307 4996 KSecDD - ok
01:32:13.0321 4996 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
01:32:13.0339 4996 KSecPkg - ok
01:32:13.0405 4996 [ E47FFCA0909871AC1BFF0D446FF63CA9 ] KSS C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
01:32:13.0436 4996 KSS - ok
01:32:13.0475 4996 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
01:32:13.0526 4996 ksthunk - ok
01:32:13.0549 4996 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
01:32:13.0599 4996 KtmRm - ok
01:32:13.0634 4996 [ 6DD5383C9413AAE3113FAF89E345663D ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
01:32:13.0658 4996 L1C - ok
01:32:13.0696 4996 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
01:32:13.0747 4996 LanmanServer - ok
01:32:13.0774 4996 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
01:32:13.0823 4996 LanmanWorkstation - ok
01:32:13.0945 4996 [ 7772DFAB22611050B79504E671B06E6E ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
01:32:13.0975 4996 LBTServ - ok
01:32:14.0018 4996 [ ED7EC050CD6C20E1A93A4DAFB7EFD14D ] LEqdUsb C:\Windows\system32\DRIVERS\LEqdUsb.Sys
01:32:14.0031 4996 LEqdUsb - ok
01:32:14.0061 4996 [ 3267BC698E29474A8381E68904EB0390 ] LHidEqd C:\Windows\system32\DRIVERS\LHidEqd.Sys
01:32:14.0072 4996 LHidEqd - ok
01:32:14.0092 4996 [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
01:32:14.0102 4996 LHidFilt - ok
01:32:14.0138 4996 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
01:32:14.0213 4996 lltdio - ok
01:32:14.0243 4996 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
01:32:14.0301 4996 lltdsvc - ok
01:32:14.0319 4996 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
01:32:14.0367 4996 lmhosts - ok
01:32:14.0396 4996 [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
01:32:14.0407 4996 LMouFilt - ok
01:32:14.0504 4996 [ 2ED1786B7542CDA261029F6B526EDF44 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
01:32:14.0526 4996 LMS - ok
01:32:14.0553 4996 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
01:32:14.0564 4996 LSI_FC - ok
01:32:14.0596 4996 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
01:32:14.0626 4996 LSI_SAS - ok
01:32:14.0645 4996 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
01:32:14.0659 4996 LSI_SAS2 - ok
01:32:14.0680 4996 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
01:32:14.0696 4996 LSI_SCSI - ok
01:32:14.0724 4996 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
01:32:14.0788 4996 luafv - ok
01:32:14.0849 4996 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
01:32:14.0867 4996 MBAMProtector - ok
01:32:14.0938 4996 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
01:32:14.0960 4996 MBAMScheduler - ok
01:32:14.0985 4996 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
01:32:15.0020 4996 MBAMService - ok
01:32:15.0112 4996 [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
01:32:15.0126 4996 McComponentHostService - ok
01:32:15.0146 4996 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
01:32:15.0173 4996 Mcx2Svc - ok
01:32:15.0199 4996 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
01:32:15.0209 4996 megasas - ok
01:32:15.0237 4996 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
01:32:15.0252 4996 MegaSR - ok
01:32:15.0287 4996 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\drivers\HECIx64.sys
01:32:15.0310 4996 MEIx64 - ok
01:32:15.0345 4996 [ BA7E071E855D4C502916164A31B05D4D ] MHIKEY10 C:\Windows\system32\Drivers\MHIKEY10x64.sys
01:32:15.0401 4996 MHIKEY10 - ok
01:32:15.0441 4996 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
01:32:15.0525 4996 MMCSS - ok
01:32:15.0551 4996 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
01:32:15.0583 4996 Modem - ok
01:32:15.0601 4996 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
01:32:15.0624 4996 monitor - ok
01:32:15.0673 4996 [ 54F44C3A4F6C1C4D00D4157FBD531EB1 ] MosIrUsb C:\Windows\system32\DRIVERS\MosIrUsb.sys
01:32:15.0730 4996 MosIrUsb - ok
01:32:15.0794 4996 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
01:32:15.0821 4996 mouclass - ok
01:32:15.0841 4996 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
01:32:15.0870 4996 mouhid - ok
01:32:15.0909 4996 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
01:32:15.0923 4996 mountmgr - ok
01:32:16.0014 4996 [ 1C9B83F6A2D1F414F0ACD28D75605607 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
01:32:16.0221 4996 MozillaMaintenance - ok
01:32:16.0278 4996 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
01:32:16.0296 4996 MpFilter - ok
01:32:16.0327 4996 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
01:32:16.0340 4996 mpio - ok
01:32:16.0372 4996 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
01:32:16.0406 4996 mpsdrv - ok
01:32:16.0440 4996 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
01:32:16.0498 4996 MpsSvc - ok
01:32:16.0516 4996 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
01:32:16.0553 4996 MRxDAV - ok
01:32:16.0579 4996 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
01:32:16.0605 4996 mrxsmb - ok
01:32:16.0630 4996 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:32:16.0655 4996 mrxsmb10 - ok
01:32:16.0680 4996 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:32:16.0705 4996 mrxsmb20 - ok
01:32:16.0728 4996 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
01:32:16.0741 4996 msahci - ok
01:32:16.0772 4996 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
01:32:16.0785 4996 msdsm - ok
01:32:16.0799 4996 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
01:32:16.0818 4996 MSDTC - ok
01:32:16.0858 4996 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
01:32:16.0891 4996 Msfs - ok
01:32:16.0993 4996 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
01:32:17.0070 4996 mshidkmdf - ok
01:32:17.0099 4996 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
01:32:17.0108 4996 msisadrv - ok
01:32:17.0137 4996 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
01:32:17.0190 4996 MSiSCSI - ok
01:32:17.0194 4996 msiserver - ok
01:32:17.0228 4996 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
01:32:17.0259 4996 MSKSSRV - ok
01:32:17.0336 4996 [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
01:32:17.0361 4996 MsMpSvc - ok
01:32:17.0388 4996 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
01:32:17.0457 4996 MSPCLOCK - ok
01:32:17.0475 4996 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
01:32:17.0539 4996 MSPQM - ok
01:32:17.0559 4996 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
01:32:17.0576 4996 MsRPC - ok
01:32:17.0601 4996 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
01:32:17.0610 4996 mssmbios - ok
01:32:17.0623 4996 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
01:32:17.0674 4996 MSTEE - ok
01:32:17.0707 4996 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
01:32:17.0741 4996 MTConfig - ok
01:32:17.0761 4996 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
01:32:17.0776 4996 Mup - ok
01:32:17.0860 4996 [ F217D7718FD7577AF331E89910B2D21E ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
01:32:17.0886 4996 MyWiFiDHCPDNS - ok
01:32:17.0922 4996 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
01:32:18.0003 4996 napagent - ok
01:32:18.0050 4996 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
01:32:18.0109 4996 NativeWifiP - ok
01:32:18.0154 4996 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
01:32:18.0202 4996 NDIS - ok
01:32:18.0213 4996 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
01:32:18.0265 4996 NdisCap - ok
01:32:18.0303 4996 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
01:32:18.0335 4996 NdisTapi - ok
01:32:18.0346 4996 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
01:32:18.0377 4996 Ndisuio - ok
01:32:18.0386 4996 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
01:32:18.0431 4996 NdisWan - ok
01:32:18.0453 4996 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
01:32:18.0515 4996 NDProxy - ok
01:32:18.0543 4996 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
01:32:18.0596 4996 NetBIOS - ok
01:32:18.0612 4996 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
01:32:18.0663 4996 NetBT - ok
01:32:18.0685 4996 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
01:32:18.0696 4996 Netlogon - ok
01:32:18.0745 4996 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
01:32:18.0820 4996 Netman - ok
01:32:18.0850 4996 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
01:32:18.0910 4996 netprofm - ok
01:32:18.0941 4996 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:32:18.0952 4996 NetTcpPortSharing - ok
01:32:19.0157 4996 [ 9FD1BE1881446D954FF77244AE58FBCB ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
01:32:19.0396 4996 NETwNs64 - ok
01:32:19.0433 4996 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
01:32:19.0444 4996 nfrd960 - ok
01:32:19.0501 4996 [ 162100E0BC8377710F9D170631921C03 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
01:32:19.0531 4996 NisDrv - ok
01:32:19.0587 4996 [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
01:32:19.0617 4996 NisSrv - ok
01:32:19.0649 4996 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
01:32:19.0669 4996 NlaSvc - ok
01:32:19.0695 4996 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
01:32:19.0734 4996 Npfs - ok
01:32:19.0759 4996 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
01:32:19.0806 4996 nsi - ok
01:32:19.0828 4996 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
01:32:19.0888 4996 nsiproxy - ok
01:32:19.0961 4996 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
01:32:20.0054 4996 Ntfs - ok
01:32:20.0077 4996 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
01:32:20.0109 4996 Null - ok
01:32:20.0427 4996 [ E97E8C80793EF12C994607CA5645799A ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
01:32:20.0798 4996 nvlddmkm - ok
01:32:20.0826 4996 [ 50612BD6943B9CB20008E9E241DC8B7D ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
01:32:20.0835 4996 nvpciflt - ok
01:32:20.0860 4996 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
01:32:20.0872 4996 nvraid - ok
01:32:20.0892 4996 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
01:32:20.0904 4996 nvstor - ok
01:32:20.0986 4996 [ F355C26FDE46EDB911E3E3D749E985AE ] nvsvc C:\Windows\system32\nvvsvc.exe
01:32:21.0076 4996 nvsvc - ok
01:32:21.0253 4996 [ 03AA7307C0D92D38D7AF90E181736B8D ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
01:32:21.0312 4996 nvUpdatusService - ok
01:32:21.0343 4996 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
01:32:21.0370 4996 nv_agp - ok
01:32:21.0403 4996 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
01:32:21.0443 4996 ohci1394 - ok
01:32:21.0485 4996 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
01:32:21.0555 4996 p2pimsvc - ok
01:32:21.0583 4996 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
01:32:21.0619 4996 p2psvc - ok
01:32:21.0645 4996 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
01:32:21.0662 4996 Parport - ok
01:32:21.0689 4996 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
01:32:21.0705 4996 partmgr - ok
01:32:21.0734 4996 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
01:32:21.0781 4996 PcaSvc - ok
01:32:21.0809 4996 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
01:32:21.0824 4996 pci - ok
01:32:21.0842 4996 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
01:32:21.0851 4996 pciide - ok
01:32:21.0875 4996 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
01:32:21.0888 4996 pcmcia - ok
01:32:21.0916 4996 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
01:32:21.0943 4996 pcw - ok
01:32:22.0046 4996 [ 98655F862BB07CFB1CCC9262DA621AE1 ] PDF Architect Helper Service C:\Program Files (x86)\PDF Architect\HelperService.exe
01:32:22.0376 4996 PDF Architect Helper Service - ok
01:32:22.0425 4996 [ 73406F96E946F2B38615375269EF286F ] PDF Architect Service C:\Program Files (x86)\PDF Architect\ConversionService.exe
01:32:22.0555 4996 PDF Architect Service - ok
01:32:22.0600 4996 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
01:32:22.0679 4996 PEAUTH - ok
01:32:22.0765 4996 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
01:32:22.0809 4996 PerfHost - ok
01:32:22.0871 4996 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
01:32:22.0967 4996 pla - ok
01:32:23.0008 4996 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
01:32:23.0052 4996 PlugPlay - ok
01:32:23.0144 4996 [ 63694C307273062A2167AE4CE80730EF ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
01:32:23.0179 4996 PMBDeviceInfoProvider - ok
01:32:23.0205 4996 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
01:32:23.0232 4996 PNRPAutoReg - ok
01:32:23.0254 4996 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
01:32:23.0271 4996 PNRPsvc - ok
01:32:23.0296 4996 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
01:32:23.0359 4996 PolicyAgent - ok
01:32:23.0385 4996 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
01:32:23.0435 4996 Power - ok
01:32:23.0473 4996 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
01:32:23.0564 4996 PptpMiniport - ok
01:32:23.0599 4996 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
01:32:23.0626 4996 Processor - ok
01:32:23.0668 4996 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
01:32:23.0695 4996 ProfSvc - ok
01:32:23.0714 4996 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
01:32:23.0729 4996 ProtectedStorage - ok
01:32:23.0764 4996 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
01:32:23.0810 4996 Psched - ok
01:32:23.0853 4996 [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2 c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
01:32:23.0868 4996 PSI_SVC_2 - ok
01:32:23.0935 4996 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
01:32:24.0001 4996 ql2300 - ok
01:32:24.0022 4996 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
01:32:24.0032 4996 ql40xx - ok
01:32:24.0063 4996 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
01:32:24.0083 4996 QWAVE - ok
01:32:24.0106 4996 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
01:32:24.0141 4996 QWAVEdrv - ok
01:32:24.0212 4996 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
01:32:24.0235 4996 RapiMgr - ok
01:32:24.0254 4996 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
01:32:24.0314 4996 RasAcd - ok
01:32:24.0347 4996 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
01:32:24.0397 4996 RasAgileVpn - ok
01:32:24.0425 4996 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
01:32:24.0459 4996 RasAuto - ok
01:32:24.0472 4996 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
01:32:24.0520 4996 Rasl2tp - ok
01:32:24.0562 4996 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
01:32:24.0631 4996 RasMan - ok
01:32:24.0660 4996 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
01:32:24.0735 4996 RasPppoe - ok
01:32:24.0767 4996 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
01:32:24.0816 4996 RasSstp - ok
01:32:24.0835 4996 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
01:32:24.0889 4996 rdbss - ok
01:32:24.0919 4996 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
01:32:24.0933 4996 rdpbus - ok
01:32:24.0942 4996 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
01:32:24.0975 4996 RDPCDD - ok
01:32:25.0003 4996 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
01:32:25.0047 4996 RDPENCDD - ok
01:32:25.0065 4996 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
01:32:25.0098 4996 RDPREFMP - ok
01:32:25.0131 4996 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
01:32:25.0183 4996 RDPWD - ok
01:32:25.0223 4996 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
01:32:25.0241 4996 rdyboost - ok
01:32:25.0305 4996 [ B9A0810D16EA7935B10A5499ABA61DC3 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
01:32:25.0353 4996 RegSrvc - ok
01:32:25.0381 4996 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
01:32:25.0415 4996 RemoteAccess - ok
01:32:25.0427 4996 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
01:32:25.0482 4996 RemoteRegistry - ok
01:32:25.0514 4996 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
01:32:25.0548 4996 RFCOMM - ok
01:32:25.0637 4996 [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
01:32:25.0752 4996 RichVideo ( UnsignedFile.Multi.Generic ) - warning
01:32:25.0752 4996 RichVideo - detected UnsignedFile.Multi.Generic (1)
01:32:25.0776 4996 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
01:32:25.0865 4996 RpcEptMapper - ok
01:32:25.0881 4996 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
01:32:25.0893 4996 RpcLocator - ok
01:32:25.0915 4996 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
01:32:25.0952 4996 RpcSs - ok
01:32:25.0985 4996 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
01:32:26.0031 4996 rspndr - ok
01:32:26.0094 4996 [ CE0A1D8A59410E698140821E4E69DA0D ] RSUSBVSTOR C:\Windows\System32\Drivers\RtsUVStor.sys
01:32:26.0120 4996 RSUSBVSTOR - ok
01:32:26.0225 4996 [ EA268BCE30691C2DD24F02E617FD2EB5 ] s0016bus C:\Windows\system32\DRIVERS\s0016bus.sys
01:32:26.0247 4996 s0016bus - ok
01:32:26.0285 4996 [ F5F9DEB89996D333EF976624D37E24E3 ] s0016mdfl C:\Windows\system32\DRIVERS\s0016mdfl.sys
01:32:26.0303 4996 s0016mdfl - ok
01:32:26.0324 4996 [ C17CE2AEE67480FEBCC36ECCB54C0BE8 ] s0016mdm C:\Windows\system32\DRIVERS\s0016mdm.sys
01:32:26.0347 4996 s0016mdm - ok
01:32:26.0371 4996 [ CC267F04C54C5EC5B7BD658D7628469F ] s0016mgmt C:\Windows\system32\DRIVERS\s0016mgmt.sys
01:32:26.0382 4996 s0016mgmt - ok
01:32:26.0408 4996 [ 30A35BBCE09D9FE67482FD62C61911FC ] s0016nd5 C:\Windows\system32\DRIVERS\s0016nd5.sys
01:32:26.0417 4996 s0016nd5 - ok
01:32:26.0430 4996 [ CA394DCC38579C7AD82E83EE64D798A0 ] s0016obex C:\Windows\system32\DRIVERS\s0016obex.sys
01:32:26.0441 4996 s0016obex - ok
01:32:26.0452 4996 [ EB267CCEA84E6E8598D92F73332AC67B ] s0016unic C:\Windows\system32\DRIVERS\s0016unic.sys
01:32:26.0463 4996 s0016unic - ok
01:32:26.0476 4996 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
01:32:26.0486 4996 SamSs - ok
01:32:26.0513 4996 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
01:32:26.0524 4996 sbp2port - ok
01:32:26.0547 4996 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
01:32:26.0594 4996 SCardSvr - ok
01:32:26.0619 4996 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
01:32:26.0663 4996 scfilter - ok
01:32:26.0702 4996 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
01:32:26.0765 4996 Schedule - ok
01:32:26.0868 4996 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
01:32:26.0927 4996 SCPolicySvc - ok
01:32:26.0945 4996 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
01:32:26.0963 4996 SDRSVC - ok
01:32:27.0023 4996 [ 78779EE07231C658B483B1F38B5088DF ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
01:32:27.0050 4996 SeaPort - ok
01:32:27.0077 4996 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
01:32:27.0121 4996 secdrv - ok
01:32:27.0138 4996 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
01:32:27.0169 4996 seclogon - ok
01:32:27.0211 4996 [ EDE7A1D2715AAC2190D51DC07AFD44E3 ] seehcri C:\Windows\system32\DRIVERS\seehcri.sys
01:32:27.0222 4996 seehcri - ok
01:32:27.0238 4996 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
01:32:27.0318 4996 SENS - ok
01:32:27.0347 4996 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
01:32:27.0403 4996 SensrSvc - ok
01:32:27.0432 4996 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
01:32:27.0481 4996 Serenum - ok
01:32:27.0521 4996 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
01:32:27.0569 4996 Serial - ok
01:32:27.0595 4996 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
01:32:27.0638 4996 sermouse - ok
01:32:27.0673 4996 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
01:32:27.0713 4996 SessionEnv - ok
01:32:27.0730 4996 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
01:32:27.0744 4996 sffdisk - ok
01:32:27.0773 4996 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
01:32:27.0786 4996 sffp_mmc - ok
01:32:27.0817 4996 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
01:32:27.0829 4996 sffp_sd - ok
01:32:27.0846 4996 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
01:32:27.0857 4996 sfloppy - ok
01:32:27.0892 4996 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
01:32:27.0940 4996 SharedAccess - ok
01:32:27.0974 4996 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
01:32:28.0041 4996 ShellHWDetection - ok
01:32:28.0067 4996 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
01:32:28.0076 4996 SiSRaid2 - ok
01:32:28.0097 4996 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
01:32:28.0107 4996 SiSRaid4 - ok
01:32:28.0150 4996 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
01:32:28.0227 4996 Smb - ok
01:32:28.0273 4996 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
01:32:28.0295 4996 SNMPTRAP - ok
01:32:28.0411 4996 [ 369539B35C79BF15E354F7CBD438D721 ] Soda PDF 5 Helper Service C:\Program Files (x86)\Soda PDF 5\HelperService.exe
01:32:28.0746 4996 Soda PDF 5 Helper Service - ok
01:32:28.0806 4996 [ 69CFDF67E891AB2B6B97886DB5A016DF ] Soda PDF 5 Service C:\Program Files (x86)\Soda PDF 5\ConversionService.exe
01:32:28.0970 4996 Soda PDF 5 Service - ok
01:32:29.0056 4996 [ 3A4F2C0BB87A0895ABEBA341AA1E341B ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
01:32:29.0107 4996 Sony PC Companion - ok
01:32:29.0137 4996 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
01:32:29.0153 4996 spldr - ok
01:32:29.0200 4996 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
01:32:29.0265 4996 Spooler - ok
01:32:29.0373 4996 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
01:32:29.0519 4996 sppsvc - ok
01:32:29.0532 4996 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
01:32:29.0577 4996 sppuinotify - ok
01:32:29.0612 4996 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
01:32:29.0630 4996 srv - ok
01:32:29.0650 4996 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
01:32:29.0687 4996 srv2 - ok
01:32:29.0705 4996 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
01:32:29.0731 4996 srvnet - ok
01:32:29.0763 4996 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
01:32:29.0811 4996 SSDPSRV - ok
01:32:29.0835 4996 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
01:32:29.0870 4996 SstpSvc - ok
01:32:29.0948 4996 [ B7368B1BF6C20922DFEDF0A35F69EEEF ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
01:32:29.0986 4996 Stereo Service - ok
01:32:29.0998 4996 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
01:32:30.0008 4996 stexstor - ok
01:32:30.0063 4996 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
01:32:30.0158 4996 stisvc - ok
01:32:30.0193 4996 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
01:32:30.0218 4996 swenum - ok
01:32:30.0254 4996 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
01:32:30.0336 4996 swprv - ok
01:32:30.0423 4996 [ B3AD15FA10EBEAFC1275F34050E4E230 ] SynTP C:\Windows\system32\drivers\SynTP.sys
01:32:30.0503 4996 SynTP - ok
01:32:30.0574 4996 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
01:32:30.0662 4996 SysMain - ok
01:32:30.0685 4996 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
01:32:30.0736 4996 TabletInputService - ok
01:32:30.0762 4996 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
01:32:30.0806 4996 TapiSrv - ok
01:32:30.0812 4996 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
01:32:30.0859 4996 TBS - ok
01:32:30.0918 4996 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
01:32:31.0002 4996 Tcpip - ok
01:32:31.0077 4996 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
01:32:31.0131 4996 TCPIP6 - ok
01:32:31.0163 4996 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
01:32:31.0174 4996 tcpipreg - ok
01:32:31.0201 4996 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
01:32:31.0252 4996 TDPIPE - ok
01:32:31.0295 4996 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
01:32:31.0332 4996 TDTCP - ok
01:32:31.0373 4996 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
01:32:31.0416 4996 tdx - ok
01:32:31.0514 4996 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
01:32:31.0541 4996 TermDD - ok
01:32:31.0583 4996 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
01:32:31.0647 4996 TermService - ok
01:32:31.0665 4996 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
01:32:31.0697 4996 Themes - ok
01:32:31.0727 4996 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
01:32:31.0777 4996 THREADORDER - ok
01:32:31.0817 4996 [ DA632FAE7B5629032B2C24E1BE29168B ] tihub3 C:\Windows\system32\DRIVERS\tihub3.sys
01:32:31.0846 4996 tihub3 - ok
01:32:31.0880 4996 [ 6AAD465F69632931B6D8D61B287E6DE9 ] tixhci C:\Windows\system32\drivers\tixhci.sys
01:32:31.0905 4996 tixhci - ok
01:32:31.0943 4996 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
01:32:32.0014 4996 TrkWks - ok
01:32:32.0056 4996 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
01:32:32.0099 4996 TrustedInstaller - ok
01:32:32.0111 4996 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
01:32:32.0172 4996 tssecsrv - ok
01:32:32.0217 4996 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
01:32:32.0252 4996 TsUsbFlt - ok
01:32:32.0280 4996 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
01:32:32.0292 4996 TsUsbGD - ok
01:32:32.0315 4996 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
01:32:32.0345 4996 tunnel - ok
01:32:32.0364 4996 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
01:32:32.0374 4996 uagp35 - ok
01:32:32.0398 4996 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
01:32:32.0458 4996 udfs - ok
01:32:32.0489 4996 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
01:32:32.0502 4996 UI0Detect - ok
01:32:32.0532 4996 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
01:32:32.0543 4996 uliagpkx - ok
01:32:32.0574 4996 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
01:32:32.0596 4996 umbus - ok
01:32:32.0625 4996 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
01:32:32.0666 4996 UmPass - ok
01:32:32.0828 4996 [ 7E5E1603D0FF2D240AE70295C5C3FEFC ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
01:32:32.0916 4996 UNS - ok
01:32:32.0989 4996 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
01:32:33.0085 4996 upnphost - ok
01:32:33.0140 4996 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
01:32:33.0178 4996 usbaudio - ok
01:32:33.0207 4996 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
01:32:33.0231 4996 usbccgp - ok
01:32:33.0254 4996 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
01:32:33.0271 4996 usbcir - ok
01:32:33.0289 4996 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
01:32:33.0311 4996 usbehci - ok
01:32:33.0334 4996 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
01:32:33.0390 4996 usbhub - ok
01:32:33.0433 4996 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
01:32:33.0455 4996 usbohci - ok
01:32:33.0478 4996 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
01:32:33.0493 4996 usbprint - ok
01:32:33.0530 4996 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:32:33.0577 4996 USBSTOR - ok
01:32:33.0612 4996 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
01:32:33.0628 4996 usbuhci - ok
01:32:33.0679 4996 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
01:32:33.0720 4996 usbvideo - ok
01:32:33.0757 4996 [ 7B28E2FBE75115660FAB31079C0A9F29 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys
01:32:33.0788 4996 usb_rndisx - ok
01:32:33.0819 4996 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
01:32:33.0889 4996 UxSms - ok
01:32:33.0905 4996 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
01:32:33.0915 4996 VaultSvc - ok
01:32:33.0942 4996 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
01:32:33.0953 4996 vdrvroot - ok
01:32:33.0978 4996 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
01:32:34.0019 4996 vds - ok
01:32:34.0047 4996 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
01:32:34.0059 4996 vga - ok
01:32:34.0089 4996 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
01:32:34.0141 4996 VgaSave - ok
01:32:34.0175 4996 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
01:32:34.0188 4996 vhdmp - ok
01:32:34.0213 4996 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
01:32:34.0222 4996 viaide - ok
01:32:34.0246 4996 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
01:32:34.0257 4996 volmgr - ok
01:32:34.0285 4996 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
01:32:34.0301 4996 volmgrx - ok
01:32:34.0323 4996 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
01:32:34.0338 4996 volsnap - ok
01:32:34.0364 4996 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
01:32:34.0377 4996 vsmraid - ok
01:32:34.0450 4996 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
01:32:34.0566 4996 VSS - ok
01:32:34.0588 4996 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
01:32:34.0638 4996 vwifibus - ok
01:32:34.0680 4996 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
01:32:34.0715 4996 vwififlt - ok
01:32:34.0738 4996 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
01:32:34.0756 4996 vwifimp - ok
01:32:34.0772 4996 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
01:32:34.0815 4996 W32Time - ok
01:32:34.0834 4996 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
01:32:34.0859 4996 WacomPen - ok
01:32:34.0909 4996 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
01:32:34.0969 4996 WANARP - ok
01:32:34.0986 4996 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
01:32:35.0016 4996 Wanarpv6 - ok
01:32:35.0076 4996 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
01:32:35.0197 4996 wbengine - ok
01:32:35.0214 4996 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
01:32:35.0232 4996 WbioSrvc - ok
01:32:35.0288 4996 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
01:32:35.0337 4996 WcesComm - ok
01:32:35.0363 4996 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
01:32:35.0407 4996 wcncsvc - ok
01:32:35.0434 4996 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
01:32:35.0484 4996 WcsPlugInService - ok
01:32:35.0508 4996 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
01:32:35.0522 4996 Wd - ok
01:32:35.0571 4996 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
01:32:35.0627 4996 Wdf01000 - ok
01:32:35.0643 4996 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
01:32:35.0719 4996 WdiServiceHost - ok
01:32:35.0724 4996 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
01:32:35.0744 4996 WdiSystemHost - ok
01:32:35.0777 4996 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
01:32:35.0839 4996 WebClient - ok
01:32:35.0861 4996 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
01:32:35.0926 4996 Wecsvc - ok
01:32:35.0949 4996 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
01:32:35.0999 4996 wercplsupport - ok
01:32:36.0019 4996 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
01:32:36.0054 4996 WerSvc - ok
01:32:36.0076 4996 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
01:32:36.0108 4996 WfpLwf - ok
01:32:36.0121 4996 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
01:32:36.0130 4996 WIMMount - ok
01:32:36.0146 4996 WinDefend - ok
01:32:36.0160 4996 WinHttpAutoProxySvc - ok
01:32:36.0203 4996 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
01:32:36.0280 4996 Winmgmt - ok
01:32:36.0357 4996 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
01:32:36.0460 4996 WinRM - ok
01:32:36.0531 4996 [ FE88B288356E7B47B74B13372ADD906D ] WINUSB C:\Windows\system32\DRIVERS\WinUSB.SYS
01:32:36.0562 4996 WINUSB - ok
01:32:36.0602 4996 [ 4C69A8E2E159C1C59BC4B688E9DD7F8C ] WisLMSvc C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
01:32:36.0615 4996 WisLMSvc - ok
01:32:36.0652 4996 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
01:32:36.0720 4996 Wlansvc - ok
01:32:36.0782 4996 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
01:32:36.0802 4996 wlcrasvc - ok
01:32:37.0021 4996 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
01:32:37.0204 4996 wlidsvc - ok
01:32:37.0259 4996 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
01:32:37.0301 4996 WmiAcpi - ok
01:32:37.0352 4996 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
01:32:37.0400 4996 wmiApSrv - ok
01:32:37.0442 4996 WMPNetworkSvc - ok
01:32:37.0465 4996 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
01:32:37.0498 4996 WPCSvc - ok
01:32:37.0509 4996 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
01:32:37.0527 4996 WPDBusEnum - ok
01:32:37.0550 4996 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
01:32:37.0582 4996 ws2ifsl - ok
01:32:37.0592 4996 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
01:32:37.0627 4996 wscsvc - ok
01:32:37.0674 4996 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
01:32:37.0727 4996 WSDPrintDevice - ok
01:32:37.0745 4996 [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
01:32:37.0776 4996 WSDScan - ok
01:32:37.0780 4996 WSearch - ok
01:32:37.0876 4996 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
01:32:37.0986 4996 wuauserv - ok
01:32:38.0024 4996 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
01:32:38.0066 4996 WudfPf - ok
01:32:38.0101 4996 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
01:32:38.0129 4996 WUDFRd - ok
01:32:38.0164 4996 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
01:32:38.0201 4996 wudfsvc - ok
01:32:38.0235 4996 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
01:32:38.0303 4996 WwanSvc - ok
01:32:38.0377 4996 [ 7EB06617A7F2F280D58CF62776FDDDC2 ] ZcfgSvc7 C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe
01:32:38.0407 4996 ZcfgSvc7 - ok
01:32:38.0436 4996 ================ Scan global ===============================
01:32:38.0452 4996 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
01:32:38.0483 4996 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
01:32:38.0501 4996 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
01:32:38.0523 4996 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
01:32:38.0545 4996 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
01:32:38.0550 4996 [Global] - ok
01:32:38.0551 4996 ================ Scan MBR ==================================
01:32:38.0566 4996 [ 4624822E540EC83CD0819525C65846BA ] \Device\Harddisk0\DR0
01:32:41.0265 4996 \Device\Harddisk0\DR0 - ok
01:32:41.0554 4996 [ 4624822E540EC83CD0819525C65846BA ] \Device\Harddisk1\DR1
01:32:44.0189 4996 \Device\Harddisk1\DR1 - ok
01:32:44.0550 4996 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR2
01:32:44.0701 4996 \Device\Harddisk2\DR2 - ok
01:32:44.0702 4996 ================ Scan VBR ==================================
01:32:44.0707 4996 [ B3DFB54031BD7F52A5A3339EC7C69547 ] \Device\Harddisk0\DR0\Partition1
01:32:44.0710 4996 \Device\Harddisk0\DR0\Partition1 - ok
01:32:44.0769 4996 [ 042C13E661739F5A27C1923EB860DD70 ] \Device\Harddisk0\DR0\Partition2
01:32:44.0773 4996 \Device\Harddisk0\DR0\Partition2 - ok
01:32:44.0779 4996 [ 396F3FA8044188E0B8DCF3EBDE5F9A30 ] \Device\Harddisk0\DR0\Partition3
01:32:44.0782 4996 \Device\Harddisk0\DR0\Partition3 - ok
01:32:44.0810 4996 [ 0EE42905FA5207DE26C3A5B4116189C7 ] \Device\Harddisk0\DR0\Partition4
01:32:44.0814 4996 \Device\Harddisk0\DR0\Partition4 - ok
01:32:44.0877 4996 [ 0EE3D1A3A9B8A7A33427B13ECE144EEA ] \Device\Harddisk1\DR1\Partition1
01:32:44.0881 4996 \Device\Harddisk1\DR1\Partition1 - ok
01:32:44.0898 4996 [ D64FC33F7C3D3181D707D93F5D94FAA2 ] \Device\Harddisk1\DR1\Partition2
01:32:44.0901 4996 \Device\Harddisk1\DR1\Partition2 - ok
01:32:44.0930 4996 [ CA387EC4633182296B1948219229004B ] \Device\Harddisk1\DR1\Partition3
01:32:44.0934 4996 \Device\Harddisk1\DR1\Partition3 - ok
01:32:44.0936 4996 [ D03005C1230E1F0E02E15C7C03CD6AB2 ] \Device\Harddisk2\DR2\Partition1
01:32:44.0938 4996 \Device\Harddisk2\DR2\Partition1 - ok
01:32:44.0939 4996 ============================================================
01:32:44.0939 4996 Scan finished
01:32:44.0939 4996 ============================================================
01:32:44.0941 4480 Detected object count: 3
01:32:44.0941 4480 Actual detected object count: 3
01:34:14.0476 4480 epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user
01:34:14.0477 4480 epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:34:14.0477 4480 EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user
01:34:14.0477 4480 EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:34:14.0479 4480 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
01:34:14.0479 4480 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
10.04.2013, 08:33
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Unbekanntes Programm: Prozess iftutilx.exe gestoppt – von MSE geblockt CVE-2012-1723.gen + PWS:Win32/Fareit Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.04.2013, 17:07
| #9 |
| | Unbekanntes Programm: Prozess iftutilx.exe gestoppt – von MSE geblockt CVE-2012-1723.gen + PWS:Win32/Fareit Hallo cosinus, ComboFix abgewickelt – nachstehend die Daten. Wie geht’s weiter oder wars das? Gruß Norbert Code:
ATTFilter ComboFix 13-04-10.02 - NS 10.04.2013 17:03:06.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8098.5100 [GMT 2:00]
ausgeführt von:: c:\users\NS\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\NS\AppData\Roaming\PLCLIB.dll
c:\users\NS\AppData\Roaming\PLCLIB32.dll
c:\windows\SysWow64\AF15BDAEX.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-03-10 bis 2013-04-10 ))))))))))))))))))))))))))))))
.
.
2013-04-10 15:25 . 2013-04-10 15:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-10 15:25 . 2013-04-10 15:25 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-04-08 21:10 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EFF3D534-FBF5-4911-9328-FF9C8A08EBBE}\mpengine.dll
2013-04-07 21:09 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-05 15:54 . 2013-04-05 15:54 -------- d-----w- c:\users\NS\AppData\Roaming\Malwarebytes
2013-04-05 15:54 . 2013-04-05 15:54 -------- d-----w- c:\programdata\Malwarebytes
2013-04-05 15:54 . 2013-04-06 19:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-04-05 15:54 . 2012-12-14 14:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-05 15:22 . 2013-04-05 15:22 -------- d-----w- c:\programdata\Kaspersky Lab
2013-04-05 15:22 . 2013-04-05 15:22 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2013-04-03 10:57 . 2013-04-03 10:57 -------- d-----w- c:\program files (x86)\PowerPacket
2013-04-03 10:21 . 2013-04-03 10:21 -------- d-----w- c:\program files (x86)\Soda PDF 5
2013-04-03 10:17 . 2013-04-03 10:25 -------- d-----w- c:\users\NS\AppData\Roaming\PDF Software
2013-04-03 10:17 . 2013-04-03 10:22 -------- d-----w- c:\program files (x86)\Common Files\Soda PDF 5
2013-03-26 08:26 . 2013-03-26 08:26 -------- d-----w- c:\windows\system32\IO
2013-03-25 21:15 . 2013-03-25 21:15 114688 ----a-w- c:\windows\system32\crzptxml.exe
2013-03-25 21:15 . 2011-03-25 20:42 338432 ----a-w- c:\windows\SysWow64\sqlite36_engine.dll
2013-03-25 21:15 . 2011-05-13 12:16 493056 ----a-w- c:\windows\SysWow64\dhRichClient3.dll
2013-03-25 21:14 . 2013-03-25 21:14 -------- d-----w- c:\users\NS\AppData\Roaming\Babylon
2013-03-25 21:14 . 2013-03-25 21:14 -------- d-----w- c:\programdata\Babylon
2013-03-25 21:14 . 2013-04-02 10:44 -------- d-----w- c:\users\NS\AppData\Roaming\DesktopIconForAmazon
2013-03-25 21:14 . 2013-03-25 21:14 -------- d-----w- c:\users\NS\AppData\Roaming\OCS
2013-03-25 21:11 . 2013-03-25 21:11 -------- d-----w- c:\users\NS\AppData\Roaming\IrfanView
2013-03-25 21:11 . 2013-03-25 21:11 -------- d-----w- c:\program files (x86)\IrfanView
2013-03-25 20:39 . 2013-03-25 20:39 4546560 ----a-w- c:\windows\SysWow64\GPhotos.scr
2013-03-21 15:33 . 2012-11-28 08:28 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B60F027F-0E91-4272-A5B5-C13D820C80EF}\gapaengine.dll
2013-03-16 19:51 . 2013-03-16 19:51 -------- d-----w- c:\program files (x86)\CI+ HD Channel Editor
2013-03-14 16:31 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2013-03-14 16:31 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-13 13:56 . 2013-03-13 13:56 -------- d-----w- c:\users\NS\AppData\Roaming\WebApp
2013-03-13 10:37 . 2013-03-15 07:43 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2013-03-12 10:03 . 2013-03-12 15:01 -------- d-----w- C:\output
2013-03-12 10:03 . 2013-03-12 10:03 -------- d-----w- c:\users\NS\AppData\Roaming\YCanPDF
2013-03-12 10:02 . 2013-03-14 23:02 -------- d-----w- C:\PDFToExcelConverter
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-02 10:34 . 2010-11-21 03:27 282744 ------w- c:\windows\system32\MpSigStub.exe
2013-03-13 10:12 . 2012-04-09 13:03 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 10:12 . 2011-10-27 20:01 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 02:03 . 2011-10-27 21:06 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-02-12 05:45 . 2013-03-13 00:43 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 00:43 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 00:43 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 05:45 . 2013-03-13 00:43 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 04:48 . 2013-03-13 00:43 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 00:43 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-31 10:32 . 2012-08-28 22:41 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2013-01-20 14:59 . 2013-01-20 14:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 14:59 . 2011-04-27 14:25 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-13 21:17 . 2013-02-27 02:00 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17 . 2013-02-27 02:00 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16 . 2013-02-27 02:00 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12 . 2013-02-27 02:00 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11 . 2013-02-27 02:00 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 02:00 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 02:00 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11 . 2013-02-27 02:00 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 02:00 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35 . 2013-02-27 02:00 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35 . 2013-02-27 02:00 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35 . 2013-02-27 02:00 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32 . 2013-02-27 02:00 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31 . 2013-02-27 02:00 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 02:00 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 02:00 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31 . 2013-02-27 02:00 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 02:00 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 02:00 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-01-13 20:22 . 2013-02-27 02:00 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-01-13 20:20 . 2013-02-27 02:00 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-01-13 20:09 . 2013-02-27 02:00 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08 . 2013-02-27 02:00 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-01-13 20:08 . 2013-02-27 02:00 1504768 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-01-13 19:59 . 2013-02-27 02:00 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-01-13 19:58 . 2013-02-27 02:00 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-01-13 19:54 . 2013-02-27 02:00 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-01-13 19:53 . 2013-02-27 02:00 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53 . 2013-02-27 02:00 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-01-13 19:51 . 2013-02-27 02:00 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-01-13 19:49 . 2013-02-27 02:00 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-01-13 19:48 . 2013-02-27 02:00 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-01-13 19:46 . 2013-02-27 02:00 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2013-01-13 19:43 . 2013-02-27 02:00 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38 . 2013-02-27 02:00 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-01-13 19:38 . 2013-02-27 02:00 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-01-13 19:38 . 2013-02-27 02:00 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-01-13 19:37 . 2013-02-27 02:00 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-01-13 19:25 . 2013-02-27 02:00 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-01-13 19:24 . 2013-02-27 02:00 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-01-13 19:24 . 2013-02-27 02:00 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-01-13 19:20 . 2013-02-27 02:00 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-01-13 19:20 . 2013-02-27 02:00 1238528 ----a-w- c:\windows\system32\d3d10.dll
2013-01-13 19:15 . 2013-02-27 02:00 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-01-13 19:10 . 2013-02-27 02:00 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-01-13 19:02 . 2013-02-27 02:00 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-01-13 18:34 . 2013-02-27 02:00 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32 . 2013-02-27 02:00 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-01-13 18:09 . 2013-02-27 02:00 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-01-13 17:26 . 2013-02-27 02:00 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-01-13 17:05 . 2013-02-27 02:00 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-01-11 10:39 . 2013-02-13 16:02 103936 ----a-w- c:\windows\system32\pdfcmon.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C737F472-1193-4281-BF53-A00B67AB3E19}]
2013-01-25 15:42 91488 ----a-w- c:\program files (x86)\Soda PDF 5\PDFIEHelper.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{F335ABA2-FDB4-4644-92B2-5CC4B0FC91D6}"= "c:\program files (x86)\Soda PDF 5\PDFIEPlugin.dll" [2013-01-25 691040]
.
[HKEY_CLASSES_ROOT\clsid\{f335aba2-fdb4-4644-92b2-5cc4b0fc91d6}]
[HKEY_CLASSES_ROOT\SodaPDF5_IEPlugin.PDFIEConverter.1]
[HKEY_CLASSES_ROOT\TypeLib\{DC275339-6DF9-41FB-AFB8-03BC81FBD9E5}]
[HKEY_CLASSES_ROOT\SodaPDF5_IEPlugin.PDFIEConverter]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-02-24 39408]
"MyTomTomSA.exe"="c:\program files (x86)\MyTomTom 3\MyTomTomSA.exe" [2012-09-10 436728]
"KSS"="c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" [2012-04-25 202296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"HotkeyApp"="c:\program files (x86)\Launch Manager\HotkeyApp.exe" [2011-08-06 207400]
"LMgrVolOSD"="c:\program files (x86)\Launch Manager\OSD.exe" [2011-08-06 348960]
"Wbutton"="c:\program files (x86)\Launch Manager\Wbutton.exe" [2011-08-13 447016]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-03 107816]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2011-03-30 87336]
"YouCam Mirage"="c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe" [2011-04-14 136488]
"YouCam Tray"="c:\program files (x86)\CyberLink\YouCam\YouCam.exe" [2011-04-14 228448]
"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2011-02-03 506712]
"Google Desktop Search"="c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [2012-02-25 30192]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-26 648032]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-10-16 1111432]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1612920]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-01-15 452016]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2012-12-12 163000]
.
c:\users\NS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DatenLeiste.doc - Verknüpfung.lnk - d:\priv\System\DatenLeiste.doc [2012-2-25 1250816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-09-15 299008]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-03-08 51712]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-03-08 274944]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2012-02-25 30192]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-03-23 59904]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-09-08 34200]
R3 IT9135BDA;IT9135 BDA Devices;c:\windows\system32\Drivers\IT9135BDA.sys [2011-10-27 158464]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R3 MHIKEY10;MHIKEY10;c:\windows\system32\Drivers\MHIKEY10x64.sys [2010-09-15 60288]
R3 MosIrUsb;MosIrUsb.sys;c:\windows\system32\DRIVERS\MosIrUsb.sys [2007-10-11 27648]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-09-16 340240]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 115240]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 19496]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 158760]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 137256]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 34344]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 136744]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 151592]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 hotcore3;hotcore3;c:\windows\SysWOW64\drivers\hotcore3.sys [2009-04-16 37392]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-10-17 28992]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-09-15 1166848]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-03-30 923984]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-03-30 1001808]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 CyberLink PowerDVD 10 MS Monitor Service;CyberLink PowerDVD 10 MS Monitor Service;c:\program files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [2011-04-13 70952]
S2 CyberLink PowerDVD 10 MS Service;CyberLink PowerDVD 10 MS Service;c:\program files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [2011-04-13 312616]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 KSS;Kaspersky Security Scan Service;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-04-25 202296]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe [2012-11-22 1522312]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe [2012-11-22 905864]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-26 398176]
S2 Soda PDF 5 Helper Service;Soda PDF 5 Helper Service;c:\program files (x86)\Soda PDF 5\HelperService.exe [2013-01-25 1237856]
S2 Soda PDF 5 Service;Soda PDF 5 Service;c:\program files (x86)\Soda PDF 5\ConversionService.exe [2013-01-25 877920]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-17 381248]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-28 2656280]
S2 ZcfgSvc7;Intel(R) PROSet/Wireless ZeroConfig Service;c:\program files\Intel\WiFi\bin\ZCfgSvc7.exe [2011-09-16 994064]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-09-15 299008]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-03-30 1321296]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-04-14 31088]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 317440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\drivers\iwdbus.sys [2011-09-08 25496]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-01-25 77424]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys [2011-03-15 311400]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 34032]
S3 tihub3;TI USB3 Hub Service;c:\windows\system32\DRIVERS\tihub3.sys [2011-09-08 136000]
S3 tixhci;TI XHCI Service;c:\windows\system32\drivers\tixhci.sys [2011-09-08 409408]
S3 WisLMSvc;WisLMSvc;c:\program files (x86)\Launch Manager\WisLMSvc.exe [2011-08-06 118560]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 23764305
*NewlyCreated* - 37764645
*NewlyCreated* - 74509516
*NewlyCreated* - 92046678
*Deregistered* - 23764305
*Deregistered* - 37764645
*Deregistered* - 74509516
*Deregistered* - 92046678
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-29 19:13 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 10:12]
.
2013-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 17:37]
.
2013-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 17:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelPROSet"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-09-16 1935120]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-09-16 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-26 12681320]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-14 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-14 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-14 440600]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-14 2779024]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.delta-search.com/?affID=119828&tt=190313_wo1&babsrc=HP_ss&mntrId=F22C4C80930653CE
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\NS\AppData\Roaming\Mozilla\Firefox\Profiles\ehts8irv.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/|hxxp://www.cig.canon-europe.com/login.html|hxxp://www.artenfinder.rlp.de/?wicket:interface=:2:1:hxxp://www.naturgucker.de/natur.dll/EXEC|hxxp://maps.google.de/|hxxp://www.lepiforum.de/cgi-bin/forum2010.pl|hxxp://wetter.zdf.de/
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=
FF - ExtSQL: 2013-03-31 19:48; firebug@software.joehewitt.com; c:\users\NS\AppData\Roaming\Mozilla\Firefox\Profiles\ehts8irv.default\extensions\firebug@software.joehewitt.com.xpi
FF - ExtSQL: 2013-03-31 19:49; firebug@tools.sitepoint.com; c:\users\NS\AppData\Roaming\Mozilla\Firefox\Profiles\ehts8irv.default\extensions\firebug@tools.sitepoint.com.xpi
FF - ExtSQL: 2013-04-03 12:21; FFSodaPDF5Converter@sodapdf.com; c:\program files (x86)\Soda PDF 5\FFSoda5Ext
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - f22c60950000000000004c80930653ce
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15789
FF - user.js: extensions.delta.vrsn - 1.8.10.0
FF - user.js: extensions.delta.vrsni - 1.8.10.0
FF - user.js: extensions.delta.vrsnTs - 1.8.10.022:15
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)
Toolbar-10 - (no file)
Toolbar-!{B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)
Wow6432Node-HKCU-Run-Polar Sync - (no file)
Wow6432Node-HKLM-Run-LMgrOSD - c:\program files (x86)\Launch Manager\OSDCtrl.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-10 - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-IT9130 DriverInstaller_11.8.2.1 - c:\users\ADMINI~1\AppData\Local\Temp\\DriverInstall64.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-04-10 17:54:19
ComboFix-quarantined-files.txt 2013-04-10 15:54
.
Vor Suchlauf: 11 Verzeichnis(se), 15.452.086.272 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 25.753.997.312 Bytes frei
.
- - End Of File - - 70F1F46A660767CC7BEC9845C9B3EEAA
|
|
10.04.2013, 21:37
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Unbekanntes Programm: Prozess iftutilx.exe gestoppt – von MSE geblockt CVE-2012-1723.gen + PWS:Win32/Fareit JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.04.2013, 23:18
| #11 |
| | Unbekanntes Programm: Prozess iftutilx.exe gestoppt – von MSE geblockt CVE-2012-1723.gen + PWS:Win32/Fareit Hallo cosinus, ich hoffe, ich habe alles richtig ausgeführt. Bei OTL wurde nur ein Logfile aufgemacht (und auf dem Desktop existiert auch nur diese Datei). Was kommt jetzt? Viele Grüße Norbert Ps.: Seltsamerweise zeigt die Vorschau nichts an. Ich klicke jetzt einfach mal auf Antworten in der Hoffnung, dass alles klappt. Klappt nicht - Text zu groß. Hänge jetzt mal die Otl-Log-Datei als Anhang an  .Diesmal scheint alles Ok.  Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.3 (04.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by NS on 10.04.2013 at 23:23:14,04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\searchsettings
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-603655822-4240508136-1539065088-1001\software\microsoft\internet explorer\main\\Start Page
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_local_machine\software\babylon
Successfully deleted: [Registry Key] hkey_current_user\software\babylontoolbar
Failed to delete: [Registry Key] hkey_local_machine\software\datamngr
Failed to delete: [Registry Key] hkey_current_user\software\datamngr_toolbar
Successfully deleted: [Registry Key] hkey_current_user\software\iminent
Successfully deleted: [Registry Key] hkey_local_machine\software\iminent
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\datamngrui_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\datamngrui_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\iminent_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\iminent_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\searchqumediabar_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\searchqumediabar_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\setupdatamngr_searchqu_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\setupdatamngr_searchqu_rasmancs
Failed to delete: [Registry Key] hkey_local_machine\software\wow6432node\datamngr
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{99079a25-328f-4bd4-be04-00955acaa0a7}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\Users\NS\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\NS\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\NS\AppData\Roaming\pdfforge"
Successfully deleted: [Folder] "C:\Users\NS\appdata\local\ilivid player"
Successfully deleted: [Folder] "C:\Users\NS\appdata\locallow\pdfforge"
Successfully deleted: [Folder] "C:\Users\NS\appdata\locallow\search settings"
Successfully deleted: [Folder] "C:\Program Files (x86)\ilivid"
Successfully deleted: [Folder] "C:\Program Files (x86)\searchqu toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\spigot"
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{0144035C-2F9E-43DC-954D-96AA7BA0322D}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{029EB262-4FE0-409C-AC9F-24F205842D26}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{02DA835B-1D26-44B6-8211-E8E4CB86C810}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{03448869-8081-43B2-8707-DCDB816BC0F5}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{04236CD1-F15C-4878-AAA9-3BAA3C9796B8}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{05CB639E-A914-4B9B-BA5A-EEAAEC0D1D6D}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{06E3C3ED-9F65-4C95-A457-AA26570C4FFE}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{0BFF42C6-B1F8-45A5-BF0F-8ECDC3BE3157}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{0D70E28B-E65D-4A7D-A437-B927DDBC4AB6}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{0FD1F7CA-3566-4677-B859-611BFC00BDAC}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{1016A64B-3064-4A59-AEB6-E2DD07878D83}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{106AAB48-CA68-4208-839E-A778E407AB07}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{1DFDCCAC-DE96-4BC4-9EA8-DC063CA7AA4A}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{1FAF5A9D-FDB2-4952-BDE2-08E7B8DE80FA}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{1FEA0F75-DABD-48F9-A529-A1586D08EDE9}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{229A5116-4D42-4669-A28E-C7469FC74313}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{22B67E4F-DBF8-46A8-AB7C-9539A7FE7E36}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{22B93BE3-8F1F-401E-8CEC-130003196545}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{249538DA-51E9-46C0-85E7-A2A40B435BE4}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{26726CD9-AEB9-4B9B-8A6D-0D9CF0B48BCD}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{26FC5DAF-ACD1-4DF5-AA3A-CF4B7955D5B5}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{2BD09B80-8FEE-4854-BE2E-0271E0EBC411}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{2C86DE83-2D1F-4C38-8525-C4578951CAD9}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{2D24BD74-4358-4204-9BEA-39E5974F9462}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{2EBEF995-83F7-442F-9C3F-08200CD73CE3}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{2EFD2C20-CEE6-4E52-AEA6-B5FEC7821C8F}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{2F2141CE-3658-4506-A948-8B3F4698A8DB}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{2F91295C-D923-4AEB-B23E-52129EC02161}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{32D8582B-EBDE-4AFC-8938-1A86CA12A965}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{34545026-A225-40D1-A764-281DB4A025F7}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{369929EC-2583-46DE-A3A7-6167A548B047}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{37F9DA48-E1C5-4840-A459-48268620AB57}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{39245995-2A16-41EB-8150-91A7B2E0A358}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{399697CE-41C2-4F60-87BD-DF9CCB96F0B6}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{3D489EBB-0695-43B6-85B2-61F300EA6737}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{44D98A89-C60B-439A-AA69-4D99A6F62993}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{48D68E38-D736-4702-948C-B2D318461445}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{4C298219-47FD-41DF-AA80-BBA885CB7669}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{52842145-4EBF-40B6-95A6-1C30E268F221}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{52AD561B-9C6D-461A-91BE-7F5046085599}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{52AD5832-E5E3-4015-97AB-5E59E4BB4EC8}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{57149468-6913-420D-8549-559BE1B95C95}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{57F26E4E-8337-4027-A274-0F6F1EE46517}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{582051F9-7C5B-4F81-B730-FF39E62ADFEF}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{583DA295-5776-423C-9C2E-75606F9F3982}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{59279A9B-B044-4F42-8894-3D218DE4149E}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{628E7189-3AC4-48A1-8796-84DA4DA10C4F}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{661662D1-F0A9-496D-B929-8F4976B451AF}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{6D550E53-3C20-4360-8760-C0A11707DC7B}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{732573F9-7641-4680-AA84-24400C01C743}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{736E9075-3ECE-4D85-96B2-103B5B27C7C1}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{73A72F0C-9068-4E5A-AA31-3D120027FBAC}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{741AB86D-B418-4327-AC9A-49F02CABD8E4}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{7DCF7E72-DC1A-4F40-BAAC-622C9AF7516F}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{7EFE0A50-2392-4C96-B51C-D84BE9E25B59}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{83D23D8A-B5D1-4406-91C5-B56663A0504C}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{8448815D-6FC5-4659-802C-C9FD3355A8FA}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{8693C553-5AC7-4F2F-973B-DD15EF8283E3}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{8924A2C2-17F6-4B8F-8BFC-FA9D434690E7}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{8D373788-E127-48B7-8A6D-1578882EA8C0}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{8DCD0A31-165C-4A6F-9E63-A1C5DF1BAA08}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{8DE2DFB6-D1E8-4011-8D8D-EAA4815890BB}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{90163DCA-0006-4DBF-B0C4-83F427FEDCFC}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{902DB355-1861-4034-85B8-F266F322A070}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{9071CE22-7A94-4103-988A-B84C6A9209A6}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{9786CBC4-080C-4DAF-B57A-EB5B22B7EF7A}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{9D1E5E1F-C4E3-4447-90AC-17EF69EE9169}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{9EBAEC10-6957-469D-AA82-E4C438AE03D7}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{A0348857-9B62-4AB4-B87D-734D2D16381B}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{AE4BF98B-740B-4D78-8832-006065FA1674}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{B0788BC1-98D5-47AC-BE6C-55D0FBD6C944}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{B0FF0B2E-01BC-4C5C-A0CA-A5E13E4BAC3F}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{B4DE22E2-F02B-4400-AD04-57C6BFEE3FB5}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{B697BF7B-1BCD-4C93-B57E-933F034A83F9}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{BD47F6AF-9CAF-43C0-B464-0B90AEA44B1C}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{BEABDC19-6BF8-4D71-B44F-A17F8043D1DD}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{C01B4B59-BEA4-4F97-BEB9-BCAB1A56F079}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{C1F22607-00F2-40EC-A088-3D5D3E821C8E}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{C4116D18-2958-48C3-BC94-13AE6FED99F1}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{C510EC89-2F08-44C7-80C4-578615DDE024}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{C83E1AC0-A464-411F-801F-8E77D86D72B5}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{CA59D99C-533D-404D-81AF-01E543CBE403}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{CC33E66A-DC63-4C54-8E40-14FDCF8B690B}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{CC58CF48-D199-4F03-9016-36BA5168BE7A}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{CC78B76C-1E1A-4F12-8CD1-573DFDF4DCD7}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{D1AA03E5-E0A2-49CE-B2FC-5E00AFF4B8E9}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{DD4A194B-F6C6-4DFF-B397-5A41DB002233}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{E293C62D-61E4-4F8D-B89E-918B44A82B83}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{E3836B45-90A9-4C87-B4BC-300E7D650C53}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{E3C66032-0996-49A9-8A9A-52E8E0AE7245}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{E588DFDC-05C5-49DF-AD39-AFBCBDB5FBBA}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{E6E5DBD1-556E-4D66-B005-C486A1416C26}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{EDD88111-44C0-4292-9821-CBBA25BC3646}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{EF0036D3-BE9C-4E17-8072-E5AF08623D00}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{EF2894AD-F41F-47E3-B4B4-6EEBECA67A86}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{F198EA6B-E9FB-4D50-8621-0F0A72BFF0B5}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{F7A9C141-7E4C-4866-990F-B5521951B781}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{FA163E2C-32F4-4FEF-B4E4-53869CFF795E}
Successfully deleted: [Empty Folder] C:\Users\NS\appdata\local\{FFBA7D71-93DB-431F-989D-AFBBC2AB96E5}
~~~ FireFox
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\search_results.xml"
Successfully deleted: [File] C:\Users\NS\AppData\Roaming\mozilla\firefox\profiles\ehts8irv.default\user.js
Successfully deleted: [File] C:\Users\NS\AppData\Roaming\mozilla\firefox\profiles\ehts8irv.default\searchplugins\delta.xml
Successfully deleted the following from C:\Users\NS\AppData\Roaming\mozilla\firefox\profiles\ehts8irv.default\prefs.js
user_pref("avg.install.userHPSettings", "hxxp://www.delta-search.com/?affID=119828&tt=190313_wo1&babsrc=HP_ss&mntrId=F22C4C80930653CE");
user_pref("avg.install.userSPSettings", "Delta Search");
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.dfltLng", "en");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.id", "f22c60950000000000004c80930653ce");
user_pref("extensions.delta.instlDay", "15789");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.newTab", false);
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.vrsn", "1.8.10.0");
user_pref("extensions.delta.vrsnTs", "1.8.10.022:15:53");
user_pref("extensions.delta.vrsni", "1.8.10.0");
Emptied folder: C:\Users\NS\AppData\Roaming\mozilla\firefox\profiles\ehts8irv.default\minidumps [74 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.04.2013 at 23:30:30,46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.200 - Datei am 10/04/2013 um 23:33:42 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : NS - NS_MD98920
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\NS\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Users\NS\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\NS\AppData\Roaming\OCS
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\pdfforge
Schlüssel Gelöscht : HKCU\Software\Search Settings
Schlüssel Gelöscht : HKCU\Software\d4dc8ab23ce544
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\pdfforge
Schlüssel Gelöscht : HKLM\Software\Search Settings
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\d4dc8ab23ce544
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16521
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v20.0 (de)
Datei : C:\Users\NS\AppData\Roaming\Mozilla\Firefox\Profiles\ehts8irv.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v26.0.1410.64
Datei : C:\Users\NS\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [11471 octets] - [10/04/2013 23:33:42]
########## EOF - C:\AdwCleaner[S1].txt - [11532 octets] ##########
|
|
11.04.2013, 08:42
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Unbekanntes Programm: Prozess iftutilx.exe gestoppt – von MSE geblockt CVE-2012-1723.gen + PWS:Win32/Fareit OTL-Log fehlt leider Zu große Logs bitte vorher zippen und dann anhängen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.04.2013, 08:58
| #13 |
| | Unbekanntes Programm: Prozess iftutilx.exe gestoppt – von MSE geblockt CVE-2012-1723.gen + PWS:Win32/Fareit Hallo cosinus, ich versuch mal jetzt, das Otglog allein zu posten. vielleicht klappts ja. Code:
ATTFilter OTL logfile created on: 10.04.2013 23:57:37 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\NS\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16521) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,91 Gb Total Physical Memory | 5,68 Gb Available Physical Memory | 71,80% Memory free 15,81 Gb Paging File | 13,71 Gb Available in Paging File | 86,67% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,66 Gb Total Space | 23,77 Gb Free Space | 24,34% Space Free | Partition Type: NTFS Drive D: | 296,99 Gb Total Space | 93,93 Gb Free Space | 31,63% Space Free | Partition Type: NTFS Drive E: | 100,00 Mb Total Space | 71,40 Mb Free Space | 71,40% Space Free | Partition Type: NTFS Drive F: | 70,00 Gb Total Space | 10,52 Gb Free Space | 15,03% Space Free | Partition Type: NTFS Drive G: | 414,66 Gb Total Space | 373,64 Gb Free Space | 90,11% Space Free | Partition Type: NTFS Drive H: | 50,00 Gb Total Space | 25,65 Gb Free Space | 51,31% Space Free | Partition Type: NTFS Drive J: | 465,76 Gb Total Space | 50,67 Gb Free Space | 10,88% Space Free | Partition Type: NTFS Computer Name: NS_MD98920 | User Name: NS | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\NS\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Soda PDF 5\HelperService.exe (LULU Software) PRC - C:\Program Files (x86)\Soda PDF 5\ConversionService.exe (LULU Software) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) PRC - C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GbR) PRC - C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GbR) PRC - C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe (TomTom) PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Launch Manager\WButton.exe (Wistron Corp.) PRC - C:\Program Files (x86)\Launch Manager\OSD.exe (Wistron Corp.) PRC - C:\Program Files (x86)\Launch Manager\HotkeyApp.exe (Wistron) PRC - C:\Program Files (x86)\Launch Manager\WisLMSvc.exe (Wistron Corp.) PRC - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE (CANON INC.) PRC - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink) PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe (CyberLink) PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe (Intel Corporation) PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation) PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) PRC - C:\Windows\WindowsMobile\WmdHost.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\346a7a67978cead8e2ff52c6d80bbeb7\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\500a8ae2a5d27132d87ccac9f97b0069\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Program Files (x86)\MyTomTom 3\DeviceDetection.dll () MOD - C:\Program Files (x86)\MyTomTom 3\TomTomSupporterProxy.dll () MOD - C:\Program Files (x86)\MyTomTom 3\TomTomSupporterBase.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtScript4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtGui4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtNetwork4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtSql4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtDeclarative4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtCore4.dll () MOD - C:\Program Files (x86)\Google\Google Desktop Search\gzlib.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - \\?\C:\Windows\WindowsMobile\AirSyncEngine.dll () MOD - \\?\C:\Windows\WindowsMobile\SyncStat.dll () ========== Services (SafeList) ========== SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV:64bit: - (ZcfgSvc7) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe (Intel(R) Corporation) SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe () SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV:64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation) SRV:64bit: - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.) SRV - (Sony PC Companion) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe (Avanquest Software) SRV - (Soda PDF 5 Helper Service) -- C:\Program Files (x86)\Soda PDF 5\HelperService.exe (LULU Software) SRV - (Soda PDF 5 Service) -- C:\Program Files (x86)\Soda PDF 5\ConversionService.exe (LULU Software) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (PDF Architect Helper Service) -- C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GbR) SRV - (PDF Architect Service) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GbR) SRV - (KSS) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (WisLMSvc) -- C:\Program Files (x86)\Launch Manager\WisLMSvc.exe (Wistron Corp.) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (CyberLink PowerDVD 10 MS Service) -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe (CyberLink) SRV - (CyberLink PowerDVD 10 MS Monitor Service) -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe (CyberLink) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation) SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation) SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (IT9135BDA) -- C:\Windows\SysNative\drivers\IT9135BDA.sys (ITE ) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation) DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation) DRV:64bit: - (tixhci) -- C:\Windows\SysNative\drivers\tixhci.sys (Texas Instruments Incorporated) DRV:64bit: - (tihub3) -- C:\Windows\SysNative\drivers\tihub3.sys (Texas Instruments Incorporated) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (epmntdrv) -- C:\Windows\SysNative\epmntdrv.sys () DRV:64bit: - (EuGdiDrv) -- C:\Windows\SysNative\EuGdiDrv.sys () DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation) DRV:64bit: - (iBtFltCoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation) DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\RtsUVStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation) DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (MHIKEY10) -- C:\Windows\SysNative\drivers\MHIKEY10x64.sys (Generic USB smartcard reader) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation) DRV:64bit: - (irda) -- C:\Windows\SysNative\drivers\irda.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (s0016mdm) -- C:\Windows\SysNative\drivers\s0016mdm.sys (MCCI Corporation) DRV:64bit: - (s0016unic) -- C:\Windows\SysNative\drivers\s0016unic.sys (MCCI Corporation) DRV:64bit: - (s0016mgmt) -- C:\Windows\SysNative\drivers\s0016mgmt.sys (MCCI Corporation) DRV:64bit: - (s0016obex) -- C:\Windows\SysNative\drivers\s0016obex.sys (MCCI Corporation) DRV:64bit: - (s0016nd5) -- C:\Windows\SysNative\drivers\s0016nd5.sys (MCCI Corporation) DRV:64bit: - (s0016mdfl) -- C:\Windows\SysNative\drivers\s0016mdfl.sys (MCCI Corporation) DRV:64bit: - (s0016bus) -- C:\Windows\SysNative\drivers\s0016bus.sys (MCCI Corporation) DRV:64bit: - (seehcri) -- C:\Windows\SysNative\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (MosIrUsb) -- C:\Windows\SysNative\drivers\MosIrUsb.sys () DRV - (epmntdrv) -- C:\Windows\SysWOW64\epmntdrv.sys () DRV - (EuGdiDrv) -- C:\Windows\SysWOW64\EuGdiDrv.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-603655822-4240508136-1539065088-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKU\S-1-5-21-603655822-4240508136-1539065088-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKU\S-1-5-21-603655822-4240508136-1539065088-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE - HKU\S-1-5-21-603655822-4240508136-1539065088-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-603655822-4240508136-1539065088-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-603655822-4240508136-1539065088-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-603655822-4240508136-1539065088-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-603655822-4240508136-1539065088-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKU\S-1-5-21-603655822-4240508136-1539065088-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-21-603655822-4240508136-1539065088-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-603655822-4240508136-1539065088-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-603655822-4240508136-1539065088-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-603655822-4240508136-1539065088-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-603655822-4240508136-1539065088-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-603655822-4240508136-1539065088-1001\..\SearchScopes,DefaultScope = {E7D41B83-5640-43E9-AE65-370EE8DD4514} IE - HKU\S-1-5-21-603655822-4240508136-1539065088-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7MDNE_deDE472&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-603655822-4240508136-1539065088-1001\..\SearchScopes\{9FC8F2C1-CE77-4ED7-B9AD-3D4A46CBBC5E}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKU\S-1-5-21-603655822-4240508136-1539065088-1001\..\SearchScopes\{E7D41B83-5640-43E9-AE65-370EE8DD4514}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNE_deDE472 IE - HKU\S-1-5-21-603655822-4240508136-1539065088-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=827316" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/|hxxp://www.cig.canon-europe.com/login.html|hxxp://www.artenfinder.rlp.de/?wicket:interface=:2:1:::|hxxp://www.naturgucker.de/natur.dll/EXEC|hxxp://maps.google.de/|hxxp://www.lepiforum.de/cgi-bin/forum2010.pl|hxxp://wetter.zdf.de/" FF - prefs.js..extensions.enabledAddons: firebug%40tools.sitepoint.com:1.6 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@canon.com/UCPlugin: C:\Program Files (x86)\Canon\Uploader for CANON iMAGE GATEWAY Plugin\\npUploaderForCiG.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2012.11.26 13:45:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFSodaPDF5Converter@sodapdf.com: C:\Program Files (x86)\Soda PDF 5\FFSoda5Ext [2013.04.03 12:21:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.03 02:01:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.13 12:37:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.03 02:01:55 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.13 12:37:46 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.07.15 13:28:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NS\AppData\Roaming\mozilla\Extensions [2013.03.31 19:49:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NS\AppData\Roaming\mozilla\Firefox\Profiles\ehts8irv.default\extensions [2013.01.15 12:10:41 | 000,045,330 | ---- | M] () (No name found) -- C:\Users\NS\AppData\Roaming\mozilla\firefox\profiles\ehts8irv.default\extensions\copyplaintext@teo.pl.xpi [2013.03.31 19:48:06 | 002,163,784 | ---- | M] () (No name found) -- C:\Users\NS\AppData\Roaming\mozilla\firefox\profiles\ehts8irv.default\extensions\firebug@software.joehewitt.com.xpi [2013.03.31 19:49:34 | 000,870,767 | ---- | M] () (No name found) -- C:\Users\NS\AppData\Roaming\mozilla\firefox\profiles\ehts8irv.default\extensions\firebug@tools.sitepoint.com.xpi [2012.08.28 16:40:24 | 000,455,379 | ---- | M] () (No name found) -- C:\Users\NS\AppData\Roaming\mozilla\firefox\profiles\ehts8irv.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2013.03.29 13:17:22 | 000,117,153 | ---- | M] () (No name found) -- C:\Users\NS\AppData\Roaming\mozilla\firefox\profiles\ehts8irv.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2013.02.14 12:11:59 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\NS\AppData\Roaming\mozilla\firefox\profiles\ehts8irv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.04.03 02:01:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.03 02:01:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.04.03 02:01:55 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.25 23:27:36 | 000,119,808 | ---- | M] (Google) -- C:\Program Files (x86)\mozilla firefox\components\GoogleDesktopMozilla.dll [2013.03.26 10:26:08 | 000,001,400 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.03.26 10:26:08 | 000,001,679 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.03.26 10:26:08 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.03.26 10:26:08 | 000,001,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml [2013.03.25 23:14:38 | 000,002,342 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\googledesktop.xml [2013.03.26 10:26:08 | 000,006,818 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.25 23:14:38 | 000,001,273 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.03.26 10:26:08 | 000,000,903 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml [2013.03.25 23:14:38 | 000,000,899 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: CHR - Extension: No name found = C:\Users\NS\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbdjiinahkdjdcdlgfimlcolkjpbooja\2.6.5_0\ O1 HOSTS File: ([2013.04.10 17:25:44 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Soda PDF 5 IE Helper) - {C737F472-1193-4281-BF53-A00B67AB3E19} - C:\Program Files (x86)\Soda PDF 5\PDFIEHelper.dll (LULU Software) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - !{8dcb7100-df86-4384-8842-8fa844297b3f} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - !{8dcb7100-df86-4384-8842-8fa844297b3f} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - !{B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found. O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (Soda PDF 5 IE Toolbar) - {F335ABA2-FDB4-4644-92B2-5CC4B0FC91D6} - C:\Program Files (x86)\Soda PDF 5\PDFIEPlugin.dll (LULU Software) O3:64bit: - HKU\S-1-5-21-603655822-4240508136-1539065088-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\S-1-5-21-603655822-4240508136-1539065088-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKU\S-1-5-21-603655822-4240508136-1539065088-1001\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [IntelPROSet] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Dolby Laboratories Inc.) O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe (Google) O4 - HKLM..\Run: [HotkeyApp] C:\Program Files (x86)\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.) O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files (x86)\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [Wbutton] C:\Program Files (x86)\Launch Manager\Wbutton.exe (Wistron Corp.) O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink) O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe (CyberLink Corp.) O4 - HKU\S-1-5-21-603655822-4240508136-1539065088-1000..\Run: [Power2GoExpress] NA File not found O4 - HKU\S-1-5-21-603655822-4240508136-1539065088-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-603655822-4240508136-1539065088-1001..\Run: [KSS] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO) O4 - HKU\S-1-5-21-603655822-4240508136-1539065088-1001..\Run: [MyTomTomSA.exe] C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe (TomTom) O4 - HKU\S-1-5-21-603655822-4240508136-1539065088-1001..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKU\S-1-5-21-603655822-4240508136-1539065088-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\NS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DatenLeiste.doc - Verknüpfung.lnk = D:\PRIV\System\DatenLeiste.doc () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-603655822-4240508136-1539065088-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-603655822-4240508136-1539065088-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-603655822-4240508136-1539065088-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-603655822-4240508136-1539065088-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-603655822-4240508136-1539065088-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKU\S-1-5-21-603655822-4240508136-1539065088-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-603655822-4240508136-1539065088-1001\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKU\S-1-5-21-603655822-4240508136-1539065088-1001\..Trusted Ranges: GD ([http] in Local intranet) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F5DF9EE-DB20-4D5F-824A-44184399E846}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED31E5C8-796E-426C-975C-2DA0D44533A5}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.) O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.10 23:23:07 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.04.10 23:22:43 | 000,000,000 | ---D | C] -- C:\JRT [2013.04.10 23:01:00 | 000,551,587 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\NS\Desktop\JRT.exe [2013.04.10 21:58:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.04.10 17:01:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.04.10 17:01:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.04.10 17:01:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.04.10 17:01:00 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.04.10 17:00:46 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.04.10 17:00:28 | 005,050,592 | R--- | C] (Swearware) -- C:\Users\NS\Desktop\ComboFix.exe [2013.04.09 00:32:27 | 000,000,000 | ---D | C] -- C:\Users\NS\Desktop\mbar-1.01.0.1022 [2013.04.09 00:06:50 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\NS\Desktop\tdsskiller.exe [2013.04.09 00:06:38 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\NS\Desktop\aswMBR.exe [2013.04.06 21:38:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\NS\Desktop\OTL.exe [2013.04.05 17:54:48 | 000,000,000 | ---D | C] -- C:\Users\NS\AppData\Roaming\Malwarebytes [2013.04.05 17:54:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.04.05 17:54:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.05 17:54:18 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.04.05 17:54:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.04.05 17:22:57 | 000,000,000 | ---D | C] -- C:\Users\NS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan [2013.04.05 17:22:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2013.04.05 17:22:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab [2013.04.03 12:57:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPacket [2013.04.03 12:57:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerPacket [2013.04.03 12:21:17 | 000,000,000 | ---D | C] -- C:\Users\NS\Documents\Soda PDF 5 Files [2013.04.03 12:21:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soda PDF 5 [2013.04.03 12:21:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Soda PDF 5 [2013.04.03 12:17:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Soda PDF 5 [2013.04.03 12:17:50 | 000,000,000 | ---D | C] -- C:\Users\NS\AppData\Roaming\PDF Software [2013.04.03 02:01:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.04.02 03:02:28 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013.04.02 03:02:28 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013.04.02 03:02:28 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013.04.02 03:02:27 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013.04.02 03:02:27 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013.04.02 03:02:27 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013.04.02 03:02:27 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013.04.02 03:02:27 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.04.02 03:02:27 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013.04.02 03:02:27 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013.04.02 03:02:27 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.04.02 03:02:27 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.04.02 03:02:27 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013.04.02 03:02:26 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.04.02 03:02:26 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013.04.02 03:02:26 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.04.02 03:02:26 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013.04.02 03:02:26 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.04.02 03:02:26 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013.04.02 03:02:26 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.04.02 03:02:26 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013.04.02 03:02:26 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013.04.02 03:02:26 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.04.02 03:02:26 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013.04.02 03:02:26 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013.04.02 03:02:26 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013.04.02 03:02:26 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.04.02 03:02:26 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013.04.02 03:02:26 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.04.02 03:02:26 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013.04.02 03:02:26 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013.04.02 03:02:25 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.04.02 03:02:25 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013.04.02 03:02:25 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013.04.02 03:02:25 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013.04.02 03:02:25 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.04.02 03:02:25 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.04.02 03:02:25 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013.04.02 03:02:25 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013.04.02 03:02:25 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013.04.02 03:02:25 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.04.02 03:02:25 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013.04.02 03:02:25 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013.04.02 03:02:25 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013.04.02 03:02:25 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013.04.02 03:02:25 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013.04.02 03:02:25 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.04.02 03:02:25 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.04.02 03:02:25 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013.04.02 03:02:25 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.04.02 03:02:25 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.04.02 03:02:25 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.04.02 03:02:25 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013.04.02 03:02:24 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.04.02 03:02:24 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.04.02 03:02:24 | 000,526,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.04.02 03:02:24 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.04.02 03:02:24 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013.04.02 03:02:24 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.04.02 03:02:24 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013.04.02 03:02:24 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013.04.02 03:02:24 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013.04.02 03:02:24 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013.04.02 03:02:24 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013.04.02 03:02:24 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013.04.02 03:02:24 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013.04.02 03:02:24 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013.04.02 03:02:24 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013.03.26 14:12:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013.03.26 10:26:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\IO [2013.03.25 23:15:27 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\SysWow64\dhRichClient3.dll [2013.03.25 23:14:38 | 000,000,000 | ---D | C] -- C:\Users\NS\AppData\Roaming\Opera [2013.03.25 23:11:29 | 000,000,000 | ---D | C] -- C:\Users\NS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView [2013.03.25 23:11:29 | 000,000,000 | ---D | C] -- C:\Users\NS\AppData\Roaming\IrfanView [2013.03.25 23:11:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView [2013.03.25 22:39:46 | 004,546,560 | ---- | C] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr [2013.03.16 21:51:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CI+ HD Channel Editor [2013.03.16 21:51:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CI+ HD Channel Editor [2013.03.14 18:31:59 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023x.sys [2013.03.14 18:31:59 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2013.03.13 15:56:07 | 000,000,000 | ---D | C] -- C:\Users\NS\AppData\Roaming\WebApp [2013.03.13 12:37:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.03.12 12:03:49 | 000,000,000 | ---D | C] -- C:\Users\NS\AppData\Roaming\YCanPDF [2013.03.12 12:03:49 | 000,000,000 | ---D | C] -- C:\output [2013.03.12 12:02:44 | 000,000,000 | ---D | C] -- C:\PDFToExcelConverter [2007.08.08 15:40:18 | 000,026,656 | ---- | C] (Intellon, Inc.) -- C:\Users\NS\AppData\Roaming\PLCND532.sys [2007.08.08 15:39:44 | 000,040,992 | ---- | C] (Intellon, Inc.) -- C:\Users\NS\AppData\Roaming\PLCND564.sys [2005.10.11 09:01:08 | 000,122,880 | ---- | C] (Intellon) -- C:\Users\NS\AppData\Roaming\PowerPacket Utility.exe ========== Files - Modified Within 30 Days ========== [2013.04.10 23:44:30 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.10 23:44:30 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.10 23:37:01 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.10 23:36:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.10 23:36:06 | 2073,456,639 | -HS- | M] () -- C:\hiberfil.sys [2013.04.10 23:09:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.10 23:08:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.10 23:00:02 | 000,551,587 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\NS\Desktop\JRT.exe [2013.04.10 22:57:47 | 000,613,083 | ---- | M] () -- C:\Users\NS\Desktop\adwcleaner.exe [2013.04.10 22:03:46 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.10 22:03:46 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.10 22:03:46 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.10 22:03:46 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.10 22:03:46 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.10 17:25:44 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.04.10 16:52:52 | 005,050,592 | R--- | M] (Swearware) -- C:\Users\NS\Desktop\ComboFix.exe [2013.04.09 17:07:17 | 913,316,291 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.04.09 00:29:54 | 000,000,512 | ---- | M] () -- C:\Users\NS\Desktop\MBR.dat [2013.04.09 00:04:50 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\NS\Desktop\tdsskiller.exe [2013.04.09 00:03:26 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\NS\Desktop\aswMBR.exe [2013.04.09 00:00:19 | 012,894,739 | ---- | M] () -- C:\Users\NS\Desktop\mbar-1.01.0.1022.zip [2013.04.06 21:59:28 | 000,377,856 | ---- | M] () -- C:\Users\NS\Desktop\gmer_2.1.19163.exe [2013.04.06 21:38:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\NS\Desktop\OTL.exe [2013.04.06 21:37:25 | 000,000,000 | ---- | M] () -- C:\Users\NS\defogger_reenable [2013.04.06 21:03:18 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.05 17:22:49 | 000,001,081 | ---- | M] () -- C:\Users\NS\Desktop\Kaspersky Security Scan.lnk [2013.04.03 12:57:30 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\PowerPacket Utility.lnk [2013.04.03 12:22:42 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\Soda PDF 5.lnk [2013.04.02 03:02:28 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013.04.02 03:02:28 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013.04.02 03:02:28 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013.04.02 03:02:28 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.04.02 03:02:27 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013.04.02 03:02:27 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013.04.02 03:02:27 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013.04.02 03:02:27 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013.04.02 03:02:27 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.04.02 03:02:27 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013.04.02 03:02:27 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013.04.02 03:02:27 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.04.02 03:02:27 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013.04.02 03:02:26 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.04.02 03:02:26 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013.04.02 03:02:26 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.04.02 03:02:26 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013.04.02 03:02:26 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.04.02 03:02:26 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013.04.02 03:02:26 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.04.02 03:02:26 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013.04.02 03:02:26 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013.04.02 03:02:26 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.04.02 03:02:26 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013.04.02 03:02:26 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013.04.02 03:02:26 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013.04.02 03:02:26 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.04.02 03:02:26 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013.04.02 03:02:26 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.04.02 03:02:26 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.04.02 03:02:26 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013.04.02 03:02:26 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013.04.02 03:02:25 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.04.02 03:02:25 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013.04.02 03:02:25 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013.04.02 03:02:25 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013.04.02 03:02:25 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.04.02 03:02:25 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.04.02 03:02:25 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013.04.02 03:02:25 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013.04.02 03:02:25 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013.04.02 03:02:25 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.04.02 03:02:25 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013.04.02 03:02:25 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013.04.02 03:02:25 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013.04.02 03:02:25 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013.04.02 03:02:25 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013.04.02 03:02:25 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.04.02 03:02:25 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.04.02 03:02:25 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013.04.02 03:02:25 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.04.02 03:02:25 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.04.02 03:02:25 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.04.02 03:02:25 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013.04.02 03:02:25 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.04.02 03:02:24 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.04.02 03:02:24 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.04.02 03:02:24 | 000,526,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.04.02 03:02:24 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.04.02 03:02:24 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013.04.02 03:02:24 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.04.02 03:02:24 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013.04.02 03:02:24 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013.04.02 03:02:24 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013.04.02 03:02:24 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013.04.02 03:02:24 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013.04.02 03:02:24 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013.04.02 03:02:24 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013.04.02 03:02:24 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013.04.02 03:02:24 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013.03.26 14:12:42 | 000,002,216 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2013.03.26 01:43:42 | 000,000,866 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog [2013.03.25 23:15:36 | 000,114,688 | ---- | M] () -- C:\Windows\SysNative\crzptxml.exe [2013.03.25 23:11:29 | 000,001,894 | ---- | M] () -- C:\Users\NS\Desktop\IrfanView Thumbnails.lnk [2013.03.25 23:11:29 | 000,001,002 | ---- | M] () -- C:\Users\NS\Desktop\IrfanView.lnk [2013.03.25 22:39:46 | 004,546,560 | ---- | M] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr [2013.03.19 13:47:11 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk [2013.03.18 16:00:53 | 001,064,872 | ---- | M] () -- C:\Users\NS\Documents\CHANLIS2.BIN [2013.03.15 20:13:20 | 000,001,946 | ---- | M] () -- C:\Users\Public\Desktop\Joe.lnk [2013.03.13 12:12:49 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.13 12:12:49 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2013.04.10 22:58:39 | 000,613,083 | ---- | C] () -- C:\Users\NS\Desktop\adwcleaner.exe [2013.04.10 17:01:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.04.10 17:01:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.04.10 17:01:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.04.10 17:01:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.04.10 17:01:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.04.09 17:07:17 | 913,316,291 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.04.09 00:29:54 | 000,000,512 | ---- | C] () -- C:\Users\NS\Desktop\MBR.dat [2013.04.09 00:06:18 | 012,894,739 | ---- | C] () -- C:\Users\NS\Desktop\mbar-1.01.0.1022.zip [2013.04.06 21:59:57 | 000,377,856 | ---- | C] () -- C:\Users\NS\Desktop\gmer_2.1.19163.exe [2013.04.06 21:37:25 | 000,000,000 | ---- | C] () -- C:\Users\NS\defogger_reenable [2013.04.05 17:54:26 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.05 17:22:57 | 000,001,081 | ---- | C] () -- C:\Users\NS\Desktop\Kaspersky Security Scan.lnk [2013.04.03 20:50:32 | 000,322,560 | ---- | C] () -- C:\Users\NS\Desktop\TREESIZE.EXE [2013.04.03 12:57:30 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\PowerPacket Utility.lnk [2013.04.03 12:22:42 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\Soda PDF 5.lnk [2013.04.02 03:02:26 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.04.02 03:02:25 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.03.26 14:12:42 | 000,002,216 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2013.03.25 23:17:14 | 000,000,866 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog [2013.03.25 23:15:35 | 000,114,688 | ---- | C] () -- C:\Windows\SysNative\crzptxml.exe [2013.03.25 23:15:28 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2013.03.25 23:11:29 | 000,001,894 | ---- | C] () -- C:\Users\NS\Desktop\IrfanView Thumbnails.lnk [2013.03.25 23:11:29 | 000,001,002 | ---- | C] () -- C:\Users\NS\Desktop\IrfanView.lnk [2013.03.19 13:47:11 | 000,002,030 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk [2013.03.19 12:50:50 | 000,002,054 | R--- | C] () -- C:\Users\NS\Desktop\HandyEmpfan_Sony PC Companion 2.1.lnk [2013.03.18 15:38:34 | 001,064,872 | ---- | C] () -- C:\Users\NS\Documents\CHANLIS2.BIN [2012.10.27 23:41:19 | 000,000,880 | ---- | C] () -- C:\Windows\wiso.ini [2012.04.27 23:13:13 | 000,007,613 | ---- | C] () -- C:\Users\NS\AppData\Local\Resmon.ResmonCfg [2012.02.27 11:39:59 | 000,015,428 | ---- | C] () -- C:\Users\NS\RefEdit.exd [2012.02.26 01:17:56 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.02.25 20:49:18 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2012.02.25 02:05:28 | 002,469,760 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe [2012.02.25 02:05:28 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe [2012.02.25 02:05:28 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll [2012.02.25 02:05:28 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys [2012.02.25 02:05:28 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys [2012.02.24 23:58:03 | 004,244,744 | ---- | C] () -- C:\Windows\SysWow64\qtp-mt334.dll [2012.02.24 23:58:03 | 000,247,560 | ---- | C] () -- C:\Windows\SysWow64\prgiso.dll [2012.02.24 23:58:03 | 000,013,576 | ---- | C] () -- C:\Windows\SysWow64\wnaspi32.dll [2012.02.24 22:34:34 | 000,000,042 | ---- | C] () -- C:\Windows\HBUser.ini [2012.02.24 20:48:39 | 000,017,408 | ---- | C] () -- C:\Users\NS\AppData\Local\WebpageIcons.db [2012.02.14 19:47:06 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012.02.14 19:47:06 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012.02.14 19:44:24 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.02.14 18:59:56 | 013,209,600 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.10.17 15:18:04 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.10.17 04:36:08 | 000,322,880 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2007.05.14 08:45:24 | 000,001,181 | ---- | C] () -- C:\Users\NS\AppData\Roaming\PLCLIB32.INI [2004.04.26 11:43:30 | 000,016,001 | ---- | C] () -- C:\Users\NS\AppData\Roaming\PLCNDIS3.VXD ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.11.26 13:45:16 | 000,000,000 | ---D | M] -- C:\Users\NS\AppData\Roaming\APP_NAME_NON_STRING [2012.06.27 13:12:21 | 000,000,000 | ---D | M] -- C:\Users\NS\AppData\Roaming\Ashampoo [2012.11.02 18:03:33 | 000,000,000 | ---D | M] -- C:\Users\NS\AppData\Roaming\Buhl Data Service [2012.12.09 20:08:13 | 000,000,000 | ---D | M] -- C:\Users\NS\AppData\Roaming\canon [2012.02.26 22:38:51 | 000,000,000 | ---D | M] -- C:\Users\NS\AppData\Roaming\Canon_Inc_IC [2013.01.19 21:23:24 | 000,000,000 | ---D | M] -- C:\Users\NS\AppData\Roaming\FreeCommander [2012.08.31 19:04:54 | 000,000,000 | ---D | M] -- C:\Users\NS\AppData\Roaming\FreeFileSync [2012.12.25 14:51:22 | 000,000,000 | ---D | M] -- C:\Users\NS\AppData\Roaming\FreeVideoConverter [2012.02.26 16:26:01 | 000,000,000 | ---D | M] -- C:\Users\NS\AppData\Roaming\Hulubulu [2013.03.25 23:11:29 | 000,000,000 | ---D | M] -- C:\Users\NS\AppData\Roaming\IrfanView [2012.08.29 00:00:11 | 000,000,000 | ---D | M] -- C:\Users\NS\AppData\Roaming\Leadertech [2012.11.02 01:40:44 | 000,000,000 | ---D | M] -- C:\Users\NS\AppData\Roaming\LibreOffice [2013.03.25 23:14:38 | 000,000,000 | ---D | M] -- C:\Users\NS\AppData\Roaming\Opera [2012.11.26 14:34:13 | 000,000,000 | ---D | M] -- C:\Users\NS\AppData\Roaming\PDF Architect [2013.04.03 12:25:47 | 000,000,000 | ---D | M] -- C:\Users\NS\AppData\Roaming\PDF Software [2012.08.12 21:32:57 | 000,000,000 | ---D | M] -- C:\Users\NS\AppData\Roaming\Sony [2012.02.24 22:16:32 | 000,000,000 | ---D | M] -- C:\Users\NS\AppData\Roaming\T-Online [2012.02.26 01:40:52 | 000,000,000 | ---D | M] -- C:\Users\NS\AppData\Roaming\Thunderbird [2012.11.26 13:46:55 | 000,000,000 | ---D | M] -- C:\Users\NS\AppData\Roaming\TuneUp Software [2013.03.13 15:56:07 | 000,000,000 | ---D | M] -- C:\Users\NS\AppData\Roaming\WebApp [2013.03.12 12:03:49 | 000,000,000 | ---D | M] -- C:\Users\NS\AppData\Roaming\YCanPDF ========== Purity Check ========== < End of report > |
|
11.04.2013, 10:09
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Unbekanntes Programm: Prozess iftutilx.exe gestoppt – von MSE geblockt CVE-2012-1723.gen + PWS:Win32/Fareit Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.04.2013, 22:43
| #15 |
| | Unbekanntes Programm: Prozess iftutilx.exe gestoppt – von MSE geblockt CVE-2012-1723.gen + PWS:Win32/Fareit Hallo cosinus, Quickscan mit Malewarebites hat keinen Befall festgestellt (war aber auch am Anfang schon so!). Der scan mit ESET hat insgesamt 7 Objekte gefunden – nicht auf dem Systemlaufwerk! 4 Funde auf Laufwerk D: = Datenlaufwerk davon 3 „Win32/HackTool.Gendel.A trojan“ die dort vermutlich schon lange schlummern. Diese stammen eigentlich aus einer vertrauenswürdigen Quelle (InsectIS - Entomofaunistisches Informationssystem - Dieses System wird von vielen Entomologen zur Erfassung von Schmetterlingsfunden angewendet. Ich habe vor längerer Zeit noch auf meinem alten Xp-Notebook versucht das System (Acess-Datenbanksystem) zu installieren, aber nicht zum laufen gebracht. Seitdem schlummern die Installationsroutinen auf meinen Rechnern. Können Sie mir sagen, was dieser Virus macht, damit ich den Verfasser gezielt ansprechen kann oder kann es sein, dass hier eine Fehlinterpretation des Virenscanners vorliegt? Dann noch ein mal "multiple threats" ac=I fn="D:\D\Install\dvrsetup.exe . Erstellt: 17.02.2009 letzter Zugriff: 25.02.12 Beschreibung: Digital Video Repair – Reparatur von Avi-VideoDateien hxxp://www.risingresearch.com/en/dvr/ Da das Datum letzter Zugriff genau aus der Zeit stammt als ich mir dieses Notebook angeschafft habe, könnte durchaus es sein, dass ich mir mit diesem Programm gleich den Virus eingefangen habe, es ist aber auch möglich, dass das Programm nur für mein altes Xp-Notebook war. Dann noch Laufwerk J: - Windows SystemBackup-Platte! Ursprünglich habe ich nicht daran gedacht, aber dass die Vieren dann auch beimWindows-Backup übernommen wurden war eigentlich klar. Auf meinen restlichen Sicherungsplatten wurde nichts gefunden. Weitere Vorgehensweise? Anscheinend schein das System jetzt soweit Ok zu sein. Ich würde jetzt den kompletten Insektis-Ordner sowie die Datei dvrsetup.exe von meinem Datenlaufwerk löschen. Das Windows Backup würde ich komplett löschen, die Platte neu formatieren und das Backup neu aktivieren. Beim Notebook2 würde ich die Systempartition ebenfalls komplett neu formatieren, diese reparierte Partition klonen und die 2 zusätzlichen Programme neu installieren. Anschließend nochmals auf dem neuen System Eset abwickeln – und wenn dann keine Fundmeldungen mehr kommen würde ich annehmen, dass das Problem mal behoben ist. Was mich etwas wundert ist, dass Eset auf der Backuplatte nur die Installationsprogramme, aber keinen Befall im System gefunden hat. Die letzte (automatische) Sicherung ist vom 7.4.13 21:34. Viele Grüße Norbert Ps.: Hat ewig gedauert bis Eset durch war. Vor allem die komplette System- und Datensicherungsplatte (USB) wollte nicht fertig werden. Eset habe ich auch noch nicht deinstalliert, falls wir ihn noch mal brauchen. Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b3d0eb1322de364889790f2416adb28f
# engine=13597
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-11 08:36:31
# local_time=2013-04-11 10:36:31 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 35503746 117342441 0 0
# scanned=886711
# found=7
# cleaned=0
# scan_time=34476
sh=EE0378FAC46B9CCBAA09D6B9115A9BAD740BED3D ft=0 fh=0000000000000000 vn="Win32/HackTool.Gendel.A trojan" ac=I fn="D:\bilder\Artenfinder\Auswertungen\InsectIS\insectis89.zip"
sh=54183157469A030B362BB6D5D6E3B56315D6C0E8 ft=1 fh=93f79e2d0ef07e99 vn="Win32/HackTool.Gendel.A trojan" ac=I fn="D:\bilder\Artenfinder\Auswertungen\InsectIS\insectis89\temp\ius_x32.ex_"
sh=54183157469A030B362BB6D5D6E3B56315D6C0E8 ft=1 fh=93f79e2d0ef07e99 vn="Win32/HackTool.Gendel.A trojan" ac=I fn="D:\bilder\Artenfinder\Auswertungen\InsectIS\setup\gendel32.ex_"
sh=CDE3F1FCB41A2239C7E8C328015DACB7758A1584 ft=1 fh=1f60bc031aac20ee vn="multiple threats" ac=I fn="D:\D\Install\dvrsetup.exe"
sh=2A398810F1DB804065D1CE777375FB57DFF5AB83 ft=0 fh=0000000000000000 vn="Win32/HackTool.Gendel.A trojan" ac=I fn="J:\NS_MD98920\Backup Set 2012-12-30 190005\Backup Files 2012-12-30 190005\Backup files 219.zip"
sh=2FF1CAC43812962CB9F2DB07D6129BE7FECF1BD9 ft=0 fh=0000000000000000 vn="Win32/HackTool.Gendel.A trojan" ac=I fn="J:\NS_MD98920\Backup Set 2012-12-30 190005\Backup Files 2012-12-30 190005\Backup files 33.zip"
sh=1591AE4389BE686CDB1D195850605FF16B4DFC35 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="J:\NS_MD98920\Backup Set 2012-12-30 190005\Backup Files 2012-12-30 190005\Backup files 37.zip"
|
|
| Themen zu Unbekanntes Programm: Prozess iftutilx.exe gestoppt – von MSE geblockt CVE-2012-1723.gen + PWS:Win32/Fareit |
| + pws:win32/fareit, administrator, autostart, chip.de, cve-2012-1723.gen, dateien, dumpfile, explorer, fehlermodul, forum, gmer, heur, home, iftutilx.exe, internet, kaspersky, laufwerk, lösung, microsoft, neu, online nach einer lösung suchen, problem, programm, prozess, pws:win32/fareit, rootkit, scan, schutz, security, suche, system, system32, unbekanntes programm, windows |
Linear-Darstellung
