| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Problem mit der Windows 7 FirewallWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
20.04.2013, 12:21
| #1 |
 |  Problem mit der Windows 7 Firewall Hallo, Das ist hier mein erstes Thema und ich hoffe, dass das hier das richtige Forum ist. Nun zu meinem Problem. Als ich gestern meinen PC startete, bemerkte ich, dass er viel länger zum hochfahren braucht als sonst. Ok, da dachte ich mir nichts schlimmes. Als er endlich hochgefahren war, musste ich festellen, dass kein Internet Anschluss verfügbar ist. (Dies schreibe ich auf einen anderen Rechner, wo alles noch im Butter ist.) Dann kam eine Meldung, dass die Firewall deaktiviert ist. Ich klickte darauf, wollte sie aktivieren. Dies ging nicht und ich klickte auf "manuell aktivieren". Dies führte auch zu keinem Erfolg, sie ist nicht aktivierbar. Selbst eine .bat Datei führt zu keinem Erfolg, ich vermute einen Virus. D: So, dass war mein Problem und nun zu ein paar Fakten zu meinem problematischem PC: Windows 7 Home Premium, 32 Bit. Antivierenprogramm AVG 2013. Ich kann jederzeit von diesem Rechner Programme auf meinem problematischem PC ziehen. Ich hoffe es ist mehr oder wenig verständlich, was ich hier verfasst habe. Eine Bitte habe ich noch, wenn ihr mir helfen wollt, schreibt bitte, bitte nicht in einer "Fachsprache" und erklärt mir am besten Schritt für Schritt was ich genau mechen muss, dankeschön. LG |
|
20.04.2013, 14:32
| #2 |
| /// TB-Ausbilder  | Problem mit der Windows 7 Firewall!! Hinweis an Mitlesende !! Dieses Thema und die Anweisungen sind nur für diesen speziellen Fall gedacht. Sie könnten andere Computer schwer beschädigen. Öffnet bitte euer eigenes Thema.  Ich werde dir bei deinem Problem helfen. Die Bereinigung funktioniert nur, wenn du dich an die folgenden Regeln hälst:  Bitte lesen:Regeln für die Bereinigung
Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!) Laufwerksemulationen abschalten mit Defogger Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop und starte es: Schritt 2: Scan mit aswMBR Downloade dir bitte Schritt 3: Scan mit dem TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte Schritt 4: Scan mit DDS+ (mit attach) Downloade dir bitte DDS (von sUBs) und speichere die Datei auf deinem Desktop.
__________________ |
|
20.04.2013, 17:11
| #3 |
| | Problem mit der Windows 7 Firewall Hallo!
__________________Erstmal danke für deine schnelle Hilfe! So jetzt mal zu den ganzen Logfiles. Als erstes die vom defogger Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:40 on 20/04/2013 (admin)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-20 17:41:31
-----------------------------
17:41:31.216 OS Version: Windows 6.1.7601 Service Pack 1
17:41:31.216 Number of processors: 2 586 0xF0B
17:41:31.216 ComputerName: ADMIN-PC UserName: admin
17:41:33.463 Initialize success
17:41:41.029 AVAST engine download error: 0
17:41:41.029 AVAST engine error: 10107
17:41:48.470 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
17:41:48.470 Disk 0 Vendor: ST9160412AS 0002SDM1 Size: 152627MB BusType: 3
17:41:48.626 Disk 0 MBR read successfully
17:41:48.642 Disk 0 MBR scan
17:41:48.642 Disk 0 Windows 7 default MBR code
17:41:48.657 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:41:48.673 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152525 MB offset 206848
17:41:48.673 Disk 0 scanning sectors +312578048
17:41:48.782 Disk 0 scanning C:\Windows\system32\drivers
17:41:57.034 Service scanning
17:42:14.085 Modules scanning
17:42:25.068 Disk 0 trace - called modules:
17:42:25.099 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll intelide.sys PCIIDEX.SYS atapi.sys
17:42:25.099 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87661460]
17:42:25.099 3 CLASSPNP.SYS[8a9c959e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x875a3318]
17:42:25.114 Scan finished successfully
17:42:38.250 Disk 0 MBR has been saved successfully to "C:\Users\admin\Desktop\MBR.dat"
17:42:38.265 The log file has been saved successfully to "C:\Users\admin\Desktop\aswMBR.txt"
Code:
ATTFilter 18:09:08.0287 3236 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:09:08.0302 3236 ============================================================
18:09:08.0302 3236 Current date / time: 2013/04/20 18:09:08.0302
18:09:08.0302 3236 SystemInfo:
18:09:08.0302 3236
18:09:08.0302 3236 OS Version: 6.1.7601 ServicePack: 1.0
18:09:08.0302 3236 Product type: Workstation
18:09:08.0302 3236 ComputerName: ADMIN-PC
18:09:08.0302 3236 UserName: admin
18:09:08.0302 3236 Windows directory: C:\Windows
18:09:08.0302 3236 System windows directory: C:\Windows
18:09:08.0302 3236 Processor architecture: Intel x86
18:09:08.0302 3236 Number of processors: 2
18:09:08.0302 3236 Page size: 0x1000
18:09:08.0302 3236 Boot type: Normal boot
18:09:08.0302 3236 ============================================================
18:09:09.0285 3236 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:09:09.0301 3236 ============================================================
18:09:09.0301 3236 \Device\Harddisk0\DR0:
18:09:09.0301 3236 MBR partitions:
18:09:09.0301 3236 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:09:09.0301 3236 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x129E6800
18:09:09.0301 3236 ============================================================
18:09:09.0332 3236 C: <-> \Device\Harddisk0\DR0\Partition2
18:09:09.0332 3236 ============================================================
18:09:09.0332 3236 Initialize success
18:09:09.0332 3236 ============================================================
18:09:10.0268 3740 ============================================================
18:09:10.0268 3740 Scan started
18:09:10.0268 3740 Mode: Manual;
18:09:10.0268 3740 ============================================================
18:09:11.0032 3740 ================ Scan system memory ========================
18:09:11.0032 3740 System memory - ok
18:09:11.0032 3740 ================ Scan services =============================
18:09:11.0142 3740 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:09:11.0142 3740 1394ohci - ok
18:09:11.0188 3740 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:09:11.0188 3740 ACPI - ok
18:09:11.0204 3740 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:09:11.0204 3740 AcpiPmi - ok
18:09:11.0344 3740 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:09:11.0344 3740 AdobeARMservice - ok
18:09:11.0454 3740 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:09:11.0454 3740 AdobeFlashPlayerUpdateSvc - ok
18:09:11.0516 3740 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:09:11.0532 3740 adp94xx - ok
18:09:11.0547 3740 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:09:11.0547 3740 adpahci - ok
18:09:11.0563 3740 Scan interrupted by user!
18:09:11.0563 3740 ================ Scan global ===============================
18:09:11.0563 3740 Scan interrupted by user!
18:09:11.0563 3740 ================ Scan MBR ==================================
18:09:11.0563 3740 Scan interrupted by user!
18:09:11.0563 3740 ================ Scan VBR ==================================
18:09:11.0563 3740 Scan interrupted by user!
18:09:11.0563 3740 ============================================================
18:09:11.0563 3740 Scan finished
18:09:11.0563 3740 ============================================================
18:09:11.0563 4072 Detected object count: 0
18:09:11.0563 4072 Actual detected object count: 0
18:09:16.0227 3048 ============================================================
18:09:16.0227 3048 Scan started
18:09:16.0227 3048 Mode: Manual; SigCheck; TDLFS;
18:09:16.0227 3048 ============================================================
18:09:16.0633 3048 ================ Scan system memory ========================
18:09:16.0633 3048 System memory - ok
18:09:16.0648 3048 ================ Scan services =============================
18:09:16.0804 3048 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:09:16.0882 3048 1394ohci - ok
18:09:16.0898 3048 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:09:16.0914 3048 ACPI - ok
18:09:16.0929 3048 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:09:16.0929 3048 AcpiPmi - ok
18:09:17.0038 3048 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:09:17.0054 3048 AdobeARMservice - ok
18:09:17.0132 3048 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:09:17.0148 3048 AdobeFlashPlayerUpdateSvc - ok
18:09:17.0179 3048 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:09:17.0194 3048 adp94xx - ok
18:09:17.0226 3048 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:09:17.0257 3048 adpahci - ok
18:09:17.0272 3048 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:09:17.0288 3048 adpu320 - ok
18:09:17.0319 3048 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:09:17.0350 3048 AeLookupSvc - ok
18:09:17.0397 3048 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
18:09:17.0428 3048 AFD - ok
18:09:17.0444 3048 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
18:09:17.0460 3048 agp440 - ok
18:09:17.0491 3048 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
18:09:17.0506 3048 aic78xx - ok
18:09:17.0538 3048 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
18:09:17.0553 3048 ALG - ok
18:09:17.0584 3048 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
18:09:17.0600 3048 aliide - ok
18:09:17.0616 3048 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
18:09:17.0616 3048 amdagp - ok
18:09:17.0631 3048 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
18:09:17.0647 3048 amdide - ok
18:09:17.0678 3048 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:09:17.0694 3048 AmdK8 - ok
18:09:17.0709 3048 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:09:17.0725 3048 AmdPPM - ok
18:09:17.0756 3048 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:09:17.0772 3048 amdsata - ok
18:09:17.0787 3048 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:09:17.0803 3048 amdsbs - ok
18:09:17.0818 3048 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:09:17.0834 3048 amdxata - ok
18:09:17.0912 3048 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:09:17.0943 3048 AntiVirSchedulerService - ok
18:09:17.0959 3048 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:09:17.0974 3048 AntiVirService - ok
18:09:18.0021 3048 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
18:09:18.0037 3048 AppID - ok
18:09:18.0084 3048 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:09:18.0115 3048 AppIDSvc - ok
18:09:18.0146 3048 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
18:09:18.0193 3048 Appinfo - ok
18:09:18.0240 3048 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
18:09:18.0255 3048 arc - ok
18:09:18.0271 3048 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:09:18.0286 3048 arcsas - ok
18:09:18.0396 3048 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:09:18.0427 3048 aspnet_state - ok
18:09:18.0458 3048 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:09:18.0489 3048 AsyncMac - ok
18:09:18.0536 3048 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
18:09:18.0536 3048 atapi - ok
18:09:18.0598 3048 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:09:18.0630 3048 AudioEndpointBuilder - ok
18:09:18.0645 3048 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
18:09:18.0676 3048 Audiosrv - ok
18:09:18.0879 3048 [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe
18:09:18.0973 3048 AVGIDSAgent - ok
18:09:19.0035 3048 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
18:09:19.0066 3048 avgntflt - ok
18:09:19.0098 3048 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe
18:09:19.0113 3048 avgwd - ok
18:09:19.0144 3048 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
18:09:19.0160 3048 avipbb - ok
18:09:19.0176 3048 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
18:09:19.0176 3048 avkmgr - ok
18:09:19.0222 3048 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:09:19.0238 3048 AxInstSV - ok
18:09:19.0285 3048 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
18:09:19.0300 3048 b06bdrv - ok
18:09:19.0332 3048 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
18:09:19.0347 3048 b57nd60x - ok
18:09:19.0394 3048 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
18:09:19.0425 3048 BDESVC - ok
18:09:19.0425 3048 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
18:09:19.0456 3048 Beep - ok
18:09:19.0503 3048 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
18:09:19.0534 3048 BFE - ok
18:09:19.0566 3048 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
18:09:19.0612 3048 BITS - ok
18:09:19.0628 3048 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:09:19.0628 3048 blbdrive - ok
18:09:19.0659 3048 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:09:19.0675 3048 bowser - ok
18:09:19.0690 3048 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:09:19.0706 3048 BrFiltLo - ok
18:09:19.0722 3048 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:09:19.0737 3048 BrFiltUp - ok
18:09:19.0768 3048 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
18:09:19.0784 3048 Browser - ok
18:09:19.0800 3048 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:09:19.0815 3048 Brserid - ok
18:09:19.0831 3048 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:09:19.0846 3048 BrSerWdm - ok
18:09:19.0862 3048 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:09:19.0878 3048 BrUsbMdm - ok
18:09:19.0878 3048 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:09:19.0893 3048 BrUsbSer - ok
18:09:19.0909 3048 [ DB99076533FFB38CBEC8AC88E4535850 ] BthAvrcp C:\Windows\system32\DRIVERS\BthAvrcp.sys
18:09:19.0924 3048 BthAvrcp - ok
18:09:19.0971 3048 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
18:09:19.0987 3048 BthEnum - ok
18:09:20.0002 3048 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:09:20.0018 3048 BTHMODEM - ok
18:09:20.0034 3048 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
18:09:20.0049 3048 BthPan - ok
18:09:20.0080 3048 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
18:09:20.0096 3048 BTHPORT - ok
18:09:20.0127 3048 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
18:09:20.0158 3048 bthserv - ok
18:09:20.0158 3048 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
18:09:20.0174 3048 BTHUSB - ok
18:09:20.0205 3048 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:09:20.0236 3048 cdfs - ok
18:09:20.0299 3048 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:09:20.0330 3048 cdrom - ok
18:09:20.0361 3048 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
18:09:20.0392 3048 CertPropSvc - ok
18:09:20.0408 3048 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:09:20.0424 3048 circlass - ok
18:09:20.0439 3048 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
18:09:20.0455 3048 CLFS - ok
18:09:20.0486 3048 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:09:20.0502 3048 clr_optimization_v2.0.50727_32 - ok
18:09:20.0548 3048 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:09:20.0564 3048 clr_optimization_v4.0.30319_32 - ok
18:09:20.0564 3048 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:09:20.0580 3048 CmBatt - ok
18:09:20.0595 3048 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:09:20.0611 3048 cmdide - ok
18:09:20.0642 3048 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
18:09:20.0658 3048 CNG - ok
18:09:20.0689 3048 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:09:20.0704 3048 Compbatt - ok
18:09:20.0720 3048 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:09:20.0736 3048 CompositeBus - ok
18:09:20.0751 3048 COMSysApp - ok
18:09:20.0767 3048 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:09:20.0782 3048 crcdisk - ok
18:09:20.0845 3048 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:09:20.0860 3048 CryptSvc - ok
18:09:20.0892 3048 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
18:09:20.0923 3048 DcomLaunch - ok
18:09:20.0954 3048 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
18:09:20.0970 3048 defragsvc - ok
18:09:21.0001 3048 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:09:21.0016 3048 DfsC - ok
18:09:21.0048 3048 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
18:09:21.0063 3048 Dhcp - ok
18:09:21.0079 3048 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
18:09:21.0094 3048 discache - ok
18:09:21.0157 3048 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:09:21.0204 3048 Disk - ok
18:09:21.0219 3048 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:09:21.0235 3048 Dnscache - ok
18:09:21.0266 3048 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
18:09:21.0282 3048 dot3svc - ok
18:09:21.0328 3048 [ B5E479EB83707DD698F66953E922042C ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
18:09:21.0344 3048 Dot4 - ok
18:09:21.0391 3048 [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
18:09:21.0422 3048 Dot4Print - ok
18:09:21.0438 3048 [ CF491FF38D62143203C065260567E2F7 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
18:09:21.0453 3048 dot4usb - ok
18:09:21.0484 3048 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
18:09:21.0500 3048 DPS - ok
18:09:21.0547 3048 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:09:21.0547 3048 drmkaud - ok
18:09:21.0594 3048 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:09:21.0609 3048 DXGKrnl - ok
18:09:21.0640 3048 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
18:09:21.0656 3048 EapHost - ok
18:09:21.0781 3048 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
18:09:21.0828 3048 ebdrv - ok
18:09:21.0859 3048 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
18:09:21.0874 3048 EFS - ok
18:09:21.0921 3048 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:09:21.0968 3048 ehRecvr - ok
18:09:21.0984 3048 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
18:09:21.0999 3048 ehSched - ok
18:09:22.0015 3048 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:09:22.0030 3048 elxstor - ok
18:09:22.0062 3048 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:09:22.0077 3048 ErrDev - ok
18:09:22.0108 3048 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
18:09:22.0140 3048 EventSystem - ok
18:09:22.0171 3048 ew_hwusbdev - ok
18:09:22.0186 3048 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
18:09:22.0202 3048 exfat - ok
18:09:22.0233 3048 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:09:22.0264 3048 fastfat - ok
18:09:22.0311 3048 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
18:09:22.0342 3048 Fax - ok
18:09:22.0358 3048 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:09:22.0358 3048 fdc - ok
18:09:22.0374 3048 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
18:09:22.0405 3048 fdPHost - ok
18:09:22.0436 3048 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
18:09:22.0483 3048 FDResPub - ok
18:09:22.0498 3048 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:09:22.0514 3048 FileInfo - ok
18:09:22.0545 3048 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:09:22.0576 3048 Filetrace - ok
18:09:22.0592 3048 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:09:22.0608 3048 flpydisk - ok
18:09:22.0623 3048 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:09:22.0639 3048 FltMgr - ok
18:09:22.0686 3048 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
18:09:22.0732 3048 FontCache - ok
18:09:22.0779 3048 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:09:22.0795 3048 FontCache3.0.0.0 - ok
18:09:22.0810 3048 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:09:22.0826 3048 FsDepends - ok
18:09:22.0842 3048 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:09:22.0857 3048 Fs_Rec - ok
18:09:22.0904 3048 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:09:22.0920 3048 fvevol - ok
18:09:22.0935 3048 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:09:22.0951 3048 gagp30kx - ok
18:09:22.0982 3048 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
18:09:23.0013 3048 gpsvc - ok
18:09:23.0029 3048 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:09:23.0029 3048 hcw85cir - ok
18:09:23.0091 3048 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:09:23.0122 3048 HdAudAddService - ok
18:09:23.0154 3048 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:09:23.0169 3048 HDAudBus - ok
18:09:23.0185 3048 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:09:23.0200 3048 HidBatt - ok
18:09:23.0216 3048 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:09:23.0247 3048 HidBth - ok
18:09:23.0263 3048 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:09:23.0294 3048 HidIr - ok
18:09:23.0310 3048 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
18:09:23.0325 3048 hidserv - ok
18:09:23.0356 3048 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:09:23.0372 3048 HidUsb - ok
18:09:23.0403 3048 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:09:23.0419 3048 hkmsvc - ok
18:09:23.0450 3048 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:09:23.0466 3048 HomeGroupListener - ok
18:09:23.0497 3048 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:09:23.0512 3048 HomeGroupProvider - ok
18:09:23.0590 3048 [ 08457D8F8149757C70CEA59C71EC5D27 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
18:09:23.0606 3048 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
18:09:23.0606 3048 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
18:09:23.0637 3048 [ 75CC8C5146A3FB76221A7606628778D5 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
18:09:23.0637 3048 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
18:09:23.0637 3048 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
18:09:23.0684 3048 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:09:23.0700 3048 HpSAMD - ok
18:09:23.0793 3048 [ 568E44F6DCFA173F3670172B69379891 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
18:09:23.0824 3048 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
18:09:23.0824 3048 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
18:09:23.0887 3048 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:09:23.0934 3048 HTTP - ok
18:09:23.0965 3048 huawei_cdcacm - ok
18:09:23.0965 3048 huawei_enumerator - ok
18:09:23.0980 3048 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:09:23.0996 3048 hwpolicy - ok
18:09:24.0043 3048 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:09:24.0074 3048 i8042prt - ok
18:09:24.0105 3048 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:09:24.0136 3048 iaStorV - ok
18:09:24.0183 3048 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:09:24.0199 3048 idsvc - ok
18:09:24.0339 3048 [ 9467514EA189475A6E7FDC5D7BDE9D3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
18:09:24.0402 3048 igfx - ok
18:09:24.0464 3048 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:09:24.0495 3048 iirsp - ok
18:09:24.0526 3048 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
18:09:24.0573 3048 IKEEXT - ok
18:09:24.0589 3048 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
18:09:24.0589 3048 intelide - ok
18:09:24.0636 3048 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:09:24.0636 3048 intelppm - ok
18:09:24.0682 3048 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:09:24.0698 3048 IPBusEnum - ok
18:09:24.0714 3048 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:09:24.0745 3048 IpFilterDriver - ok
18:09:24.0807 3048 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:09:24.0823 3048 iphlpsvc - ok
18:09:24.0838 3048 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:09:24.0854 3048 IPMIDRV - ok
18:09:24.0870 3048 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:09:24.0901 3048 IPNAT - ok
18:09:24.0932 3048 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:09:24.0948 3048 IRENUM - ok
18:09:24.0963 3048 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:09:24.0963 3048 isapnp - ok
18:09:24.0994 3048 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:09:24.0994 3048 iScsiPrt - ok
18:09:25.0041 3048 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:09:25.0041 3048 kbdclass - ok
18:09:25.0088 3048 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:09:25.0119 3048 kbdhid - ok
18:09:25.0150 3048 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
18:09:25.0166 3048 KeyIso - ok
18:09:25.0197 3048 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:09:25.0197 3048 KSecDD - ok
18:09:25.0213 3048 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:09:25.0228 3048 KSecPkg - ok
18:09:25.0260 3048 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
18:09:25.0291 3048 KtmRm - ok
18:09:25.0322 3048 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
18:09:25.0353 3048 LanmanServer - ok
18:09:25.0400 3048 [ 01CC7FB6E790EF044B411377F3A1FF41 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
18:09:25.0416 3048 LHidFilt - ok
18:09:25.0462 3048 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:09:25.0509 3048 lltdio - ok
18:09:25.0525 3048 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:09:25.0556 3048 lltdsvc - ok
18:09:25.0572 3048 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
18:09:25.0603 3048 lmhosts - ok
18:09:25.0618 3048 [ A2E7EAE8898D7B4B8C302B8F4E836BB5 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
18:09:25.0634 3048 LMouFilt - ok
18:09:25.0665 3048 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:09:25.0681 3048 LSI_FC - ok
18:09:25.0681 3048 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:09:25.0696 3048 LSI_SAS - ok
18:09:25.0712 3048 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:09:25.0728 3048 LSI_SAS2 - ok
18:09:25.0743 3048 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:09:25.0759 3048 LSI_SCSI - ok
18:09:25.0774 3048 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
18:09:25.0806 3048 luafv - ok
18:09:25.0837 3048 [ DDFA88E36D5F8DB5FBDBDDDC4969DB0A ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys
18:09:25.0837 3048 LUsbFilt - ok
18:09:25.0884 3048 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
18:09:25.0899 3048 MBAMProtector - ok
18:09:25.0930 3048 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
18:09:25.0946 3048 MBAMScheduler - ok
18:09:25.0977 3048 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:09:25.0993 3048 MBAMService - ok
18:09:26.0024 3048 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:09:26.0040 3048 Mcx2Svc - ok
18:09:26.0055 3048 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:09:26.0071 3048 megasas - ok
18:09:26.0102 3048 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:09:26.0118 3048 MegaSR - ok
18:09:26.0180 3048 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
18:09:26.0196 3048 Microsoft Office Groove Audit Service - ok
18:09:26.0227 3048 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
18:09:26.0258 3048 MMCSS - ok
18:09:26.0274 3048 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
18:09:26.0289 3048 Modem - ok
18:09:26.0336 3048 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:09:26.0352 3048 monitor - ok
18:09:26.0383 3048 [ 111A023266532C621EE69AE96E47081E ] MonitorFunction C:\Windows\system32\DRIVERS\TVMonitor.sys
18:09:26.0398 3048 MonitorFunction - ok
18:09:26.0445 3048 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:09:26.0476 3048 mouclass - ok
18:09:26.0492 3048 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:09:26.0492 3048 mouhid - ok
18:09:26.0523 3048 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:09:26.0539 3048 mountmgr - ok
18:09:26.0601 3048 [ 1C9B83F6A2D1F414F0ACD28D75605607 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:09:26.0632 3048 MozillaMaintenance - ok
18:09:26.0664 3048 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
18:09:26.0679 3048 mpio - ok
18:09:26.0679 3048 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:09:26.0710 3048 mpsdrv - ok
18:09:26.0742 3048 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:09:26.0773 3048 MpsSvc - ok
18:09:26.0788 3048 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:09:26.0804 3048 MRxDAV - ok
18:09:26.0851 3048 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:09:26.0866 3048 mrxsmb - ok
18:09:26.0882 3048 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:09:26.0898 3048 mrxsmb10 - ok
18:09:26.0913 3048 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:09:26.0929 3048 mrxsmb20 - ok
18:09:26.0944 3048 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
18:09:26.0960 3048 msahci - ok
18:09:26.0960 3048 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:09:26.0976 3048 msdsm - ok
18:09:26.0991 3048 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
18:09:27.0007 3048 MSDTC - ok
18:09:27.0054 3048 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:09:27.0085 3048 Msfs - ok
18:09:27.0085 3048 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:09:27.0116 3048 mshidkmdf - ok
18:09:27.0132 3048 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:09:27.0132 3048 msisadrv - ok
18:09:27.0163 3048 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:09:27.0194 3048 MSiSCSI - ok
18:09:27.0194 3048 msiserver - ok
18:09:27.0225 3048 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:09:27.0256 3048 MSKSSRV - ok
18:09:27.0256 3048 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:09:27.0288 3048 MSPCLOCK - ok
18:09:27.0319 3048 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:09:27.0350 3048 MSPQM - ok
18:09:27.0366 3048 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:09:27.0381 3048 MsRPC - ok
18:09:27.0381 3048 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:09:27.0397 3048 mssmbios - ok
18:09:27.0412 3048 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:09:27.0444 3048 MSTEE - ok
18:09:27.0444 3048 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:09:27.0459 3048 MTConfig - ok
18:09:27.0475 3048 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
18:09:27.0475 3048 Mup - ok
18:09:27.0506 3048 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
18:09:27.0537 3048 napagent - ok
18:09:27.0584 3048 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:09:27.0600 3048 NativeWifiP - ok
18:09:27.0678 3048 [ 5836B9E91863A00EC1B8E785EFD86ECB ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
18:09:27.0693 3048 NBService - ok
18:09:27.0724 3048 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:09:27.0756 3048 NDIS - ok
18:09:27.0787 3048 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:09:27.0802 3048 NdisCap - ok
18:09:27.0834 3048 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:09:27.0849 3048 NdisTapi - ok
18:09:27.0880 3048 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:09:27.0896 3048 Ndisuio - ok
18:09:27.0927 3048 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:09:27.0958 3048 NdisWan - ok
18:09:27.0974 3048 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:09:27.0990 3048 NDProxy - ok
18:09:28.0036 3048 [ 510C138564486FF926A3F773205C63D1 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
18:09:28.0036 3048 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
18:09:28.0036 3048 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
18:09:28.0068 3048 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:09:28.0083 3048 NetBIOS - ok
18:09:28.0114 3048 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:09:28.0146 3048 NetBT - ok
18:09:28.0146 3048 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
18:09:28.0161 3048 Netlogon - ok
18:09:28.0224 3048 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
18:09:28.0255 3048 Netman - ok
18:09:28.0286 3048 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:09:28.0302 3048 NetMsmqActivator - ok
18:09:28.0348 3048 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:09:28.0364 3048 NetPipeActivator - ok
18:09:28.0395 3048 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
18:09:28.0426 3048 netprofm - ok
18:09:28.0458 3048 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:09:28.0458 3048 NetTcpActivator - ok
18:09:28.0473 3048 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:09:28.0489 3048 NetTcpPortSharing - ok
18:09:28.0614 3048 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
18:09:28.0676 3048 netw5v32 - ok
18:09:28.0723 3048 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:09:28.0738 3048 nfrd960 - ok
18:09:28.0785 3048 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
18:09:28.0832 3048 NlaSvc - ok
18:09:28.0910 3048 [ A328A46D87BB92CE4D8A4528E9D84787 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
18:09:28.0926 3048 NMIndexingService - ok
18:09:28.0941 3048 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:09:28.0972 3048 Npfs - ok
18:09:28.0988 3048 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
18:09:29.0019 3048 nsi - ok
18:09:29.0035 3048 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:09:29.0066 3048 nsiproxy - ok
18:09:29.0113 3048 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:09:29.0144 3048 Ntfs - ok
18:09:29.0144 3048 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
18:09:29.0175 3048 Null - ok
18:09:29.0191 3048 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:09:29.0206 3048 nvraid - ok
18:09:29.0238 3048 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:09:29.0253 3048 nvstor - ok
18:09:29.0269 3048 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:09:29.0284 3048 nv_agp - ok
18:09:29.0331 3048 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:09:29.0362 3048 odserv - ok
18:09:29.0378 3048 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:09:29.0394 3048 ohci1394 - ok
18:09:29.0440 3048 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:09:29.0472 3048 ose - ok
18:09:29.0518 3048 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:09:29.0550 3048 p2pimsvc - ok
18:09:29.0565 3048 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
18:09:29.0581 3048 p2psvc - ok
18:09:29.0628 3048 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:09:29.0659 3048 Parport - ok
18:09:29.0674 3048 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:09:29.0690 3048 partmgr - ok
18:09:29.0706 3048 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
18:09:29.0721 3048 Parvdm - ok
18:09:29.0799 3048 PC Performer Manager - ok
18:09:29.0815 3048 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:09:29.0830 3048 PcaSvc - ok
18:09:29.0862 3048 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
18:09:29.0877 3048 pci - ok
18:09:29.0893 3048 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
18:09:29.0908 3048 pciide - ok
18:09:29.0924 3048 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:09:29.0940 3048 pcmcia - ok
18:09:29.0955 3048 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
18:09:29.0971 3048 pcw - ok
18:09:29.0986 3048 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:09:30.0018 3048 PEAUTH - ok
18:09:30.0080 3048 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
18:09:30.0111 3048 pla - ok
18:09:30.0174 3048 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:09:30.0205 3048 PlugPlay - ok
18:09:30.0252 3048 [ 37E5E8FFBAD35605DAEEC3224EA0E465 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
18:09:30.0252 3048 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
18:09:30.0252 3048 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
18:09:30.0283 3048 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:09:30.0283 3048 PNRPAutoReg - ok
18:09:30.0314 3048 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:09:30.0330 3048 PNRPsvc - ok
18:09:30.0345 3048 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:09:30.0376 3048 PolicyAgent - ok
18:09:30.0408 3048 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
18:09:30.0423 3048 Power - ok
18:09:30.0454 3048 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:09:30.0486 3048 PptpMiniport - ok
18:09:30.0517 3048 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:09:30.0532 3048 Processor - ok
18:09:30.0548 3048 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
18:09:30.0564 3048 ProfSvc - ok
18:09:30.0579 3048 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:09:30.0595 3048 ProtectedStorage - ok
18:09:30.0626 3048 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:09:30.0657 3048 Psched - ok
18:09:30.0688 3048 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:09:30.0735 3048 ql2300 - ok
18:09:30.0751 3048 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:09:30.0751 3048 ql40xx - ok
18:09:30.0782 3048 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
18:09:30.0798 3048 QWAVE - ok
18:09:30.0813 3048 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:09:30.0829 3048 QWAVEdrv - ok
18:09:30.0844 3048 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:09:30.0860 3048 RasAcd - ok
18:09:30.0891 3048 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:09:30.0907 3048 RasAgileVpn - ok
18:09:30.0922 3048 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
18:09:30.0954 3048 RasAuto - ok
18:09:30.0969 3048 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:09:30.0985 3048 Rasl2tp - ok
18:09:31.0032 3048 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
18:09:31.0078 3048 RasMan - ok
18:09:31.0094 3048 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:09:31.0110 3048 RasPppoe - ok
18:09:31.0125 3048 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:09:31.0156 3048 RasSstp - ok
18:09:31.0172 3048 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:09:31.0203 3048 rdbss - ok
18:09:31.0219 3048 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:09:31.0234 3048 rdpbus - ok
18:09:31.0250 3048 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:09:31.0266 3048 RDPCDD - ok
18:09:31.0297 3048 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:09:31.0328 3048 RDPENCDD - ok
18:09:31.0328 3048 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:09:31.0359 3048 RDPREFMP - ok
18:09:31.0390 3048 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:09:31.0390 3048 RDPWD - ok
18:09:31.0437 3048 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:09:31.0453 3048 rdyboost - ok
18:09:31.0468 3048 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
18:09:31.0500 3048 RemoteAccess - ok
18:09:31.0515 3048 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:09:31.0546 3048 RemoteRegistry - ok
18:09:31.0562 3048 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
18:09:31.0578 3048 RFCOMM - ok
18:09:31.0671 3048 [ 06A49B7BDC36CFBF97DD90804F833369 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
18:09:31.0702 3048 RichVideo - ok
18:09:31.0765 3048 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:09:31.0812 3048 RpcEptMapper - ok
18:09:31.0827 3048 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
18:09:31.0843 3048 RpcLocator - ok
18:09:31.0858 3048 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
18:09:31.0890 3048 RpcSs - ok
18:09:31.0952 3048 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:09:31.0999 3048 rspndr - ok
18:09:31.0999 3048 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
18:09:32.0014 3048 SamSs - ok
18:09:32.0061 3048 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:09:32.0077 3048 sbp2port - ok
18:09:32.0092 3048 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:09:32.0124 3048 SCardSvr - ok
18:09:32.0139 3048 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:09:32.0170 3048 scfilter - ok
18:09:32.0202 3048 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
18:09:32.0233 3048 Schedule - ok
18:09:32.0280 3048 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:09:32.0295 3048 SCPolicySvc - ok
18:09:32.0326 3048 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:09:32.0342 3048 SDRSVC - ok
18:09:32.0373 3048 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:09:32.0404 3048 secdrv - ok
18:09:32.0420 3048 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
18:09:32.0436 3048 seclogon - ok
18:09:32.0498 3048 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
18:09:32.0545 3048 SENS - ok
18:09:32.0576 3048 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:09:32.0607 3048 SensrSvc - ok
18:09:32.0638 3048 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:09:32.0654 3048 Serenum - ok
18:09:32.0685 3048 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:09:32.0701 3048 Serial - ok
18:09:32.0716 3048 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:09:32.0732 3048 sermouse - ok
18:09:32.0794 3048 [ 668043F192AB9659761A349A4703600D ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
18:09:32.0810 3048 ServiceLayer - ok
18:09:32.0841 3048 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
18:09:32.0872 3048 SessionEnv - ok
18:09:32.0904 3048 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:09:32.0904 3048 sffdisk - ok
18:09:32.0935 3048 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:09:32.0950 3048 sffp_mmc - ok
18:09:32.0966 3048 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:09:32.0966 3048 sffp_sd - ok
18:09:32.0982 3048 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:09:32.0997 3048 sfloppy - ok
18:09:33.0028 3048 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:09:33.0060 3048 SharedAccess - ok
18:09:33.0091 3048 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:09:33.0106 3048 ShellHWDetection - ok
18:09:33.0138 3048 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
18:09:33.0153 3048 sisagp - ok
18:09:33.0184 3048 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:09:33.0216 3048 SiSRaid2 - ok
18:09:33.0231 3048 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:09:33.0247 3048 SiSRaid4 - ok
18:09:33.0309 3048 [ 2F5AF9D91D51E832773D4A9EAF65CB33 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
18:09:33.0325 3048 SkypeUpdate - ok
18:09:33.0356 3048 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:09:33.0387 3048 Smb - ok
18:09:33.0434 3048 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:09:33.0450 3048 SNMPTRAP - ok
18:09:33.0465 3048 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
18:09:33.0465 3048 spldr - ok
18:09:33.0496 3048 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
18:09:33.0512 3048 Spooler - ok
18:09:33.0606 3048 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
18:09:33.0668 3048 sppsvc - ok
18:09:33.0684 3048 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:09:33.0699 3048 sppuinotify - ok
18:09:33.0871 3048 [ 1ED3834B42CD6ED09ACA29739EE55DC0 ] SProtection C:\Program Files\Common Files\Umbrella\umbrella.exe
18:09:33.0918 3048 SProtection - ok
18:09:33.0949 3048 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:09:33.0964 3048 srv - ok
18:09:33.0980 3048 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:09:33.0996 3048 srv2 - ok
18:09:34.0042 3048 [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS
18:09:34.0058 3048 SrvHsfHDA - ok
18:09:34.0089 3048 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS
18:09:34.0105 3048 SrvHsfV92 - ok
18:09:34.0136 3048 [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
18:09:34.0152 3048 SrvHsfWinac - ok
18:09:34.0183 3048 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:09:34.0198 3048 srvnet - ok
18:09:34.0214 3048 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:09:34.0245 3048 SSDPSRV - ok
18:09:34.0292 3048 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
18:09:34.0292 3048 ssmdrv - ok
18:09:34.0308 3048 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:09:34.0323 3048 SstpSvc - ok
18:09:34.0432 3048 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:09:34.0448 3048 stexstor - ok
18:09:34.0510 3048 [ EDB05BD63148796F23EA78506404A538 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
18:09:34.0542 3048 StillCam - ok
18:09:34.0604 3048 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
18:09:34.0620 3048 StiSvc - ok
18:09:34.0635 3048 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
18:09:34.0651 3048 swenum - ok
18:09:34.0666 3048 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
18:09:34.0698 3048 swprv - ok
18:09:34.0744 3048 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
18:09:34.0760 3048 SysMain - ok
18:09:34.0776 3048 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:09:34.0807 3048 TabletInputService - ok
18:09:34.0854 3048 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
18:09:34.0885 3048 TapiSrv - ok
18:09:34.0900 3048 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
18:09:34.0932 3048 TBS - ok
18:09:35.0010 3048 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:09:35.0041 3048 Tcpip - ok
18:09:35.0103 3048 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:09:35.0134 3048 TCPIP6 - ok
18:09:35.0181 3048 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:09:35.0212 3048 tcpipreg - ok
18:09:35.0244 3048 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:09:35.0259 3048 TDPIPE - ok
18:09:35.0290 3048 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:09:35.0306 3048 TDTCP - ok
18:09:35.0322 3048 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:09:35.0353 3048 tdx - ok
18:09:35.0478 3048 [ 641500967E5E87CF026DF0193AB84EA7 ] TeamViewer7 C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
18:09:35.0540 3048 TeamViewer7 - ok
18:09:35.0556 3048 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:09:35.0571 3048 TermDD - ok
18:09:35.0587 3048 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
18:09:35.0618 3048 TermService - ok
18:09:35.0634 3048 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
18:09:35.0649 3048 Themes - ok
18:09:35.0665 3048 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
18:09:35.0696 3048 THREADORDER - ok
18:09:35.0712 3048 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
18:09:35.0727 3048 TrkWks - ok
18:09:35.0774 3048 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:09:35.0821 3048 TrustedInstaller - ok
18:09:35.0836 3048 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:09:35.0852 3048 tssecsrv - ok
18:09:35.0899 3048 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:09:35.0930 3048 TsUsbFlt - ok
18:09:35.0961 3048 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:09:35.0992 3048 tunnel - ok
18:09:36.0008 3048 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:09:36.0024 3048 uagp35 - ok
18:09:36.0024 3048 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:09:36.0055 3048 udfs - ok
18:09:36.0070 3048 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:09:36.0086 3048 UI0Detect - ok
18:09:36.0117 3048 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:09:36.0133 3048 uliagpkx - ok
18:09:36.0164 3048 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:09:36.0180 3048 umbus - ok
18:09:36.0195 3048 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:09:36.0211 3048 UmPass - ok
18:09:36.0258 3048 [ 91263B03EF2E1C42A563ADB4C9A62E22 ] Update-Service C:\Windows\System32\UpdSvc.dll
18:09:36.0289 3048 Update-Service - ok
18:09:36.0304 3048 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
18:09:36.0336 3048 upnphost - ok
18:09:36.0367 3048 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
18:09:36.0382 3048 usbaudio - ok
18:09:36.0414 3048 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:09:36.0414 3048 usbccgp - ok
18:09:36.0429 3048 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:09:36.0445 3048 usbcir - ok
18:09:36.0492 3048 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:09:36.0523 3048 usbehci - ok
18:09:36.0570 3048 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:09:36.0585 3048 usbhub - ok
18:09:36.0616 3048 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
18:09:36.0632 3048 usbohci - ok
18:09:36.0648 3048 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:09:36.0663 3048 usbprint - ok
18:09:36.0679 3048 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:09:36.0694 3048 usbscan - ok
18:09:36.0741 3048 [ 31181DE6190B39FC8007DFFD1A48FFD6 ] usbser C:\Windows\system32\drivers\usbser.sys
18:09:36.0772 3048 usbser - ok
18:09:36.0788 3048 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:09:36.0804 3048 USBSTOR - ok
18:09:36.0819 3048 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:09:36.0819 3048 usbuhci - ok
18:09:36.0835 3048 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
18:09:36.0866 3048 UxSms - ok
18:09:36.0882 3048 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
18:09:36.0897 3048 VaultSvc - ok
18:09:36.0928 3048 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:09:36.0944 3048 vdrvroot - ok
18:09:36.0975 3048 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
18:09:37.0006 3048 vds - ok
18:09:37.0038 3048 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:09:37.0038 3048 vga - ok
18:09:37.0053 3048 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
18:09:37.0084 3048 VgaSave - ok
18:09:37.0100 3048 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:09:37.0116 3048 vhdmp - ok
18:09:37.0147 3048 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
18:09:37.0162 3048 viaagp - ok
18:09:37.0178 3048 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
18:09:37.0178 3048 ViaC7 - ok
18:09:37.0194 3048 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
18:09:37.0209 3048 viaide - ok
18:09:37.0225 3048 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:09:37.0240 3048 volmgr - ok
18:09:37.0256 3048 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:09:37.0272 3048 volmgrx - ok
18:09:37.0318 3048 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:09:37.0365 3048 volsnap - ok
18:09:37.0396 3048 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:09:37.0412 3048 vsmraid - ok
18:09:37.0459 3048 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
18:09:37.0490 3048 VSS - ok
18:09:37.0506 3048 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
18:09:37.0521 3048 vwifibus - ok
18:09:37.0568 3048 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
18:09:37.0599 3048 W32Time - ok
18:09:37.0615 3048 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:09:37.0630 3048 WacomPen - ok
18:09:37.0693 3048 [ 4AA2CC5979AFF984227364F2C23B04F3 ] WajamUpdater C:\Program Files\Wajam\Updater\WajamUpdater.exe
18:09:37.0708 3048 WajamUpdater ( UnsignedFile.Multi.Generic ) - warning
18:09:37.0708 3048 WajamUpdater - detected UnsignedFile.Multi.Generic (1)
18:09:37.0755 3048 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:09:37.0786 3048 WANARP - ok
18:09:37.0802 3048 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:09:37.0818 3048 Wanarpv6 - ok
18:09:37.0896 3048 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:09:37.0927 3048 WatAdminSvc - ok
18:09:37.0974 3048 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
18:09:38.0005 3048 wbengine - ok
18:09:38.0036 3048 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:09:38.0052 3048 WbioSrvc - ok
18:09:38.0083 3048 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:09:38.0114 3048 wcncsvc - ok
18:09:38.0114 3048 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:09:38.0130 3048 WcsPlugInService - ok
18:09:38.0161 3048 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:09:38.0176 3048 Wd - ok
18:09:38.0208 3048 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:09:38.0223 3048 Wdf01000 - ok
18:09:38.0239 3048 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:09:38.0254 3048 WdiServiceHost - ok
18:09:38.0254 3048 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:09:38.0286 3048 WdiSystemHost - ok
18:09:38.0301 3048 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
18:09:38.0332 3048 WebClient - ok
18:09:38.0348 3048 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:09:38.0379 3048 Wecsvc - ok
18:09:38.0379 3048 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:09:38.0410 3048 wercplsupport - ok
18:09:38.0426 3048 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
18:09:38.0457 3048 WerSvc - ok
18:09:38.0488 3048 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:09:38.0504 3048 WfpLwf - ok
18:09:38.0520 3048 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:09:38.0535 3048 WIMMount - ok
18:09:38.0582 3048 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
18:09:38.0598 3048 WinDefend - ok
18:09:38.0629 3048 WinHttpAutoProxySvc - ok
18:09:38.0676 3048 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:09:38.0691 3048 Winmgmt - ok
18:09:38.0738 3048 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
18:09:38.0769 3048 WinRM - ok
18:09:38.0816 3048 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:09:38.0832 3048 WinUsb - ok
18:09:38.0878 3048 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:09:38.0894 3048 Wlansvc - ok
18:09:38.0925 3048 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:09:38.0941 3048 WmiAcpi - ok
18:09:38.0956 3048 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:09:38.0972 3048 wmiApSrv - ok
18:09:39.0066 3048 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
18:09:39.0112 3048 WMPNetworkSvc - ok
18:09:39.0128 3048 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:09:39.0128 3048 WPCSvc - ok
18:09:39.0144 3048 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:09:39.0159 3048 WPDBusEnum - ok
18:09:39.0190 3048 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:09:39.0206 3048 ws2ifsl - ok
18:09:39.0206 3048 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
18:09:39.0237 3048 wscsvc - ok
18:09:39.0300 3048 [ 553F6CCD7C58EB98D4A8FBDAF283D7A9 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
18:09:39.0315 3048 WSDPrintDevice - ok
18:09:39.0331 3048 WSearch - ok
18:09:39.0393 3048 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
18:09:39.0440 3048 wuauserv - ok
18:09:39.0456 3048 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:09:39.0471 3048 WudfPf - ok
18:09:39.0487 3048 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:09:39.0502 3048 WUDFRd - ok
18:09:39.0565 3048 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:09:39.0596 3048 wudfsvc - ok
18:09:39.0612 3048 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
18:09:39.0627 3048 WwanSvc - ok
18:09:39.0690 3048 [ 24FB8DB6D1D55E2C5D0A53DFE48E6AF8 ] Yontoo Desktop Updater C:\Program Files\Yontoo\Y2Desktop.Updater.exe
18:09:39.0705 3048 Yontoo Desktop Updater ( UnsignedFile.Multi.Generic ) - warning
18:09:39.0705 3048 Yontoo Desktop Updater - detected UnsignedFile.Multi.Generic (1)
18:09:39.0721 3048 ================ Scan global ===============================
18:09:39.0752 3048 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
18:09:39.0768 3048 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
18:09:39.0768 3048 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
18:09:39.0783 3048 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
18:09:39.0814 3048 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
18:09:39.0814 3048 [Global] - ok
18:09:39.0814 3048 ================ Scan MBR ==================================
18:09:39.0830 3048 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:09:40.0220 3048 \Device\Harddisk0\DR0 - ok
18:09:40.0220 3048 ================ Scan VBR ==================================
18:09:40.0220 3048 [ DBE1D34A04B0547E447788D034931307 ] \Device\Harddisk0\DR0\Partition1
18:09:40.0220 3048 \Device\Harddisk0\DR0\Partition1 - ok
18:09:40.0251 3048 [ 836B7BFA006C0AE638807258854B83A4 ] \Device\Harddisk0\DR0\Partition2
18:09:40.0267 3048 \Device\Harddisk0\DR0\Partition2 - ok
18:09:40.0267 3048 ============================================================
18:09:40.0267 3048 Scan finished
18:09:40.0267 3048 ============================================================
18:09:40.0282 3656 Detected object count: 7
18:09:40.0282 3656 Actual detected object count: 7
18:09:49.0346 3656 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:49.0346 3656 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:49.0346 3656 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:49.0346 3656 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:49.0346 3656 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:49.0346 3656 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:49.0346 3656 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:49.0346 3656 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:49.0346 3656 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:49.0346 3656 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:49.0346 3656 WajamUpdater ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:49.0346 3656 WajamUpdater ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:49.0362 3656 Yontoo Desktop Updater ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:49.0362 3656 Yontoo Desktop Updater ( UnsignedFile.Multi.Generic ) - User select action: Skip
Nun zum DDS  attach)Code:
ATTFilter . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT .DDS Logfile: --- --- --- So das sind dann mal die Ergebnisse. LG |
|
20.04.2013, 21:10
| #4 |
| /// TB-Ausbilder | Problem mit der Windows 7 Firewall Prima. Da ist nur ein wenig Werbung. Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!) Deinstallation von Programmen
Schritt 2: AdwCleaner: Werbeprogramme suchen und löschen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 3: AdwCleaner wiederholen Die vorliegende Version der Werbeprogramme ist ziemlich hartnäckig und kann von AdwCleaner erfahrungsgemäss nur bei zweimaliger Anwendung entfernt werden. Also wiederhole diesen Schritt bitte und poste auch das Logfile. Schritt 4: Scan mit Combofix
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
21.04.2013, 00:48
| #5 |
| | Problem mit der Windows 7 Firewall So die Logfiles dann ADWCleaner die erste Code:
ATTFilter # AdwCleaner v2.200 - Datei am 21/04/2013 um 01:06:24 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : admin - ADMIN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\admin\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : PC Performer Manager
Gestoppt & Gelöscht : SProtection
Gestoppt & Gelöscht : WajamUpdater
Gestoppt & Gelöscht : Yontoo Desktop Updater
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Program Files\Mozilla Firefox\defaults\pref\all-iminent.js
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Datei Gelöscht : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Gelöscht mit Neustart : C:\Program Files\Common Files\Umbrella
Gelöscht mit Neustart : C:\ProgramData\pc performer manager
Ordner Gelöscht : C:\Program Files\BrowseToSave
Ordner Gelöscht : C:\Program Files\ChatZum Toolbar
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\EasyLife
Ordner Gelöscht : C:\Program Files\ICQ6Toolbar
Ordner Gelöscht : C:\Program Files\Iminent
Ordner Gelöscht : C:\Program Files\Wajam
Ordner Gelöscht : C:\Program Files\WebSearch
Ordner Gelöscht : C:\Program Files\Yontoo
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\Browse2save
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\Iminent
Ordner Gelöscht : C:\ProgramData\InstallMate
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browse2save
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
Ordner Gelöscht : C:\ProgramData\RightClick
Ordner Gelöscht : C:\ProgramData\SoftSafe
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\admin\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\admin\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Ordner Gelöscht : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Ordner Gelöscht : C:\Users\admin\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\admin\AppData\LocalLow\Browse2save
Ordner Gelöscht : C:\Users\admin\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\admin\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\Iminent
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\21xq5wus.default\extensions\plugin@yontoo.com
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\z24a0rb1.default\extensions\plugin@yontoo.com
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\PerformerSoft
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\Yontoo
Ordner Gelöscht : C:\Users\Gast\AppData\Local\AskToolbar
***** [Registrierungsdatenbank] *****
Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~1\browse~1\sprote~1.dll
Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~1\easylife\sprote~1.dll
Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~1\websea~1\sprote~1.dll
Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\pcperf~1\261123~1.78\{61d8b~1\pcpmngr.dll
Schlüssel Gelöscht : HKCU\Software\5255d8dce76ae514
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\SProtector
Schlüssel Gelöscht : HKCU\Software\ChatZum Toolbar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{01BD49D7-C76B-4310-8BEB-14D7E5F322C6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Wajam
Schlüssel Gelöscht : HKLM\SOFTWARE\5255d8dce76ae514
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\ChatZum Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{26C9BBE4-6D45-4AB6-A5B4-E068C9F5EF6D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3223F2FB-D9B9-45FC-9D66-CD717FFA4EE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.DownloadArgs
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.LinkToPromoteArgs
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.RawDataArgs
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.TinyUrlArgs
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.ViralLinkArgs
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ClientCallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ContractBase
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GameOverCallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetCreditCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableResult
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.InstallationContextResult
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LogoutCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MyAccountCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PlayContentCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PostContentCallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.SetVariableCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.TestContentCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WarmUpCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WelcomeCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerResult
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightContent
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightUri
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.MediatorServiceProxy
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandle.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandler
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0AF350D9-3916-454B-AC53-0B0B65F41301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{01BD49D7-C76B-4310-8BEB-14D7E5F322C6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\DVDVideoSoftTBToolbarHelper_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\DVDVideoSoftTBToolbarHelper_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0702826FCAC36EE52AC0441EEEEE2170
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1198E28F40C3E185E9958608554D4253
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15A073601B9AEC3549BE4A9314794615
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F7C80F9CE5CDF44E9AADDC99402534C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2310FC151CD4F185798FA0996B3524D7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\28572D2E2DE533256AC6B560EA573C22
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2ABB56EABB920EB59B04BDDD26A62083
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2DABA02DFED47E352A2FA2EBDD6F6187
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\311567B4A9A002050BB9423FD73FB880
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\373FCED70D7F84E5FB5F3F7B76BEE024
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3BE992C130B235E53A2937391FDCA35B
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3DA5F64B3483DE549947A9164ACBAD21
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3ED93605BB9B6635E9D0D86615AF31F1
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4759B017032BA185F9BA6F7DBC95A2D4
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4A78ABCBB54E46E5482A3EE0AD66C39E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4F9E947B6B895EB5A86757FC5D3DB862
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4FEEA83BF72B97E43A2DF0EE4BE4F261
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\509EC7EFB89B7D942997574AB14037A4
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50A730A9A3A61BF5BA70CA8A3B7C133B
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\51A95A1D4CDE4F958A9451FBB39BF54A
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\536133807DE80465BA6CD0A9742B7DE5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5E25036E68895D45B95E72D1C3C58C74
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60FD8CD5BE007315CA3B5C7E41F24017
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\618E7D05458C4F257909ED9C8CDC0D66
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\621C21014D3C152529E2460FA6304EE3
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6241FF6F317CABD4EBBEE0DE9076BD94
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\636B9C23C79154B57AB561F39A139BFD
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65AAF0F0CB7F0B45F900FDF19CEAAF2B
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6879A5E348601C45986308CA84958E94
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A6F3B7A9805E1F5492A1020EEDF2341
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B1F5D204E4EEB342A5AD1D7E60D61BF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7005A2A4DCF9DD7548137AB17E3A3AF3
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\712EAF07EE73CC65C822CC3BAE3B2483
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7947B301B2446E752A3FE06EAD7D26B5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7987CE52D13E16258B0E1E3DB1BB0974
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7BEED197C514FDA53901AE8DD8EF0891
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DFDCF03D46C34159BDE29FBDBF1ACF5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\890F436B85B790A55A582B7307DA12CE
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C13DA6755F685B529615C8E92B3CA39
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D07CD9CB3E6BE652872BF06A1CCA782
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\90841B1FC98200349925C88999866F17
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94194FDD4DF523E53A888D65722A135D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\95266D07D008D2E4E9B6F8E0DD15432A
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A72F23B1D745C27508518132197BC982
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A89E2B6FB14D8275DA63D075171DA184
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A9C43CD4001E9E4518B274AF9A0EFDA9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AABA081CF7F19915FBB80B3BAF47CE63
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AC2A0FFD0A1686D53A4E24D6E96949E4
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AE5BDB2750259915D8442D4591A7717B
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1A79C71D5DC1C150B76B6ED11195DFC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6D497DB33974935488761F7C4C3D755
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B752EF3300008394886C402CC27B474F
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B8C8BCC1206978D51A8B9EECBF806C53
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAD3576CEA646895B962F94754612791
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BB4091512C8F4295E99CE2D061ED2020
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEE6BBC9A31531F598794A62120B51C7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C19162788CA4D235E829F88E2F771567
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C71F07DA356B66B5484A8E7F2ADEB7DC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C96AD15EE8E887B56BAF2136A9088503
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C9E6B66ECC49D155888399C51D05C49E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA360F24F0B214744BE40657FDA0B727
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE85F265816AE2D4E9B73C3E207E679C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5389AEEA4A1E20428D045E86BCF643B
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5B62BB7BC607FB539585E2B7B6AFD16
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB027F01D4D53765C8E4FBE7DB77E07E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC2EB492393411F5ABE8ED13C59FBF20
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDCA763D4C48A105086B4CCCEE78043F
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DEF7558C7CD27EF46AF802AFBE402675
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E09F4A6B9D2A08B599AE9E38BFC93CD6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E27B6535D0D94A24E91047C7D86F27BC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E45D171E075A5425CBACF6631A45FA39
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E513C2076D90AD04F888BD762143F191
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E8F4C985459564F5B8DCFF2B3C7EBD27
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E96E33222BAC06B57A1FA9D72951C945
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EAA46CE9007F70A5CAFA5F26E5DDEBE5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE43FF091A8714A599F33EF2533FB59A
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE790015CF30DAA569960905FF1651A0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EEB44C47185BD304D80FDF5A4BBE8F54
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F214EB834D2EC474CA76C1CDE306CF3A
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F25491036D0FA5D5FA6742F5742F151A
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F4D1BA8B482D9734E943EE260A7ADEF2
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F71371A90E93D605C8B0A71F163F625C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7507D4D4C310125E9A22BD909A41FB6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F79C21D785419125595AC59458A6142D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA15C90F092A60F53A4E0F88CED02968
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA1CF130B3D58B553833ACB6BE8AFAD4
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB0F1A18E4F0DBD509A42F4D4C05C02A
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FD17ED194F1C2B457B4F6EF4AE8DEAF3
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{118D6CE9-5F18-42F9-958A-14676A629FDE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
Schlüssel Gelöscht : HKLM\Software\SP Global
Schlüssel Gelöscht : HKLM\Software\SProtector
Schlüssel Gelöscht : HKLM\Software\Tarma Installer
Schlüssel Gelöscht : HKLM\Software\Umbrella
Schlüssel Gelöscht : HKLM\Software\Wajam
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Iminent]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [IminentMessenger]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.chatzum.com/?orig=HP&affid=62&cztbid=1592898438 --> hxxp://www.google.com
-\\ Mozilla Firefox v20.0 (de)
Datei : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\21xq5wus.default\prefs.js
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\21xq5wus.default\user.js ... Gelöscht !
Gelöscht : user_pref("aol_toolbar.default.homepage.check", false);
Gelöscht : user_pref("aol_toolbar.default.search.check", false);
Gelöscht : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Gelöscht : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Gelöscht : user_pref("extentions.y2layers.defaultEnableAppsList", "DropDownDeals,buzzdock,YontooNewOffers");
Gelöscht : user_pref("extentions.y2layers.installId", "1bbb8843-53f2-4234-b021-9395dc02ed77");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Gelöscht : user_pref("sweetim.toolbar.searchguard.enable", "");
Datei : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\z24a0rb1.default\prefs.js
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\z24a0rb1.default\user.js ... Gelöscht !
Gelöscht : user_pref("aol_toolbar.default.homepage.check", false);
Gelöscht : user_pref("aol_toolbar.default.search.check", false);
Gelöscht : user_pref("browser.search.defaultenginename", "ChatZumSearch");
Gelöscht : user_pref("browser.search.defaultenginename,S", "WebSearch");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://websearch.pu-results.info/?pid=719&r=2013/03/11&hid=1[...]
Gelöscht : user_pref("browser.search.order.1", "ChatZumSearch");
Gelöscht : user_pref("browser.search.order.1,S", "WebSearch");
Gelöscht : user_pref("browser.search.selectedEngine,S", "WebSearch");
Gelöscht : user_pref("extensions.513dc955e6fce.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]
Gelöscht : user_pref("extensions.513dfbd818466.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]
Gelöscht : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Gelöscht : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Gelöscht : user_pref("extensions.BabylonToolbar_i.aflt", "babclient");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "");
Gelöscht : user_pref("extensions.BabylonToolbar_i.hardId", "9c65cf9e000000000000001a6bfe2658");
Gelöscht : user_pref("extensions.BabylonToolbar_i.id", "9c65cf9e000000000000001a6bfe2658");
Gelöscht : user_pref("extensions.BabylonToolbar_i.instlDay", "15787");
Gelöscht : user_pref("extensions.BabylonToolbar_i.instlRef", "std");
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", false);
Gelöscht : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Gelöscht : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "");
Gelöscht : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1721:50:09");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Gelöscht : user_pref("extensions.wajam.affiliate_id", "1401");
Gelöscht : user_pref("extensions.wajam.firstrun", "false");
Gelöscht : user_pref("extensions.wajam.log_send_info", "false");
Gelöscht : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21086\",\"supported_sites\":{\[...]
Gelöscht : user_pref("extensions.wajam.no_trace", "false");
Gelöscht : user_pref("extensions.wajam.server_current_mapping_version", "0.21086");
Gelöscht : user_pref("extensions.wajam.supported_sites.encryptedgoogle.wajam_google_js", "try {window['APP_LABE[...]
Gelöscht : user_pref("extensions.wajam.supported_sites.google.wajam_google_se_js", "try {window['APP_LABEL_NAME[...]
Gelöscht : user_pref("extensions.wajam.supported_sites.wikipedia.wajam_se_js", "try {window['APP_LABEL_NAME'] =[...]
Gelöscht : user_pref("extensions.wajam.supported_sites.youtubesearch.wajam_se_js", "try {window['APP_LABEL_NAME[...]
Gelöscht : user_pref("extensions.wajam.trace_log", "1364205966252 - onFlagInfoReceived - Server mapping version[...]
Gelöscht : user_pref("extensions.wajam.unique_id", "0EEBE5EBE514282EA2D234DD94C395C3");
Gelöscht : user_pref("extensions.wajam.user_current_mapping_version", "0");
Gelöscht : user_pref("extensions.wajam.version", "1.26");
Gelöscht : user_pref("extensions.wajam.website_version", "1.00265.1503");
Gelöscht : user_pref("id_chatzum_softonic.firstlaunch", "0");
Gelöscht : user_pref("id_chatzum_softonic.guid", "%7B76868EA1-B4F9-4AA2-A0C5-9FA661295B50%7D");
Gelöscht : user_pref("id_chatzum_softonic.hiddenvisual", 0);
Gelöscht : user_pref("id_chatzum_softonic.popupblockedcnt", "6");
Gelöscht : user_pref("id_chatzum_softonic.variables.Var1", "62");
Gelöscht : user_pref("id_chatzum_softonic.variables.Var2", "1592898438");
Gelöscht : user_pref("id_chatzum_softonic_installed_version", "1.0.20");
Gelöscht : user_pref("keyword.URL", "hxxp://search.chatzum.com/?orig=DS&affid=62&cztbid=1592898438&q=");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Gelöscht : user_pref("sweetim.toolbar.searchguard.enable", "");
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.1] : urls_to_restore_on_startup ={"backup":{"_signature":"BCsGPFryDJ2qCgI1WgZFmq/F8zbZSc7CEuzCXWFQpHA=","extensions":null},"browser":[...]
*************************
AdwCleaner[S1].txt - [49845 octets] - [21/04/2013 01:06:24]
########## EOF - C:\AdwCleaner[S1].txt - [49906 octets] ##########
Code:
ATTFilter # AdwCleaner v2.200 - Datei am 21/04/2013 um 01:14:51 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : admin - ADMIN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\admin\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Program Files\Common Files\Umbrella
Ordner Gelöscht : C:\ProgramData\pc performer manager
Ordner Gelöscht : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Ordner Gelöscht : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v20.0 (de)
Datei : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\21xq5wus.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\z24a0rb1.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [49976 octets] - [21/04/2013 01:06:24]
AdwCleaner[S2].txt - [1443 octets] - [21/04/2013 01:14:51]
########## EOF - C:\AdwCleaner[S2].txt - [1503 octets] ##########
Code:
ATTFilter ComboFix 13-04-20.02 - admin 21.04.2013 1:25.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.2038.1009 [GMT 2:00]
ausgeführt von:: c:\users\admin\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Outdated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\BrowisaE2asuaVe
c:\programdata\BrowisaE2asuaVe\513dc955e70b3.tlb
c:\programdata\BrowisaE2asuaVe\settings.ini
c:\programdata\BrowisaE2asuaVe\uninstall.exe
c:\programdata\Browwsea2save
c:\programdata\Browwsea2save\513dfbd818544.tlb
c:\programdata\Browwsea2save\settings.ini
c:\programdata\Browwsea2save\uninstall.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\BrowisaE2asuaVe
c:\programdata\Microsoft\Windows\Start Menu\Programs\BrowisaE2asuaVe\BrowisaE2asuaVe.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\BrowisaE2asuaVe\Uninstall.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Browwsea2save
c:\programdata\Microsoft\Windows\Start Menu\Programs\Browwsea2save\Browwsea2save.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Browwsea2save\Uninstall.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Sueearch-NeWTaab
c:\programdata\Microsoft\Windows\Start Menu\Programs\Sueearch-NeWTaab\Sueearch-NeWTaab.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Sueearch-NeWTaab\Uninstall.lnk
c:\programdata\Sueearch-NeWTaab
c:\programdata\Sueearch-NeWTaab\513dfbf6e5f7b.tlb
c:\programdata\Sueearch-NeWTaab\settings.ini
c:\programdata\Sueearch-NeWTaab\uninstall.exe
c:\users\admin\avg_tuh_stf_all_2013_2_24c5.exe
c:\users\admin\Rar
c:\windows\system32\roboot.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-03-20 bis 2013-04-20 ))))))))))))))))))))))))))))))
.
.
2013-04-20 23:34 . 2013-04-20 23:40 -------- d-----w- c:\users\admin\AppData\Local\temp
2013-04-20 23:34 . 2013-04-20 23:34 -------- d-----w- c:\users\Gast\AppData\Local\temp
2013-04-20 23:34 . 2013-04-20 23:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-20 23:33 . 2013-04-20 23:33 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2A27841D-AE84-43BE-A185-DF782472D048}\offreg.dll
2013-04-20 23:06 . 2013-04-20 23:07 157 ----a-w- c:\windows\DeleteOnReboot.bat
2013-04-12 11:32 . 2013-04-12 11:32 -------- d-----w- c:\users\admin\AppData\Roaming\Malwarebytes
2013-04-12 11:32 . 2013-04-12 11:32 -------- d-----w- c:\programdata\Malwarebytes
2013-04-12 11:32 . 2013-04-20 10:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-04-12 11:32 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-12 11:32 . 2013-04-12 11:32 -------- d-----w- c:\users\admin\AppData\Local\Programs
2013-03-29 00:36 . 2013-03-29 00:36 -------- d-----w- c:\program files\Common Files\Skype
2013-03-27 22:05 . 2013-04-20 10:57 -------- d-----w- c:\users\admin\AppData\Local\WBFSManager
2013-03-27 22:03 . 2013-03-27 22:03 -------- d-----w- c:\program files\WBFS
2013-03-27 18:22 . 2013-04-15 18:12 -------- d-----w- c:\users\admin\AppData\Roaming\uTorrent
2013-03-22 19:08 . 2013-03-22 23:23 -------- d--h--w- c:\program files\Temp
2013-03-22 19:08 . 2006-02-07 14:40 204800 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2013-03-22 19:08 . 2006-02-07 14:40 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2013-03-22 19:08 . 2006-02-07 14:45 757760 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2013-03-22 19:08 . 2006-02-07 14:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2013-03-22 19:08 . 2005-11-13 22:19 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2013-03-22 19:08 . 2013-03-22 19:08 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2013-03-22 19:08 . 2013-03-22 19:08 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2013-03-22 17:09 . 2013-03-22 17:09 -------- d-----w- c:\program files\ChadSoft
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-18 19:19 . 2013-03-18 19:19 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-03-18 19:19 . 2013-03-18 19:19 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-03-13 18:49 . 2012-04-13 14:05 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 18:49 . 2011-12-06 22:31 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-03 16:44 . 2013-02-03 16:44 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-02-03 16:43 . 2013-02-03 16:43 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-02-03 16:43 . 2013-02-03 16:43 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-03-27 02:17 . 2013-04-03 13:11 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-02-27 570664]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
.
R2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
R2 Update-Service;Update-Service;c:\windows\System32\svchost.exe [x]
R3 BthAvrcp;Bluetooth-AVRCP-Profil;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MonitorFunction;Driver for Monitor;c:\windows\system32\DRIVERS\TVMonitor.sys [x]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Update-Service-Installer-Service REG_MULTI_SZ Update-Service-Installer-Service
Update-Service REG_MULTI_SZ Update-Service
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 18:50]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/jordan.cab
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\z24a0rb1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
FF - ExtSQL: 2013-03-11 13:10; aywxv1ggtnp@aixcr-.org; c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\z24a0rb1.default\extensions\aywxv1ggtnp@aixcr-.org
FF - ExtSQL: 2013-03-11 16:44; btwuuko_cg@msl-bgbjv.org; c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\z24a0rb1.default\extensions\btwuuko_cg@msl-bgbjv.org
FF - ExtSQL: 2013-03-11 16:44; jezr-1rb@lqmyuyi-mxx.co.uk; c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\z24a0rb1.default\extensions\jezr-1rb@lqmyuyi-mxx.co.uk
FF - ExtSQL: 2013-03-20 16:26; webbooster@iminent.com; c:\program files\Iminent\webbooster@iminent.com
FF - ExtSQL: 2013-03-20 17:12; {ADFA33FD-16F5-4355-8504-DF4D664CFE83}; c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\z24a0rb1.default\extensions\{ADFA33FD-16F5-4355-8504-DF4D664CFE83}
FF - ExtSQL: 2013-04-02 22:09; yixo@qldatyiq.org; c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\z24a0rb1.default\extensions\yixo@qldatyiq.org
FF - ExtSQL: !HIDDEN! 2011-12-09 17:28; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{4C51ACE2-3EB4-EDF2-73AB-209B5B2C1D9B} - c:\programdata\Sueearch-NeWTaab\513dfbf6e5f7b.dll
BHO-{51DD1044-2B4D-DB1C-3FA3-D061A9D87B42} - c:\programdata\Browwsea2save\513dfbd818544.dll
BHO-{744C7169-AE45-E6D4-FBCE-2D18FF7574A2} - c:\programdata\BrowisaE2asuaVe\513dc955e70b3.dll
HKCU-Run-TomTomHOME.exe - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
HKCU-Run-Device Detection - c:\program files\Lidl_Fotos\dd.exe
HKCU-Run-Yontoo Desktop - c:\users\admin\AppData\Roaming\Yontoo\YontooDesktop.exe
HKLM-Run-MFARestart - c:\programdata\MFAData\pack\avgrunasx.exe
AddRemove-SP_0b98f1bc - c:\program files\EasyLife\uninstall.exe
AddRemove-SP_48c708f2 - c:\program files\BrowseToSave\uninstall.exe
AddRemove-SP_b0285714 - c:\program files\WebSearch\uninstall.exe
AddRemove-{1329021C-7F41-54BD-40A4-B064B5B1951E} - c:\progra~2\INSTAL~1\{3AC3B~1\Setup.exe
AddRemove-{135B3309-1D6E-DC72-A008-4D5F92EF54A0} - c:\progra~2\INSTAL~1\{8AF73~1\Setup.exe
AddRemove-{255107F6-0071-3C0D-2EB8-24EA5F801326} - c:\progra~2\INSTAL~1\{7AC21~1\Setup.exe
AddRemove-{49748D4F-882F-AFA4-285C-ED60AABE28D1} - c:\progra~2\INSTAL~1\{40C07~1\Setup.exe
AddRemove-{5A918930-28CD-90A5-4810-D93DE9D8D4CA} - c:\progra~2\INSTAL~1\{35B9A~1\Setup.exe
AddRemove-{89D484A7-CD05-EABB-5F57-9BB1090D2E67} - c:\progra~2\INSTAL~1\{208EB~1\Setup.exe
AddRemove-{ACE9FB2A-31A5-4285-9510-43F1636EAB21} - c:\progra~2\INSTAL~1\{ACE9F~1\Setup.exe
AddRemove-{C670DCAE-E392-AA32-6F42-143C7FC4BDFD} - c:\programdata\Sueearch-NeWTaab\uninstall.exe
AddRemove-{D55B16EC-714C-DBDB-3D28-116BCB98A025} - c:\progra~2\INSTAL~1\{9FE9F~1\Setup.exe
AddRemove-{F4875647-E728-931D-3124-DBA69B5C910A} - c:\progra~2\INSTAL~1\{DDFD8~1\Setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2070048282-3062225414-2777264324-1000\Software\Microsoft\Internet Explorer\Approved Extensions]
@DACL=(02 0000)
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,3b,1b,f1,06,46,
34,c1,08,0e,03,b6,a0,8f,e9,64,6d,01,8f
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,3b,1b,71,2d,97,
6c,f2,63,49,08,a9,fa,4b,fc,1e,7b,e0,60
"{9E131A93-EED7-4BEB-B015-A0ADB30B5646}"=hex:51,66,7a,6c,4c,1d,3b,1b,83,06,01,
80,e0,bd,80,0e,ae,16,e0,ed,b0,48,15,58
"{000F18F2-09EB-4A59-82B2-5AE4184C39C3}"=hex:51,66,7a,6c,4c,1d,3b,1b,e2,04,1d,
1e,dc,5a,32,0f,9c,b1,1a,a4,1b,0f,7a,dd
"{4D2D3B0F-69BE-477A-90F5-FDDB05357975}"=hex:51,66,7a,6c,4c,1d,3b,1b,1f,27,3f,
53,89,3a,11,02,8e,f6,bd,9b,06,76,3a,6b
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\AVG\AVG2013\avgemcx.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-04-21 01:44:11 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-04-20 23:44
.
Vor Suchlauf: 5 Verzeichnis(se), 78.987.300.864 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 78.713.843.712 Bytes frei
.
- - End Of File - - 6F19A96A619A7951DB490AD83AF55C9E
|
|
21.04.2013, 12:51
| #6 |
| /// TB-Ausbilder | Problem mit der Windows 7 Firewall Meine Güte. Ne Menge Holz. Du hast zwei Virenscanner. Bitte deinstalliere einen davon und führe Combofix nochmals aus.
__________________ --> Problem mit der Windows 7 Firewall |
|
21.04.2013, 14:16
| #7 |
| | Problem mit der Windows 7 FirewallCode:
ATTFilter ComboFix 13-04-20.02 - admin 21.04.2013 14:57:17.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.2038.1133 [GMT 2:00]
ausgeführt von:: E:\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-03-21 bis 2013-04-21 ))))))))))))))))))))))))))))))
.
.
2013-04-21 13:04 . 2013-04-21 13:04 -------- d-----w- c:\users\Gast\AppData\Local\temp
2013-04-21 13:04 . 2013-04-21 13:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-21 12:54 . 2013-04-21 12:54 -------- d-----w- c:\users\admin\AppData\Local\Avg2013
2013-04-20 23:34 . 2013-04-21 13:10 -------- d-----w- c:\users\admin\AppData\Local\temp
2013-04-20 23:33 . 2013-04-21 13:00 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2A27841D-AE84-43BE-A185-DF782472D048}\offreg.dll
2013-04-20 23:06 . 2013-04-20 23:07 157 ----a-w- c:\windows\DeleteOnReboot.bat
2013-04-12 11:32 . 2013-04-12 11:32 -------- d-----w- c:\users\admin\AppData\Roaming\Malwarebytes
2013-04-12 11:32 . 2013-04-12 11:32 -------- d-----w- c:\programdata\Malwarebytes
2013-04-12 11:32 . 2013-04-12 11:32 -------- d-----w- c:\users\admin\AppData\Local\Programs
2013-03-29 00:36 . 2013-03-29 00:36 -------- d-----w- c:\program files\Common Files\Skype
2013-03-27 22:05 . 2013-04-20 10:57 -------- d-----w- c:\users\admin\AppData\Local\WBFSManager
2013-03-27 22:03 . 2013-03-27 22:03 -------- d-----w- c:\program files\WBFS
2013-03-27 18:22 . 2013-04-15 18:12 -------- d-----w- c:\users\admin\AppData\Roaming\uTorrent
2013-03-22 19:08 . 2013-03-22 23:23 -------- d--h--w- c:\program files\Temp
2013-03-22 19:08 . 2006-02-07 14:40 204800 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2013-03-22 19:08 . 2006-02-07 14:40 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2013-03-22 19:08 . 2006-02-07 14:45 757760 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2013-03-22 19:08 . 2006-02-07 14:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2013-03-22 19:08 . 2005-11-13 22:19 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2013-03-22 19:08 . 2013-03-22 19:08 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2013-03-22 19:08 . 2013-03-22 19:08 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2013-03-22 17:09 . 2013-03-22 17:09 -------- d-----w- c:\program files\ChadSoft
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-18 19:19 . 2013-03-18 19:19 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-03-18 19:19 . 2013-03-18 19:19 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-03-13 18:49 . 2012-04-13 14:05 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 18:49 . 2011-12-06 22:31 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-03 16:44 . 2013-02-03 16:44 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-02-03 16:43 . 2013-02-03 16:43 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-02-03 16:43 . 2013-02-03 16:43 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-03-27 02:17 . 2013-04-03 13:11 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-02-27 570664]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
.
R2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [x]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
R2 Update-Service;Update-Service;c:\windows\System32\svchost.exe [x]
R3 BthAvrcp;Bluetooth-AVRCP-Profil;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S3 MonitorFunction;Driver for Monitor;c:\windows\system32\DRIVERS\TVMonitor.sys [x]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Update-Service-Installer-Service REG_MULTI_SZ Update-Service-Installer-Service
Update-Service REG_MULTI_SZ Update-Service
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 18:50]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/jordan.cab
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\21xq5wus.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - ExtSQL: !HIDDEN! 2011-12-09 17:28; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2070048282-3062225414-2777264324-1000\Software\Microsoft\Internet Explorer\Approved Extensions]
@DACL=(02 0000)
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,3b,1b,f1,06,46,
34,c1,08,0e,03,b6,a0,8f,e9,64,6d,01,8f
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,3b,1b,71,2d,97,
6c,f2,63,49,08,a9,fa,4b,fc,1e,7b,e0,60
"{9E131A93-EED7-4BEB-B015-A0ADB30B5646}"=hex:51,66,7a,6c,4c,1d,3b,1b,83,06,01,
80,e0,bd,80,0e,ae,16,e0,ed,b0,48,15,58
"{000F18F2-09EB-4A59-82B2-5AE4184C39C3}"=hex:51,66,7a,6c,4c,1d,3b,1b,e2,04,1d,
1e,dc,5a,32,0f,9c,b1,1a,a4,1b,0f,7a,dd
"{4D2D3B0F-69BE-477A-90F5-FDDB05357975}"=hex:51,66,7a,6c,4c,1d,3b,1b,1f,27,3f,
53,89,3a,11,02,8e,f6,bd,9b,06,76,3a,6b
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-04-21 15:13:00 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-04-21 13:13
ComboFix2.txt 2013-04-20 23:44
.
Vor Suchlauf: 11 Verzeichnis(se), 78.967.685.120 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 78.773.133.312 Bytes frei
.
- - End Of File - - 90C80126AFE10494EDE9040DBD6892FC
|
|
21.04.2013, 14:19
| #8 |
| /// TB-Ausbilder | Problem mit der Windows 7 Firewall Prima. So ich sehe da etwas sehr unangenehmes und es könnte sein, dass wir das nicht wegbekommen, daher sicher bitte vor den nächsten Schritten alle wichtigen Systemsdateien. Customscan mit OTL
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
21.04.2013, 15:12
| #9 |
| | Problem mit der Windows 7 Firewall OTL: Code:
ATTFilter OTL logfile created on: 21.04.2013 16:01:15 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\admin\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 63,38% Memory free 3,98 Gb Paging File | 3,25 Gb Available in Paging File | 81,74% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 148,95 Gb Total Space | 73,24 Gb Free Space | 49,17% Space Free | Partition Type: NTFS Drive E: | 980,72 Mb Total Space | 963,09 Mb Free Space | 98,20% Space Free | Partition Type: FAT Computer Name: ADMIN-PC | User Name: admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\admin\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (Update-Service) -- C:\Windows\System32\UpdSvc.dll (Joosoft.com GmbH) SRV - (TeamViewer7) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (mbr) -- C:\Users\admin\AppData\Local\Temp\mbr.sys File not found DRV - (huawei_enumerator) -- system32\DRIVERS\ew_jubusenum.sys File not found DRV - (huawei_cdcacm) -- system32\DRIVERS\ew_jucdcacm.sys File not found DRV - (ew_hwusbdev) -- system32\DRIVERS\ew_hwusbdev.sys File not found DRV - (catchme) -- C:\Users\admin\AppData\Local\Temp\catchme.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (MonitorFunction) -- C:\Windows\System32\drivers\TVMonitor.sys (TeamViewer GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (BthAvrcp) -- C:\Windows\System32\drivers\BthAvrcp.sys (CSR, plc) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.) DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{1}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2070048282-3062225414-2777264324-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-2070048282-3062225414-2777264324-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page Before = hxxp://search.b1.org/?bsrc=4hixr&chid=c167991 IE - HKU\S-1-5-21-2070048282-3062225414-2777264324-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-2070048282-3062225414-2777264324-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Before = hxxp://search.b1.org/?bsrc=4hixr&chid=c167991 IE - HKU\S-1-5-21-2070048282-3062225414-2777264324-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-2070048282-3062225414-2777264324-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 73 21 09 8B 40 B4 CC 01 [binary data] IE - HKU\S-1-5-21-2070048282-3062225414-2777264324-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-2070048282-3062225414-2777264324-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-2070048282-3062225414-2777264324-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-2070048282-3062225414-2777264324-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2070048282-3062225414-2777264324-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-2070048282-3062225414-2777264324-1000\..\SearchScopes\{1}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKU\S-1-5-21-2070048282-3062225414-2777264324-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-2070048282-3062225414-2777264324-1000\..\SearchScopes\{BDFFE5DB-AD20-49BA-8BA5-E5C262FCD6F8}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=114506&babsrc=SP_clro&mntrId=9c65cf9e000000000000001a6bfe2658 IE - HKU\S-1-5-21-2070048282-3062225414-2777264324-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaultenginename,S: S", "" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.order.1,S: S", "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.selectedEngine,S: S", "" FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.12.09 18:28:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.15 20:13:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.12.09 18:28:56 | 000,000,000 | ---D | M] [2012.04.01 20:22:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Extensions [2012.04.01 20:22:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2013.04.21 01:06:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\21xq5wus.default\extensions [2013.04.21 01:06:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\z24a0rb1.default\extensions [2013.04.03 15:11:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013.03.27 04:17:36 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013.03.27 05:32:09 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.03.27 05:32:09 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.03.27 05:32:09 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.03.27 05:32:09 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.27 05:32:09 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.03.27 05:32:09 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - Extension: No name found = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: No name found = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: No name found = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcapaopeljafjihcnecmoadikpfaehef\1\ CHR - Extension: No name found = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekofeaecaghdipehglnbbfefcjphhoam\1\ CHR - Extension: No name found = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\ CHR - Extension: No name found = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jffneeklbegfgjgbjpoefbnhmehkdecc\1\ CHR - Extension: No name found = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelocaekmibdobambaiolkbnjnekogdb\1\ CHR - Extension: No name found = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2013.04.21 15:10:32 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O3 - HKU\S-1-5-21-2070048282-3062225414-2777264324-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2070048282-3062225414-2777264324-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2070048282-3062225414-2777264324-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O15 - HKU\S-1-5-21-2070048282-3062225414-2777264324-1000\..Trusted Domains: fritz.repeater ([]* in Local intranet) O15 - HKU\S-1-5-21-2070048282-3062225414-2777264324-1000\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/canvasx.cab (CanvasX Class) O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/jordan.cab (JordanUploader Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC0699E3-C9BB-4FE1-A3F9-9F8FA6A6E0CD}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EAD389B4-0EB8-49AC-A3A7-321172EAB820}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: LanmanWorkstation - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.04.21 15:29:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe [2013.04.21 15:10:36 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2013.04.21 14:54:37 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Avg2013 [2013.04.21 01:34:23 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\temp [2013.04.21 01:23:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.04.21 01:23:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.04.21 01:23:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.04.21 01:23:02 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.04.21 01:22:44 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.04.14 16:32:00 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\Daten [2013.04.12 13:32:49 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Malwarebytes [2013.04.12 13:32:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.12 13:32:24 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Programs [2013.04.03 15:11:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2013.03.29 02:36:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2013.03.28 00:05:39 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\WBFSManager [2013.03.28 00:03:33 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WBFS Manager [2013.03.28 00:03:30 | 000,000,000 | ---D | C] -- C:\Program Files\WBFS [2013.03.27 20:22:10 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\uTorrent [2013.03.22 21:08:48 | 000,000,000 | -H-D | C] -- C:\Program Files\Temp [2013.03.22 19:09:11 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ChadSoft [2013.03.22 19:09:09 | 000,000,000 | ---D | C] -- C:\Program Files\ChadSoft [2012.06.11 19:14:50 | 016,418,456 | ---- | C] (Mozilla) -- C:\Users\admin\Firefox_Setup_13.0.exe [2012.06.08 17:20:08 | 036,965,680 | ---- | C] (Microsoft Corporation) -- C:\Users\admin\IE9-Windows7-x64-9.0.6-deu.exe [2012.06.08 17:18:34 | 017,010,016 | ---- | C] (Microsoft Corporation) -- C:\Users\admin\IE8-WindowsXP-x86-DEU.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.21 15:29:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe [2013.04.21 15:17:31 | 000,019,328 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.21 15:17:31 | 000,019,328 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.21 15:13:13 | 008,560,888 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.04.21 15:13:13 | 003,037,604 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.04.21 15:13:13 | 002,668,528 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.04.21 15:13:13 | 002,392,754 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.04.21 15:10:32 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.04.21 15:05:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.21 15:05:31 | 1602,723,840 | -HS- | M] () -- C:\hiberfil.sys [2013.04.21 14:55:58 | 000,000,612 | ---- | M] () -- C:\Users\admin\Desktop\ComboFix - Verknüpfung.lnk [2013.04.21 01:07:15 | 000,000,157 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013.04.20 17:42:38 | 000,000,512 | ---- | M] () -- C:\Users\admin\Desktop\MBR.dat [2013.04.20 17:40:02 | 000,000,000 | ---- | M] () -- C:\Users\admin\defogger_reenable [2013.04.17 16:22:25 | 000,027,789 | ---- | M] () -- C:\Users\admin\AppData\Local\recently-used.xbel [2013.04.17 16:14:13 | 405,012,479 | ---- | M] () -- C:\Users\admin\Desktop\MarioKartWii.iso [2013.04.15 20:22:03 | 000,000,129 | ---- | M] () -- C:\Users\admin\snannow [2013.04.15 19:56:02 | 000,003,336 | ---- | M] () -- C:\bootsqm.dat [2013.04.10 21:52:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.08 14:22:34 | 244,990,919 | ---- | M] () -- C:\Windows\MEMORY.DMP [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.21 14:55:58 | 000,000,612 | ---- | C] () -- C:\Users\admin\Desktop\ComboFix - Verknüpfung.lnk [2013.04.21 01:23:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.04.21 01:23:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.04.21 01:23:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.04.21 01:23:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.04.21 01:23:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.04.21 01:06:33 | 000,000,157 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013.04.20 17:42:38 | 000,000,512 | ---- | C] () -- C:\Users\admin\Desktop\MBR.dat [2013.04.20 17:40:02 | 000,000,000 | ---- | C] () -- C:\Users\admin\defogger_reenable [2013.04.17 16:22:25 | 000,027,789 | ---- | C] () -- C:\Users\admin\AppData\Local\recently-used.xbel [2013.04.17 16:02:25 | 405,012,479 | ---- | C] () -- C:\Users\admin\Desktop\MarioKartWii.iso [2013.04.15 20:22:03 | 000,000,129 | ---- | C] () -- C:\Users\admin\snannow [2013.04.15 19:56:02 | 000,003,336 | ---- | C] () -- C:\bootsqm.dat [2013.04.03 15:11:54 | 000,001,081 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.02.12 21:19:06 | 001,720,085 | ---- | C] () -- C:\Users\admin\Race.szs [2013.02.12 21:19:06 | 000,429,114 | ---- | C] () -- C:\Users\admin\Race_G.szs [2013.02.11 21:51:45 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat.temp [2012.09.25 20:46:34 | 000,241,438 | ---- | C] () -- C:\Windows\hpwins28.dat [2012.06.08 17:31:17 | 074,761,776 | ---- | C] () -- C:\Users\admin\avast_free1426_antivirus_setup.exe [2011.12.31 11:23:48 | 000,005,632 | ---- | C] () -- C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.09 18:20:55 | 000,259,558 | ---- | C] () -- C:\Windows\hpwins19.dat [2011.12.07 22:17:07 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2011.12.07 00:35:46 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll [2011.11.02 09:57:32 | 008,560,888 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2011.11.02 09:57:32 | 002,668,528 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2011.11.02 09:57:32 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2011.11.02 09:57:32 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 05:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.10.07 22:47:40 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\AVG [2013.02.07 18:55:32 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\B1Toolbar [2013.01.18 21:41:46 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\DVDVideoSoft [2011.12.09 19:07:00 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Leadertech [2012.01.18 18:37:23 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Nokia [2012.01.18 18:37:23 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Nokia Suite [2011.12.31 11:03:28 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\PC Suite [2013.01.04 17:00:26 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\phonostar GmbH [2013.01.13 00:39:55 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\ProtectDISC [2013.03.20 17:25:40 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Stellarium [2012.07.22 14:50:11 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\T-Mobile [2012.12.13 13:00:30 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\T-Mobile Internet Manager [2012.04.01 20:22:51 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\TomTom [2012.09.04 22:37:12 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\TuneUp Software [2013.04.15 20:12:43 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\uTorrent [2012.10.14 10:00:17 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software [2012.10.14 10:00:17 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\* > [2013.04.21 01:07:15 | 000,049,976 | ---- | M] () -- C:\AdwCleaner[S1].txt [2013.04.21 01:15:27 | 000,001,572 | ---- | M] () -- C:\AdwCleaner[S2].txt [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2013.04.15 19:56:01 | 000,005,120 | ---- | M] () -- C:\bootex.log [2013.04.15 19:56:02 | 000,003,336 | ---- | M] () -- C:\bootsqm.dat [2013.04.21 15:13:01 | 000,010,770 | ---- | M] () -- C:\ComboFix.txt [2009.06.10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys [2013.04.21 15:05:31 | 1602,723,840 | -HS- | M] () -- C:\hiberfil.sys [2013.04.21 15:35:50 | 000,000,693 | ---- | M] () -- C:\Neu Textdokument.txt [2013.04.21 15:05:35 | 2136,969,216 | -HS- | M] () -- C:\pagefile.sys [2013.04.20 18:10:14 | 000,142,438 | ---- | M] () -- C:\TDSSKiller.2.8.16.0_20.04.2013_18.09.08_log.txt < %SYSTEMDRIVE%\*.* > [2013.04.21 01:07:15 | 000,049,976 | ---- | M] () -- C:\AdwCleaner[S1].txt [2013.04.21 01:15:27 | 000,001,572 | ---- | M] () -- C:\AdwCleaner[S2].txt [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2013.04.15 19:56:01 | 000,005,120 | ---- | M] () -- C:\bootex.log [2013.04.15 19:56:02 | 000,003,336 | ---- | M] () -- C:\bootsqm.dat [2013.04.21 15:13:01 | 000,010,770 | ---- | M] () -- C:\ComboFix.txt [2009.06.10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys [2013.04.21 15:05:31 | 1602,723,840 | -HS- | M] () -- C:\hiberfil.sys [2013.04.21 15:35:50 | 000,000,693 | ---- | M] () -- C:\Neu Textdokument.txt [2013.04.21 15:05:35 | 2136,969,216 | -HS- | M] () -- C:\pagefile.sys [2013.04.20 18:10:14 | 000,142,438 | ---- | M] () -- C:\TDSSKiller.2.8.16.0_20.04.2013_18.09.08_log.txt < %PROGRAMFILES%\*.* > [2009.07.14 06:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini Invalid Environment Variable: PROGRAMFILES(X86) < %appdata%\*. > [2011.12.07 00:00:25 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Adobe [2012.02.06 14:46:16 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Ahead [2013.01.07 22:44:21 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Apple Computer [2012.10.07 22:47:40 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\AVG [2013.02.07 18:55:32 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\B1Toolbar [2011.12.23 21:13:22 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\CyberLink [2013.01.18 21:41:46 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\DVDVideoSoft [2011.12.09 18:37:25 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\HP [2012.01.26 08:36:50 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\HpUpdate [2011.11.02 01:05:18 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Identities [2011.12.09 19:07:00 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Leadertech [2011.12.09 19:04:43 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Logishrd [2011.12.09 19:07:08 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Logitech [2011.12.07 00:31:48 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Macromedia [2013.04.12 13:32:49 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Malwarebytes [2009.07.14 09:48:18 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Media Center Programs [2013.02.23 14:38:57 | 000,000,000 | --SD | M] -- C:\Users\admin\AppData\Roaming\Microsoft [2012.04.01 20:22:52 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Mozilla [2012.01.18 18:37:23 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Nokia [2012.01.18 18:37:23 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Nokia Suite [2011.12.31 11:03:28 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\PC Suite [2013.01.04 17:00:26 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\phonostar GmbH [2013.01.13 00:39:55 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\ProtectDISC [2013.04.10 19:41:49 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Skype [2013.03.20 17:25:40 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Stellarium [2012.07.22 14:50:11 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\T-Mobile [2012.12.13 13:00:30 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\T-Mobile Internet Manager [2012.04.01 20:22:51 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\TomTom [2012.09.04 22:37:12 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\TuneUp Software [2013.04.15 20:12:43 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\uTorrent [2012.09.14 20:58:52 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\WinRAR [2011.12.09 18:29:15 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Yahoo! < %appdata%\*.* > < %localappdata%\*. > [2011.12.07 00:00:25 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\Adobe [2011.12.07 00:01:16 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\Ahead [2011.11.02 01:04:55 | 000,000,000 | -HSD | M] -- C:\Users\admin\AppData\Local\Anwendungsdaten [2013.01.07 21:58:50 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\Apple [2013.01.07 22:01:38 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\Apple Computer [2013.04.21 14:54:37 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\Avg2013 [2013.02.07 18:17:26 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\B1E [2013.03.17 15:18:09 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\Diagnostics [2013.03.02 00:13:59 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\ElevatedDiagnostics [2013.01.25 23:40:14 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\fontconfig [2013.01.25 23:40:11 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\gegl-0.2 [2013.01.18 21:36:48 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\Google [2011.12.09 18:36:13 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\HP [2012.12.16 11:52:12 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\Lidl_Fotos [2012.06.24 20:57:25 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\Macromedia [2012.10.03 20:05:16 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\MFAData [2013.02.14 14:08:40 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\Microsoft [2013.02.23 14:38:53 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\Microsoft Help [2012.06.11 19:15:42 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\Mozilla [2011.12.31 10:59:33 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\Nokia [2011.12.31 11:03:24 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\NokiaAccount [2013.04.12 13:32:24 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\Programs [2012.12.26 14:38:43 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\Quadriga Games [2013.03.20 17:25:36 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\stellarium [2013.04.21 15:37:07 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\temp [2011.11.02 01:04:55 | 000,000,000 | -HSD | M] -- C:\Users\admin\AppData\Local\Temporary Internet Files [2012.04.01 20:22:51 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\TomTom [2011.11.02 01:04:55 | 000,000,000 | -HSD | M] -- C:\Users\admin\AppData\Local\Verlauf [2012.09.05 22:40:27 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\VirtualStore [2013.04.20 12:57:00 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\WBFSManager [2013.01.26 00:53:36 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\webkit [2012.09.14 21:05:54 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\Winterberg-Modifkation_fü < %localappdata%\*.* > [2012.09.19 09:14:32 | 000,005,632 | ---- | M] () -- C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.12.04 22:54:00 | 000,109,664 | ---- | M] () -- C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT [2013.04.21 14:45:32 | 002,368,659 | -H-- | M] () -- C:\Users\admin\AppData\Local\IconCache.db [2013.04.17 16:22:25 | 000,027,789 | ---- | M] () -- C:\Users\admin\AppData\Local\recently-used.xbel < %allusersprofile%\*. > [2013.01.13 00:14:37 | 000,000,000 | ---D | M] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013.02.07 18:23:59 | 000,000,000 | ---D | M] -- C:\ProgramData\4shared Desktop [2012.12.18 16:37:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Adobe [2011.12.06 17:40:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Ahead [2011.11.02 01:04:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten [2013.01.13 00:39:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple [2013.01.13 00:14:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple Computer [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data [2012.10.03 19:54:46 | 000,000,000 | ---D | M] -- C:\ProgramData\AVAST Software [2012.10.07 22:48:26 | 000,000,000 | ---D | M] -- C:\ProgramData\AVG [2012.06.08 16:26:46 | 000,000,000 | ---D | M] -- C:\ProgramData\Avira [2012.09.04 22:36:56 | 000,000,000 | -H-D | M] -- C:\ProgramData\Common Files [2011.12.23 21:13:21 | 000,000,000 | ---D | M] -- C:\ProgramData\CyberLink [2012.12.13 13:02:54 | 000,000,000 | ---D | M] -- C:\ProgramData\DatacardService [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents [2011.11.02 01:04:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente [2011.11.02 01:04:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites [2011.12.09 18:33:43 | 000,000,000 | ---D | M] -- C:\ProgramData\Hewlett-Packard [2011.12.09 18:36:15 | 000,000,000 | ---D | M] -- C:\ProgramData\HP [2011.12.09 18:27:59 | 000,000,000 | ---D | M] -- C:\ProgramData\HP Product Assistant [2011.12.07 21:22:53 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ [2013.01.13 00:40:08 | 000,000,000 | ---D | M] -- C:\ProgramData\Lidl_Fotos [2013.01.13 19:09:28 | 000,000,000 | ---D | M] -- C:\ProgramData\Logishrd [2013.04.12 13:32:47 | 000,000,000 | ---D | M] -- C:\ProgramData\Malwarebytes [2012.12.18 16:22:15 | 000,000,000 | ---D | M] -- C:\ProgramData\McAfee [2013.04.21 14:54:46 | 000,000,000 | ---D | M] -- C:\ProgramData\MFAData [2012.06.08 16:24:26 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft [2012.12.13 13:09:15 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft Help [2012.06.11 19:15:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Mozilla [2011.12.06 17:38:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Nero [2011.12.31 10:58:44 | 000,000,000 | ---D | M] -- C:\ProgramData\Nokia [2011.12.31 10:55:59 | 000,000,000 | ---D | M] -- C:\ProgramData\NokiaInstallerCache [2011.12.31 10:59:28 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Suite [2013.03.29 02:36:41 | 000,000,000 | ---D | M] -- C:\ProgramData\Skype [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu [2011.11.02 01:04:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü [2012.07.03 21:24:34 | 000,000,000 | ---D | M] -- C:\ProgramData\Sun [2013.04.12 15:25:03 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates [2012.04.01 20:23:04 | 000,000,000 | ---D | M] -- C:\ProgramData\TomTom [2013.02.07 18:35:31 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software [2013.02.11 21:56:30 | 000,000,000 | ---D | M] -- C:\ProgramData\Uniblue [2011.11.02 01:04:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen [2011.12.09 18:37:03 | 000,000,000 | ---D | M] -- C:\ProgramData\WEBREG [2012.09.04 22:36:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2013.02.07 18:55:35 | 000,000,000 | -HSD | M] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2012.10.07 22:46:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} < %allusersprofile%\*.* > [2013.02.28 13:29:13 | 000,003,600 | ---- | M] () -- C:\ProgramData\hpzinstall.log < > [2009.07.14 06:53:46 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009.07.14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2012.04.13 16:05:56 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers > "ProviderID0" = 1 "ProviderID1" = 2 "ProviderID2" = 3 "ProviderID3" = 4 "NextProviderID" = 5 "ProviderFileName0" = unimdm.tsp -- [2010.11.20 05:16:54 | 000,281,088 | ---- | M] (Microsoft Corporation) "ProviderFileName1" = kmddsp.tsp -- [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) "ProviderFileName2" = ndptsp.tsp -- [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) "ProviderFileName3" = hidphone.tsp -- [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) "NumProviders" = 4 < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation /S > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache /S > "DisplayName" = @%SystemRoot%\System32\dnsapi.dll,-101 "Group" = TDI "ImagePath" = %SystemRoot%\system32\svchost.exe -k NetworkService -- [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) "Description" = @%SystemRoot%\System32\dnsapi.dll,-102 "ObjectName" = NT AUTHORITY\NetworkService "ErrorControl" = 1 "Start" = 2 "Type" = 32 "DependOnService" = Tdxnsi [binary data] "ServiceSidType" = 1 "RequiredPrivileges" = SeChangeNotifyPrivilegeSeCreateGlobalPrivilege [binary data] "FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters] "ServiceDll" = %SystemRoot%\System32\dnsrslvr.dll -- [2011.03.03 07:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) "ServiceDllUnloadOnStop" = 1 "extension" = %SystemRoot%\System32\dnsext.dll -- [2009.07.14 03:15:12 | 000,006,656 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters\DnsCache] "ShutdownOnIdle" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Security] "Security" = 01 00 14 80 F8 00 00 00 04 01 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 C8 00 08 00 00 00 00 02 18 00 9D 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 21 02 00 00 00 02 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 02 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 04 00 00 00 00 02 14 00 8D 00 02 00 01 01 00 00 00 00 00 05 14 00 00 00 00 02 14 00 8D 00 02 00 01 01 00 00 00 00 00 05 13 00 00 00 00 02 18 00 CD 00 02 00 01 02 00 00 00 00 00 05 20 00 00 00 2C 02 00 00 00 02 28 00 CD 01 02 00 01 06 00 00 00 00 00 05 50 00 00 00 04 C9 44 AF 94 D9 D3 E5 2B E1 B7 1C 17 84 87 13 6E 1A FA 65 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 [Binary data over 200 bytes] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\TriggerInfo] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\TriggerInfo\0] "Type" = 4 "Action" = 1 "GUID" = 07 9E 56 B7 21 84 E0 4E AD 10 86 91 5A FD AD 09 [binary data] "Data0" = 5355UDP [binary data] "DataType0" = 2 < HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost > "RPCSS" = RpcEptMapperRpcSs [binary data] "defragsvc" = defragsvc [binary data] -- [2009.07.14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) "LocalSystemNetworkRestricted" = UxSmsWdiSystemHostNetmantrkwks [Binary data over 200 bytes] "LocalService" = nsiWdiServiceHostw32timeEventSy [Binary data over 200 bytes] "netsvcs" = AeLookupSvcCertPropSvcSCPolicySv [Binary data over 200 bytes] "WerSvcGroup" = wersvc [binary data] -- [2009.07.14 03:16:18 | 000,065,024 | ---- | M] (Microsoft Corporation) "LocalServiceNoNetwork" = DPSPLABFEmpssvcWwanSvc [binary data] "termsvcs" = TermService [binary data] "swprv" = swprv [binary data] -- [2009.07.14 03:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) "LocalServiceNetworkRestricted" = DHCPeventlogAudioSrvBthHFSrvLm [Binary data over 200 bytes] "LocalServicePeerNet" = PNRPSvcp2pimsvcp2psvcPnrpAutoReg [binary data] "NetworkServiceAndNoImpersonation" = KtmRm [binary data] "regsvc" = RemoteRegistry [binary data] "LocalServiceAndNoImpersonation" = SSDPSRVupnphostSCardSvrTBSFont [Binary data over 200 bytes] "DcomLaunch" = PowerPlugPlayDcomLaunch [binary data] "NetworkServiceNetworkRestricted" = PolicyAgent [binary data] "NetworkService" = CryptSvcDHCPTermServiceDNSCache [Binary data over 200 bytes] "sdrsvc" = sdrsvc [binary data] -- [2010.11.20 05:21:08 | 000,125,952 | ---- | M] (Microsoft Corporation) "WbioSvcGroup" = WbioSrvc [binary data] -- [2009.07.14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) "imgsvc" = StiSvc [binary data] "wcssvc" = WcsPlugInService [binary data] -- [2009.07.14 03:16:18 | 000,032,768 | ---- | M] (Microsoft Corporation) "AxInstSVGroup" = AxInstSV [binary data] -- [2010.11.20 05:18:08 | 000,088,064 | ---- | M] (Microsoft Corporation) "secsvcs" = WinDefend [binary data] "bthsvcs" = bthserv [binary data] -- [2009.07.14 03:15:00 | 000,064,512 | ---- | M] (Microsoft Corporation) "Update-Service-Installer-Service" = Update-Service-Installer-Service [binary data] "Update-Service" = Update-Service [binary data] "HPZ12" = Pml Driver HPZ12Net Driver HPZ12 [binary data] "hpdevmgmt" = hpqcxs08hpqddsvc [binary data] "HPService" = HPSLPSVC [binary data] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\AxInstSVGroup] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\defragsvc] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceAndNoImpersonation] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNetworkRestricted] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNoNetwork] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalSystemNetworkRestricted] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkService] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopHyperVAgent] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopPublishing] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\SDRSVC] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\swprv] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wcssvc] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wercplsupport] < HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com > [HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com\UpdateClient] < %SystemRoot%\system32\*.tsp > [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 05:16:54 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp < C:\Windows\system32\*.dll /510 > [2013.01.20 15:46:51 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\admparse.dll [2012.10.04 18:40:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll [2012.10.04 18:40:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll [2012.10.04 18:40:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll [2012.10.04 18:40:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll [2012.10.04 18:40:37 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.04 18:40:37 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll [2012.10.04 18:40:37 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll [2012.10.04 18:40:37 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll [2012.10.04 18:40:37 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll [2012.10.04 18:40:37 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.04 18:40:37 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll [2012.10.04 18:40:37 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.04 18:40:37 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll [2012.10.04 18:40:37 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.04 18:40:37 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll [2012.10.04 18:40:37 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll [2012.10.04 18:40:37 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.04 18:40:37 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.04 18:40:37 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.04 18:40:37 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll [2012.10.04 18:40:37 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.04 18:40:37 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll [2012.10.04 18:40:37 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll [2012.10.04 18:40:38 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.04 16:41:50 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.04 16:41:50 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll [2012.10.04 16:41:50 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll [2012.10.04 16:41:50 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll [2012.11.05 22:32:16 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\atmfd.dll [2012.11.05 22:32:09 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\system32\atmlib.dll [2012.07.04 23:14:34 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\browcli.dll [2012.07.04 23:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\browser.dll [2012.06.06 07:03:06 | 000,805,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cdosys.dll [2012.06.02 06:36:29 | 001,159,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\crypt32.dll [2012.06.02 06:36:29 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptnet.dll [2012.06.02 06:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptsvc.dll [2012.08.02 18:57:20 | 000,490,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10level9.dll [2012.09.25 00:16:53 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\deployJava1.dll [2012.10.09 19:40:31 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dhcpcore6.dll [2012.10.09 19:40:31 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dhcpcsvc6.dll [2012.11.02 07:11:31 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dpnet.dll [2012.03.03 07:31:19 | 001,077,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DWrite.dll [2013.01.20 15:46:53 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxtmsft.dll [2013.01.20 15:46:53 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxtrans.dll [2013.01.20 15:46:53 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\icardie.dll [2013.01.20 15:46:54 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\IEAdvpack.dll [2013.01.20 15:46:54 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieakeng.dll [2013.01.20 15:46:51 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieaksie.dll [2013.01.20 15:46:51 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieakui.dll [2013.01.20 15:46:53 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieapfltr.dll [2013.01.20 15:46:52 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iedkcs32.dll [2013.01.20 15:46:54 | 009,738,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieframe.dll [2013.01.20 15:46:50 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iepeers.dll [2013.01.20 15:46:53 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iernonce.dll [2013.01.20 15:46:55 | 001,793,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iertutil.dll [2013.01.20 15:46:53 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iesetup.dll [2013.01.20 15:46:54 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iesysprep.dll [2013.01.20 15:46:54 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieui.dll [2012.03.01 07:33:23 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\imagehlp.dll [2013.01.20 15:46:50 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\imgutil.dll [2013.01.20 15:46:52 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\inseng.dll [2012.10.03 18:40:35 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iphlpsvc.dll [2013.01.20 15:46:51 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript.dll [2013.01.20 15:46:51 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript9.dll [2013.01.20 15:46:55 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jsproxy.dll [2012.08.11 01:56:14 | 000,542,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kerberos.dll [2012.10.04 18:43:05 | 000,868,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kernel32.dll [2012.10.04 18:43:05 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\KernelBase.dll [2013.01.20 15:46:52 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\licmgr10.dll [2012.05.14 06:33:42 | 000,769,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\localspl.dll [2013.01.20 15:46:51 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeeds.dll [2013.01.20 15:46:54 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeedsbs.dll [2013.01.20 15:46:51 | 012,320,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtml.dll [2013.01.20 15:46:52 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmled.dll [2013.01.20 15:46:54 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmler.dll [2012.04.07 13:26:29 | 002,342,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msi.dll [2013.01.20 15:46:55 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msls31.dll [2013.01.20 15:46:54 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msrating.dll [2011.12.16 09:52:58 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcrt.dll [2012.06.06 07:05:52 | 001,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml3.dll [2012.06.06 07:05:52 | 001,390,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml6.dll [2012.06.02 06:39:10 | 000,219,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ncrypt.dll [2012.10.03 18:42:23 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ncsi.dll [2012.07.04 23:16:56 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netapi32.dll [2012.10.03 18:42:24 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netcorehc.dll [2012.10.03 18:42:24 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netevent.dll [2012.10.03 18:42:26 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\nlaapi.dll [2012.10.03 18:42:26 | 000,242,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\nlasvc.dll [2012.09.25 00:16:58 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\npDeployJava1.dll [2012.01.04 10:58:41 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ntshrui.dll [2013.01.20 15:46:51 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\occache.dll [2013.01.20 15:46:51 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\pngfilt.dll [2012.05.01 06:44:12 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\profsvc.dll [2012.02.17 07:34:22 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpcore.dll [2012.04.26 06:45:54 | 000,129,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpcorekmts.dll [2012.04.26 06:45:55 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpwsx.dll [2012.06.02 06:40:39 | 000,225,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\schannel.dll [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\shell32.dll [2012.05.05 09:46:52 | 000,400,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\srcore.dll [2012.09.26 00:47:43 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\synceng.dll [2012.11.09 06:42:49 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tzres.dll [2011.12.07 21:20:54 | 000,114,000 | ---- | M] (Joosoft.com GmbH) -- C:\Windows\system32\UpdSvc.dll [2013.01.20 15:46:52 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\url.dll [2013.01.20 15:46:55 | 001,103,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\urlmon.dll [2013.01.20 15:46:51 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\vbscript.dll [2012.07.26 04:46:47 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Wdfres.dll [2013.01.20 15:46:52 | 000,203,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\webcheck.dll [2012.02.11 07:43:49 | 000,492,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\win32spl.dll [2013.01.20 15:46:55 | 001,129,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wininet.dll [2012.10.04 18:47:18 | 000,169,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\winsrv.dll [2012.08.24 18:57:48 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wintrust.dll [2012.03.01 07:29:16 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wmi.dll [2012.06.03 00:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wuapi.dll [2012.06.03 00:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wuaueng.dll [2012.06.03 00:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wucltux.dll [2012.07.26 05:20:40 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WUDFCoinstaller.dll [2012.07.26 05:20:40 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WUDFPlatform.dll [2012.07.26 05:20:40 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WUDFSvc.dll [2012.07.26 05:20:40 | 000,613,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WUDFx.dll [2012.06.03 00:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wudriver.dll [2012.06.03 00:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wups.dll [2012.06.03 00:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wups2.dll [2012.06.02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wuwebv.dll < > ========== Alternate Data Streams ========== @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:373E1720 < End of report > Code:
ATTFilter OTL Extras logfile created on: 21.04.2013 16:01:15 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\admin\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 63,38% Memory free
3,98 Gb Paging File | 3,25 Gb Available in Paging File | 81,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,95 Gb Total Space | 73,24 Gb Free Space | 49,17% Space Free | Partition Type: NTFS
Drive E: | 980,72 Mb Total Space | 963,09 Mb Free Space | 98,20% Space Free | Partition Type: FAT
Computer Name: ADMIN-PC | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-2070048282-3062225414-2777264324-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0289E9E9-D67F-44F3-BE71-27C1F1AC56DD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1C394E5E-2E0C-4AD5-9C1B-5098278624AA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{355A1ACA-3F2B-4202-9A10-6147424261B5}" = lport=139 | protocol=6 | dir=in | app=system |
"{39F2ABB6-1029-46BF-A08F-FCFC41AD9517}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{46D5062C-885A-4538-AB24-3357C7F8568D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{57149B98-5C92-488D-882A-B74BD265F0AA}" = lport=445 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{73C6DC07-F045-4C18-86F9-2C6C586DA669}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{774F41E2-5835-4573-AA04-BC7731DDC493}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7823D2DD-4AD8-49EC-B85C-21F8F34C469D}" = rport=139 | protocol=6 | dir=out | app=system |
"{79521F5B-3BB3-4181-851D-75FD5E1912EB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{7D8E1B99-D293-4315-B15F-C8D0CF1FC81B}" = rport=137 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{890E2FA0-A3CF-4C4D-BB1F-6FDAED88378F}" = lport=137 | protocol=17 | dir=in | app=system |
"{89CAA971-B27E-4AC9-9370-93953ED517D1}" = rport=445 | protocol=6 | dir=out | app=system |
"{98695CDB-4EA9-4CB9-B32C-71BCDE137CB9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{99D6CF52-8945-4E15-A0A3-B94739825897}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A2847679-68B1-4355-87C5-0CC6A1040CBF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A768A429-5B60-42D5-8EE1-7BC79AA6290C}" = rport=138 | protocol=17 | dir=out | app=system |
"{AA851CA5-89F2-4D1E-A067-619E6754C21F}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B576B953-B857-4AB5-A852-E18B0DEFE0F7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BA2BB780-436E-45C7-AFBD-103B23D281F0}" = lport=138 | protocol=17 | dir=in | app=system |
"{BA76A520-263C-48BC-B9B9-43F3B9205E6E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BAD42DA8-4A18-4FDD-8C1F-57D7A5A8C124}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C390A5C5-F78A-4FAD-B42D-FBC01752BC62}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CBD68C1E-4E6B-4AF9-824C-20695B503522}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EF39548D-8A5B-4381-8B2B-134C0DA50873}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{08784D4D-4A8C-458F-B75A-F55AE13BDA90}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{0A9D4366-EEF8-4347-8F6D-CE5E8D44D889}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{0AE6F878-56CA-4C71-8324-3B3BA7A22E5B}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1480D539-CB0D-467C-B9A2-574E013E339C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{15467F33-B300-40DC-8300-B0163A3F1124}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1561E84A-1A89-4E87-B119-312BEB19CD30}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{15713B3A-0202-4C1E-A474-0A033D4C6C61}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{19B76E88-E8E2-43B1-977C-94DCD0CF13F3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{1AEAEBD9-4106-4BF0-AC45-A14375CF76DE}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{1BD5047D-99E7-4699-9335-5D64F38B12ED}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{1C1A42FB-7147-421B-AC2F-47408E03A838}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{200EDC43-1E0E-4384-A7E8-C870EC3F8F04}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{234940D2-34CF-41B8-A688-6505792B0D49}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{26112E74-3C0F-4B58-8D14-DA1AC4645928}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{287EC52A-C4DC-417B-B26F-12D7680C60ED}" = dir=in | app=c:\program files\iminent\iminent.messengers.exe |
"{31A6C8D1-8585-4009-9D04-A586C083E1EE}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{39A728D7-0E1E-433D-B37B-5B8739EAF1CB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{3D0CBA47-BDA9-4E60-963D-EDACE08EA474}" = protocol=6 | dir=out | app=system |
"{471877E7-283B-493C-AC1D-41A02D9D9324}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{48C53922-A352-44C6-ADA4-F9A5313FFD38}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{4DCCB63F-DE35-4DAB-A6C4-BDBF66F51B22}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{4F606E6C-D5EA-453E-80BC-BCA5D96B4E52}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{50CE4F52-9AA3-414D-9813-F03377AE5740}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5406DA16-0C76-484E-933E-723D202D04FE}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{546E396B-04E8-4A0A-A245-6EBFBBA8879A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5D393711-DBDC-4ED6-A5D4-9F09A346FC9C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{606ABA54-3E3F-453A-B852-B380B8928AB5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{63D4DAEA-A79A-4092-A3E8-9D1132F993B4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{660D1945-7033-4D99-8DFA-9117A297B03E}" = protocol=17 | dir=in | app=c:\users\admin\appdata\roaming\utorrent\utorrent.exe |
"{687368C9-6511-41BB-8A3C-BCB1F983D05B}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6BEA9F89-E530-4AA6-AD54-709BA444C256}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{70402E3D-CACD-4009-974A-CBE5EE3DCA34}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{73FE9AA5-A40B-4753-B4BE-DC36B7384B2A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{783461E1-F80F-4872-A302-9D9A725D1BD0}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{7A222CF1-BB25-4278-B851-15F3124ACC81}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{7EFA88AF-88E3-419D-8C36-CD158F2A4A05}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{830F3040-1134-4873-BD44-83A33D4D9A0E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{868A2495-8EDA-4F85-963E-C10E1F3E53B8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{90FFB48E-D85F-409F-A5EA-669E4BCE0F23}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{96B4EB9B-7041-4C9D-BF26-F51FE3F0AE9D}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{9EC62232-5A57-4FF3-A3FE-EA2399E5CE5B}" = dir=in | app=c:\program files\iminent\iminent.exe |
"{A04F41B7-65CF-4239-95F1-A7124624E31D}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{A092F86B-00F8-4F36-AFE0-98043A938204}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{A2C90C10-4D9E-41EB-8084-78285E238F0D}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{A465FB40-F1A7-4665-B4EA-A25C8BABE5C9}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A7833B24-47F2-4ACE-A17E-1CEFE274AFB4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{A9612641-1071-4090-A778-59B3F557D6D4}" = protocol=6 | dir=in | app=c:\users\admin\appdata\roaming\utorrent\utorrent.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AC2AF457-5267-4E51-8993-4AA19E15E810}" = dir=in | app=d:\setup\hpznui01.exe |
"{B1A487DF-0EA5-4CBB-9FF2-9152D0671D4E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B9C8E8F5-C6E3-4520-988D-AA50E318D30E}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{BC37089C-B844-4C58-9369-75C2C2FF1F0E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{BE2B4925-D9A6-4B0C-B305-0831BBD00CCB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{BF9D6D6E-0828-414E-803F-7E277B6CDA32}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C014B92D-D2C5-43C1-A260-862F12F342B2}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{C0C410ED-7072-4BC7-8783-4CC47666B314}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C277039F-73E7-4586-B23C-DD42B7D0F8F7}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D08BEB11-F339-454C-922E-F47544319100}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{D0F48B35-C3AF-4234-AE37-48B22AC63EC6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D6964518-0A82-4623-A2EC-BA0D8E943903}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{E08AD3A1-9E0C-4745-978A-C14ABD58B5A2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{E2DE239C-0F7A-45E2-A325-EA32A31B64D1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{E4A49ECF-B99E-45C5-B75F-BCC3C4D7120B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E5E513C6-05C3-4D83-81C7-375A85EAC4B7}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{E81E0E3A-96DE-48BE-8638-C4F4B630D41D}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EDEBA130-3735-485B-B5C7-A9C7C0217C02}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EF5F63B1-EABE-4E71-8C7A-B9ED5136F9B2}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{EF97AA4B-128D-452E-8ED0-F0180134A473}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{80D7F786-A2B3-4529-BA5A-D59B0352BAB8}C:\users\admin\documents\technisches\emergency4\em4.exe" = protocol=6 | dir=in | app=c:\users\admin\documents\technisches\emergency4\em4.exe |
"TCP Query User{A2F8FF65-F4EC-498E-910B-2421A5ECEE45}C:\users\admin\appdata\local\temp\fritz!wlan repeater 300e\fsetup.exe" = protocol=6 | dir=in | app=c:\users\admin\appdata\local\temp\fritz!wlan repeater 300e\fsetup.exe |
"TCP Query User{A6767E04-E570-417C-8262-B36DBA18D63D}C:\program files\icq7.6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe |
"TCP Query User{A893A849-8354-4D89-AD7C-9D3D91DE1984}C:\users\admin\desktop\utorrent-3.3.0.29462.exe" = protocol=6 | dir=in | app=c:\users\admin\desktop\utorrent-3.3.0.29462.exe |
"TCP Query User{B6E5B9B5-B072-440A-A0D6-33747DBBC48D}C:\users\admin\appdata\local\temp\fritz!wlan repeater 300e\fsetup.exe" = protocol=6 | dir=in | app=c:\users\admin\appdata\local\temp\fritz!wlan repeater 300e\fsetup.exe |
"TCP Query User{E8F63785-51CB-4916-BA80-2FA5D4248D50}C:\program files\sixteen tons entertainment\emergency4\em4.exe" = protocol=6 | dir=in | app=c:\program files\sixteen tons entertainment\emergency4\em4.exe |
"UDP Query User{51981182-A0A1-461D-BC92-A82DDB6FBE91}C:\users\admin\appdata\local\temp\fritz!wlan repeater 300e\fsetup.exe" = protocol=17 | dir=in | app=c:\users\admin\appdata\local\temp\fritz!wlan repeater 300e\fsetup.exe |
"UDP Query User{94E9C410-298E-481A-8C0C-40994B59A17B}C:\users\admin\desktop\utorrent-3.3.0.29462.exe" = protocol=17 | dir=in | app=c:\users\admin\desktop\utorrent-3.3.0.29462.exe |
"UDP Query User{CC661B3B-EBC3-41D3-84EB-1155D7B14F67}C:\users\admin\appdata\local\temp\fritz!wlan repeater 300e\fsetup.exe" = protocol=17 | dir=in | app=c:\users\admin\appdata\local\temp\fritz!wlan repeater 300e\fsetup.exe |
"UDP Query User{CC9D2AFA-44DD-4A9F-9927-41AE62A6374C}C:\program files\sixteen tons entertainment\emergency4\em4.exe" = protocol=17 | dir=in | app=c:\program files\sixteen tons entertainment\emergency4\em4.exe |
"UDP Query User{E6BC30C9-7554-439F-AB28-75CF185C5BF2}C:\users\admin\documents\technisches\emergency4\em4.exe" = protocol=17 | dir=in | app=c:\users\admin\documents\technisches\emergency4\em4.exe |
"UDP Query User{E9AF8593-1423-44E5-A3E2-3E87136E31B0}C:\program files\icq7.6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{013C4AC1-64FB-46EA-9320-D34CEB65BDBC}" = AVG 2013
"{0680FE0B-DEBA-419F-A0AC-8D990F32DE60}" = AVG 2013
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40255140-E947-46E1-A841-C1F27AB309CB}" = AVG 2013
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{446472DE-79C0-4708-B06E-0F8FAFDA6918}" = AVG 2013
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}" = PC Connectivity Solution
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5D412B61-F3A7-42C6-9C07-29BBD3D442B1}" = AVG 2013
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z
"{8E503D23-7969-45EE-B488-F80B8AE28D39}" = AVG 2013
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4C534E-431F-4A17-97D4-D1682B19A054}" = Emergency4
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{E11448F2-0B44-4239-B04E-D88FE743E929}" = Officejet J4500 Series
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{EF3E420F-2DCF-4C24-8E37-896801901031}" = Nero 7 Essentials
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F6D8F2FE-B9BE-4C7C-98F2-2954B5A26AF2}" = SZS Modifier
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG" = AVG 2013
"Avira AntiVir Desktop" = Avira Free Antivirus
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"GIMP-2_is1" = GIMP 2.8.2
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 20.0 (x86 de)" = Mozilla Firefox 20.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"ST6UNST #1" = FMS32-PRO Version 3.1.5
"ST6UNST #2" = FMS32-PRO Version 3.1.5 (C:\Program Files\Heirue-Soft\FMS32-PRO\)
"TeamViewer 7" = TeamViewer 7
"TVWiz" = Intel(R) TV Wizard
"uTorrent" = µTorrent
"WBFS Manager 3.0" = WBFS Manager 3.0
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
========== Last 20 Event Log Errors ==========
Error: Unable to start EventLog service!
< End of report >
|
|
21.04.2013, 15:14
| #10 |
| | Problem mit der Windows 7 Firewall Oh sorry für Doppelpost :S Geändert von Win7xx (21.04.2013 um 15:27 Uhr) |
|
21.04.2013, 15:46
| #11 |
| /// TB-Ausbilder | Problem mit der Windows 7 Firewall Kein Problem. Fix mit OTL
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
21.04.2013, 16:09
| #12 |
| | Problem mit der Windows 7 FirewallCode:
ATTFilter ========== SERVICES/DRIVERS ==========
Error: No service named Update-Service was found to stop!
Service\Driver key Update-Service not found.
Error: No service named Update-Service-Installer-Service was found to stop!
Service\Driver key Update-Service-Installer-Service not found.
========== FILES ==========
File\Folder C:\Windows\system32\UpdSvc.dll not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com\ not found.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\\Update-Service-Installer-Service not found.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\\Update-Service not found.
OTL by OldTimer - Version 3.2.69.0 log created on 04212013_170607
|
|
21.04.2013, 19:46
| #13 |
| /// TB-Ausbilder | Problem mit der Windows 7 Firewall Das hat leider nicht geklappt .... wir probieren das nochmals anders: Combofix-Skript
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
21.04.2013, 20:46
| #14 |
| | Problem mit der Windows 7 Firewall Hab' alles so gmacht wie erklärt, und es kam kein Fenster mit Upload! Code:
ATTFilter ComboFix 13-04-21.01 - admin 21.04.2013 21:22:16.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.2038.1168 [GMT 2:00]
ausgeführt von:: c:\users\admin\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\admin\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\UpdSvc.dll"
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infizierte Kopie von c:\windows\system32\userinit.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\erdnt\cache\userinit.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-03-21 bis 2013-04-21 ))))))))))))))))))))))))))))))
.
.
2013-04-21 19:28 . 2013-04-21 19:28 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2A27841D-AE84-43BE-A185-DF782472D048}\offreg.dll
2013-04-21 19:28 . 2013-04-21 19:28 -------- d-----w- c:\users\Gast\AppData\Local\temp
2013-04-21 19:28 . 2013-04-21 19:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-21 15:04 . 2013-04-21 15:04 -------- d-----w- C:\_OTL
2013-04-21 12:54 . 2013-04-21 12:54 -------- d-----w- c:\users\admin\AppData\Local\Avg2013
2013-04-20 23:34 . 2013-04-21 19:33 -------- d-----w- c:\users\admin\AppData\Local\temp
2013-04-20 23:06 . 2013-04-20 23:07 157 ----a-w- c:\windows\DeleteOnReboot.bat
2013-04-12 11:32 . 2013-04-12 11:32 -------- d-----w- c:\users\admin\AppData\Roaming\Malwarebytes
2013-04-12 11:32 . 2013-04-12 11:32 -------- d-----w- c:\programdata\Malwarebytes
2013-04-12 11:32 . 2013-04-12 11:32 -------- d-----w- c:\users\admin\AppData\Local\Programs
2013-03-29 00:36 . 2013-03-29 00:36 -------- d-----w- c:\program files\Common Files\Skype
2013-03-27 22:05 . 2013-04-20 10:57 -------- d-----w- c:\users\admin\AppData\Local\WBFSManager
2013-03-27 22:03 . 2013-03-27 22:03 -------- d-----w- c:\program files\WBFS
2013-03-27 18:22 . 2013-04-15 18:12 -------- d-----w- c:\users\admin\AppData\Roaming\uTorrent
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-18 19:19 . 2013-03-18 19:19 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-03-18 19:19 . 2013-03-18 19:19 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-03-13 18:49 . 2012-04-13 14:05 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 18:49 . 2011-12-06 22:31 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-03 16:44 . 2013-02-03 16:44 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-02-03 16:43 . 2013-02-03 16:43 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-02-03 16:43 . 2013-02-03 16:43 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-03-27 02:17 . 2013-04-03 13:11 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-02-27 570664]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
.
R2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [x]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
R3 BthAvrcp;Bluetooth-AVRCP-Profil;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S3 MonitorFunction;Driver for Monitor;c:\windows\system32\DRIVERS\TVMonitor.sys [x]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 18:50]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/jordan.cab
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\21xq5wus.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - ExtSQL: !HIDDEN! 2011-12-09 17:28; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2070048282-3062225414-2777264324-1000\Software\Microsoft\Internet Explorer\Approved Extensions]
@DACL=(02 0000)
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,3b,1b,f1,06,46,
34,c1,08,0e,03,b6,a0,8f,e9,64,6d,01,8f
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,3b,1b,71,2d,97,
6c,f2,63,49,08,a9,fa,4b,fc,1e,7b,e0,60
"{9E131A93-EED7-4BEB-B015-A0ADB30B5646}"=hex:51,66,7a,6c,4c,1d,3b,1b,83,06,01,
80,e0,bd,80,0e,ae,16,e0,ed,b0,48,15,58
"{000F18F2-09EB-4A59-82B2-5AE4184C39C3}"=hex:51,66,7a,6c,4c,1d,3b,1b,e2,04,1d,
1e,dc,5a,32,0f,9c,b1,1a,a4,1b,0f,7a,dd
"{4D2D3B0F-69BE-477A-90F5-FDDB05357975}"=hex:51,66,7a,6c,4c,1d,3b,1b,1f,27,3f,
53,89,3a,11,02,8e,f6,bd,9b,06,76,3a,6b
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-04-21 21:41:20 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-04-21 19:41
ComboFix2.txt 2013-04-20 23:44
.
Vor Suchlauf: 12 Verzeichnis(se), 78.527.299.584 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 78.202.462.208 Bytes frei
.
- - End Of File - - 7C4C2298ED594106AB09DD83FA028871
|
|
21.04.2013, 21:09
| #15 |
| /// TB-Ausbilder | Problem mit der Windows 7 Firewall Sehr gut, das hat es gekillt. Ich möchte diese Dateien jedoch untersuchen. Upload zur Analyse bei Trojaner-Board Danach: Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!) Quick-Scan mit Malwarebytes Downloade Dir bitte Schritt 2: Hinweis: Der Scan kann sehr lange (einige Stunden) dauern!  Schritt 3: Scan mit SecurityCheck Downloade Dir bitte  SecurityCheck und:
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
| Themen zu Problem mit der Windows 7 Firewall |
| anderen, anschluss, avg, beste, besten, brauch, deaktiviert, firewall, forum, hochfahren, home, internet, kein internet, klick, länger, meldung, nichts, problem, programm, programme, rechner, thema, verfügbar, windows, windows 7 |
Textbox.
Linear-Darstellung
