| |
| |||||||
Log-Analyse und Auswertung: Inkasso Mail mit Zip-Anhang geöffnet, Trojaner Fund mit Malware BytesWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
14.05.2013, 10:47
| #1 |
 |  Inkasso Mail mit Zip-Anhang geöffnet, Trojaner Fund mit Malware Bytes Hallo, ich hatte gestern auch eine Mail mit einer Mahnung/Inkassoforderung im Postfach. Da sie meine Daten korrekt hatten war ich unsicher und hab die angebliche Rechnungsdatei im Zip-Format dann doch entpackt/geöffnet. Es kam dann aber die Meldung, dass sie nicht geöffnet werden kann. Leider habe ich erst danach gegoogelt... Mir ist danach am Abend Modzilla zwei mal abgestürzt, was ich sonst nicht kenne. Ich habe gestern noch Antivir durchlaufen lassen, das Programm hat aber nichts gefunden. siehe hier: Avira Free Antivirus Erstellungsdatum der Reportdatei: Montag, 13. Mai 2013 21:17 Es wird nach 4589920 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows 7 Home Premium Windowsversion : (Service Pack 1) [6.1.7601] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : HAINSI Versionsinformationen: BUILD.DAT : 12.1.9.1236 40872 Bytes 11.10.2012 15:29:00 AVSCAN.EXE : 12.3.0.48 468256 Bytes 14.11.2012 21:02:24 AVSCAN.DLL : 12.3.0.15 66256 Bytes 08.05.2012 20:19:46 LUKE.DLL : 12.3.0.15 68304 Bytes 08.05.2012 20:19:46 AVSCPLR.DLL : 12.3.0.14 97032 Bytes 08.05.2012 20:19:47 AVREG.DLL : 12.3.0.17 232200 Bytes 10.05.2012 20:19:25 VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 19:48:31 VBASE001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 09:11:35 VBASE002.VDF : 7.11.74.227 2048 Bytes 30.04.2013 09:11:35 VBASE003.VDF : 7.11.74.228 2048 Bytes 30.04.2013 09:11:36 VBASE004.VDF : 7.11.74.229 2048 Bytes 30.04.2013 09:11:36 VBASE005.VDF : 7.11.74.230 2048 Bytes 30.04.2013 09:11:36 VBASE006.VDF : 7.11.74.231 2048 Bytes 30.04.2013 09:11:36 VBASE007.VDF : 7.11.74.232 2048 Bytes 30.04.2013 09:11:36 VBASE008.VDF : 7.11.74.233 2048 Bytes 30.04.2013 09:11:36 VBASE009.VDF : 7.11.74.234 2048 Bytes 30.04.2013 09:11:36 VBASE010.VDF : 7.11.74.235 2048 Bytes 30.04.2013 09:11:36 VBASE011.VDF : 7.11.74.236 2048 Bytes 30.04.2013 09:11:36 VBASE012.VDF : 7.11.74.237 2048 Bytes 30.04.2013 09:11:36 VBASE013.VDF : 7.11.74.238 2048 Bytes 30.04.2013 09:11:36 VBASE014.VDF : 7.11.75.97 181248 Bytes 02.05.2013 18:53:56 VBASE015.VDF : 7.11.75.183 217600 Bytes 03.05.2013 20:39:07 VBASE016.VDF : 7.11.76.27 183808 Bytes 04.05.2013 20:39:06 VBASE017.VDF : 7.11.76.101 194048 Bytes 06.05.2013 20:39:05 VBASE018.VDF : 7.11.76.213 163328 Bytes 07.05.2013 09:45:55 VBASE019.VDF : 7.11.77.41 134656 Bytes 08.05.2013 09:45:57 VBASE020.VDF : 7.11.77.145 141312 Bytes 10.05.2013 14:25:19 VBASE021.VDF : 7.11.77.225 155648 Bytes 12.05.2013 15:36:53 VBASE022.VDF : 7.11.78.21 202752 Bytes 13.05.2013 18:28:58 VBASE023.VDF : 7.11.78.22 2048 Bytes 13.05.2013 18:28:58 VBASE024.VDF : 7.11.78.23 2048 Bytes 13.05.2013 18:28:58 VBASE025.VDF : 7.11.78.24 2048 Bytes 13.05.2013 18:28:58 VBASE026.VDF : 7.11.78.25 2048 Bytes 13.05.2013 18:28:58 VBASE027.VDF : 7.11.78.26 2048 Bytes 13.05.2013 18:28:58 VBASE028.VDF : 7.11.78.27 2048 Bytes 13.05.2013 18:28:58 VBASE029.VDF : 7.11.78.28 2048 Bytes 13.05.2013 18:28:58 VBASE030.VDF : 7.11.78.29 2048 Bytes 13.05.2013 18:28:58 VBASE031.VDF : 7.11.78.62 77824 Bytes 13.05.2013 18:28:59 Engineversion : 8.2.12.42 AEVDF.DLL : 8.1.2.10 102772 Bytes 10.07.2012 19:30:57 AESCRIPT.DLL : 8.1.4.114 483709 Bytes 10.05.2013 14:25:24 AESCN.DLL : 8.1.10.4 131446 Bytes 30.03.2013 14:14:34 AESBX.DLL : 8.2.5.12 606578 Bytes 14.06.2012 19:33:24 AERDL.DLL : 8.2.0.88 643444 Bytes 10.01.2013 18:45:28 AEPACK.DLL : 8.3.2.12 754040 Bytes 09.05.2013 09:46:10 AEOFFICE.DLL : 8.1.2.56 205180 Bytes 10.03.2013 13:49:07 AEHEUR.DLL : 8.1.4.358 5898617 Bytes 13.05.2013 18:29:03 AEHELP.DLL : 8.1.25.10 258425 Bytes 09.05.2013 09:46:00 AEGEN.DLL : 8.1.7.4 442741 Bytes 09.05.2013 09:45:59 AEEXP.DLL : 8.4.0.28 201078 Bytes 10.05.2013 14:25:25 AEEMU.DLL : 8.1.3.2 393587 Bytes 10.07.2012 19:30:56 AECORE.DLL : 8.1.31.2 201080 Bytes 20.02.2013 10:25:33 AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 14:32:45 AVWINLL.DLL : 12.3.0.15 27344 Bytes 08.05.2012 20:19:46 AVPREF.DLL : 12.3.0.32 50720 Bytes 14.11.2012 21:02:24 AVREP.DLL : 12.3.0.15 179208 Bytes 08.05.2012 20:19:47 AVARKT.DLL : 12.3.0.33 209696 Bytes 14.11.2012 21:02:23 AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 08.05.2012 20:19:46 SQLITE3.DLL : 3.7.0.1 398288 Bytes 08.05.2012 20:19:47 AVSMTP.DLL : 12.3.0.32 63480 Bytes 08.08.2012 19:05:02 NETNT.DLL : 12.3.0.15 17104 Bytes 08.05.2012 20:19:46 RCIMAGE.DLL : 12.3.0.31 4444408 Bytes 08.08.2012 19:04:59 RCTEXT.DLL : 12.3.0.32 98848 Bytes 14.11.2012 21:02:23 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Vollständige Systemprüfung Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp Protokollierung.......................: standard Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, Durchsuche aktive Programme...........: ein Laufende Programme erweitert..........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: ein Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: erweitert Abweichende Gefahrenkategorien........: +JOKE,+PFS,+SPR, Beginn des Suchlaufs: Montag, 13. Mai 2013 21:17 Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! Der Suchlauf nach versteckten Objekten wird begonnen. Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'avscan.exe' - '100' Modul(e) wurden durchsucht Durchsuche Prozess 'SDUpdate.exe' - '105' Modul(e) wurden durchsucht Durchsuche Prozess 'FlashPlayerPlugin_11_6_602_180.exe' - '60' Modul(e) wurden durchsucht Durchsuche Prozess 'FlashPlayerPlugin_11_6_602_180.exe' - '48' Modul(e) wurden durchsucht Durchsuche Prozess 'plugin-container.exe' - '82' Modul(e) wurden durchsucht Durchsuche Prozess 'firefox.exe' - '137' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '118' Modul(e) wurden durchsucht Durchsuche Prozess 'iexplore.exe' - '69' Modul(e) wurden durchsucht Durchsuche Prozess 'ctfmon.exe' - '63' Modul(e) wurden durchsucht Durchsuche Prozess 'UNS.exe' - '56' Modul(e) wurden durchsucht Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '48' Modul(e) wurden durchsucht Durchsuche Prozess 'LMworker.exe' - '22' Modul(e) wurden durchsucht Durchsuche Prozess 'iTunesHelper.exe' - '73' Modul(e) wurden durchsucht Durchsuche Prozess 'EgisUpdate.exe' - '49' Modul(e) wurden durchsucht Durchsuche Prozess 'SDTray.exe' - '107' Modul(e) wurden durchsucht Durchsuche Prozess 'jusched.exe' - '80' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '89' Modul(e) wurden durchsucht Durchsuche Prozess 'LManager.exe' - '71' Modul(e) wurden durchsucht Durchsuche Prozess 'BackupManagerTray.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'PmmUpdate.exe' - '63' Modul(e) wurden durchsucht Durchsuche Prozess 'IAStorIcon.exe' - '52' Modul(e) wurden durchsucht Durchsuche Prozess 'ONENOTEM.EXE' - '22' Modul(e) wurden durchsucht Durchsuche Prozess 'Dropbox.exe' - '80' Modul(e) wurden durchsucht Durchsuche Prozess 'Rainlendar2.exe' - '45' Modul(e) wurden durchsucht Durchsuche Prozess 'GoogleToolbarNotifier.exe' - '78' Modul(e) wurden durchsucht Durchsuche Prozess 'mwlDaemon.exe' - '74' Modul(e) wurden durchsucht Durchsuche Prozess 'SDWSCSvc.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'SDUpdSvc.exe' - '80' Modul(e) wurden durchsucht Durchsuche Prozess 'UpdaterService.exe' - '25' Modul(e) wurden durchsucht Durchsuche Prozess 'SDFSSvc.exe' - '83' Modul(e) wurden durchsucht Durchsuche Prozess 'PMBDeviceInfoProvider.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'IScheduleSvc.exe' - '67' Modul(e) wurden durchsucht Durchsuche Prozess 'LMS.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '39' Modul(e) wurden durchsucht Durchsuche Prozess 'GREGsvc.exe' - '11' Modul(e) wurden durchsucht Durchsuche Prozess 'dsiwmis.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'AppleMobileDeviceService.exe' - '68' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '62' Modul(e) wurden durchsucht Durchsuche Prozess 'armsvc.exe' - '24' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '42' Modul(e) wurden durchsucht Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '4893' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' <Acer> Ende des Suchlaufs: Dienstag, 14. Mai 2013 00:19 Benötigte Zeit: 3:02:06 Stunde(n) Der Suchlauf wurde vollständig durchgeführt. 46911 Verzeichnisse wurden überprüft 895894 Dateien wurden geprüft 0 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 0 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 895894 Dateien ohne Befall 6142 Archive wurden durchsucht 0 Warnungen 0 Hinweise 893490 Objekte wurden beim Rootkitscan durchsucht 0 Versteckte Objekte wurden gefunden Heute habe ich Malware-Bytes installiert und den Quick-Check gemacht und siehe da, er wurde fündig. Hier der Log: Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.14.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16540 Sasha :: HAINSI [Administrator] Schutz: Aktiviert 14.05.2013 08:58:48 mbam-log-2013-05-14 (08-58-48).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 273401 Laufzeit: 6 Minute(n), 24 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Users\Claudi\AppData\Local\Temp\leugaeaugu.pre (Trojan.Fakenero.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\$Recycle.Bin\S-1-5-21-2127498475-2954064385-2103805440-1003\$R7W3SWE\tjfotxxn.exe (Trojan.Fakenero.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Claudi\AppData\Local\Temp\Bbcpfwm\oqdfgrsuul.exe (Trojan.Fakenero.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Claudi\Downloads\SoftonicDownloader_fuer_mp3directcut.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Dann habe ich den Rechner neu gestartet, was auch problemlos ging und nochmal einen Suchlauf gestartet, der ohne Funde beendet wurde. Siehe hier: Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.14.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16540 Claudi :: HAINSI [limitiert] Schutz: Aktiviert 14.05.2013 10:53:07 mbam-log-2013-05-14 (10-53-07).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 199382 Laufzeit: 10 Minute(n), 59 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Ist das so ok mit den Logs, da sie in anderen Einträgen immer in einem Extra-Feld zum Scrollen angezeigt werden. Ich weiß aber nicht, wie ich das anders einfügen soll... Sollte ich noch weitere Maßnahmen ergreifen, um wirklich sicher zu gehen, dass der Rechner clean ist, wenn ja welche?? Vielen Dank schon mal im Voraus für Antworten. |
|
14.05.2013, 10:51
| #2 |
| /// Malwareteam / Visitor  | Inkasso Mail mit Zip-Anhang geöffnet, Trojaner Fund mit Malware Bytes Hi Malwarto
__________________Ich bin Smeenk und ich werde versuchen Dir zu helfen  Systemscan mit ZOEK Bitte lade die zoek.exe von hier: http://hijackthis.nl/smeenk/
Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte alles nach Möglichkeit hier in CODE-Tags posten: [code] Dein Log hier [/code] |
|
14.05.2013, 11:35
| #3 |
| | Inkasso Mail mit Zip-Anhang geöffnet, Trojaner Fund mit Malware Bytes Hallo Smeenk,
__________________danke für die schnelle Antwort. Zoek ist durch, hier der Log. Ich mach jetzt weiter mit TDSSKiller. Code:
ATTFilter Zoek.exe Version 4.0.0.2 Updated 12-May-2013
Tool run by Administrator on 14.05.2013 at 12:03:22,91.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2127498475-2954064385-2103805440-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4f12-8568-69135F087DB0} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0} deleted successfully
==== Deleting CLSID Registry Values ======================
==== FireFox Fix ======================
ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zmz3mvt4.default
user.js not found
---- Lines searchnu removed from prefs.js ----
---- Lines searchnu modified from prefs.js ----
---- Lines searchqu removed from prefs.js ----
---- Lines searchqu modified from prefs.js ----
---- Lines ICQ Search removed from prefs.js ----
---- Lines ICQ Search modified from prefs.js ----
---- Lines icq.com removed from prefs.js ----
---- Lines icq.com modified from prefs.js ----
---- Lines Search Results removed from prefs.js ----
---- Lines Search Results modified from prefs.js ----
---- Lines Search-Results removed from prefs.js ----
---- Lines Search-Results modified from prefs.js ----
---- Lines 1FD91A9C-410C-4090-BBCC-55D3450EF433 removed from prefs.js ----
---- Lines 1FD91A9C-410C-4090-BBCC-55D3450EF433 modified from prefs.js ----
---- Lines mybrowserbar removed from prefs.js ----
---- Lines mybrowserbar modified from prefs.js ----
---- FireFox user.js and prefs.js backups ----
prefs__1210_.backup
ProfilePath: C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\4f5d6fi7.Alte Lesezeichen
user.js not found
---- Lines searchnu removed from prefs.js ----
---- Lines searchnu modified from prefs.js ----
---- Lines searchqu removed from prefs.js ----
---- Lines searchqu modified from prefs.js ----
---- Lines ICQ Search removed from prefs.js ----
user_pref("browser.search.defaultenginename", "ICQ Search");
---- Lines ICQ Search modified from prefs.js ----
---- Lines icq.com removed from prefs.js ----
user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=");
---- Lines icq.com modified from prefs.js ----
---- Lines Search Results removed from prefs.js ----
---- Lines Search Results modified from prefs.js ----
---- Lines Search-Results removed from prefs.js ----
---- Lines Search-Results modified from prefs.js ----
---- Lines 1FD91A9C-410C-4090-BBCC-55D3450EF433 removed from prefs.js ----
---- Lines 1FD91A9C-410C-4090-BBCC-55D3450EF433 modified from prefs.js ----
---- Lines mybrowserbar removed from prefs.js ----
---- Lines mybrowserbar modified from prefs.js ----
user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18,jqs@sun.com:1.0,pdfforge@mybrowserbar.com:4.1,extension@virtusdesigns.com:3.6.6,wtxpcom@mybrowserbar.com:4.1,{3713a489-0634-4472-8456-dc7abd7eba00}:1.3.1,{5c876f30-10ce-11dd-bd0b-0800200c9a66}:3.6.6,CrystalFox_Qute@BigRedBrent:3.7,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13,{20C3BDFF-DA68-468d-8D9A-F5A6C76B0F9E}:3.13");
---- FireFox user.js and prefs.js backups ----
prefs__1210_.backup
ProfilePath: C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\sde4qaok.default
user.js not found
---- Lines searchnu removed from prefs.js ----
---- Lines searchnu modified from prefs.js ----
---- Lines searchqu removed from prefs.js ----
---- Lines searchqu modified from prefs.js ----
---- Lines ICQ Search removed from prefs.js ----
---- Lines ICQ Search modified from prefs.js ----
---- Lines icq.com removed from prefs.js ----
---- Lines icq.com modified from prefs.js ----
---- Lines Search Results removed from prefs.js ----
---- Lines Search Results modified from prefs.js ----
---- Lines Search-Results removed from prefs.js ----
user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q=");
---- Lines Search-Results modified from prefs.js ----
---- Lines 1FD91A9C-410C-4090-BBCC-55D3450EF433 removed from prefs.js ----
---- Lines 1FD91A9C-410C-4090-BBCC-55D3450EF433 modified from prefs.js ----
---- Lines mybrowserbar removed from prefs.js ----
---- Lines mybrowserbar modified from prefs.js ----
---- FireFox user.js and prefs.js backups ----
prefs__1210_.backup
ProfilePath: C:\Users\Sasha\AppData\Roaming\Mozilla\Firefox\Profiles\bbpp8szj.default
user.js not found
---- Lines searchnu removed from prefs.js ----
user_pref("browser.startup.homepage", "hxxp://www.searchnu.com/410");
---- Lines searchnu modified from prefs.js ----
---- Lines searchqu removed from prefs.js ----
---- Lines searchqu modified from prefs.js ----
---- Lines ICQ Search removed from prefs.js ----
---- Lines ICQ Search modified from prefs.js ----
---- Lines icq.com removed from prefs.js ----
---- Lines icq.com modified from prefs.js ----
---- Lines Search Results removed from prefs.js ----
user_pref("browser.search.defaultenginename", "Search Results");
user_pref("browser.search.order.1", "Search Results");
user_pref("browser.search.selectedEngine", "Search Results");
---- Lines Search Results modified from prefs.js ----
---- Lines Search-Results removed from prefs.js ----
user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q=");
---- Lines Search-Results modified from prefs.js ----
---- Lines 1FD91A9C-410C-4090-BBCC-55D3450EF433 removed from prefs.js ----
---- Lines 1FD91A9C-410C-4090-BBCC-55D3450EF433 modified from prefs.js ----
---- Lines mybrowserbar removed from prefs.js ----
---- Lines mybrowserbar modified from prefs.js ----
---- FireFox user.js and prefs.js backups ----
prefs__1210_.backup
ProfilePath: C:\Users\Sasha\AppData\Roaming\Mozilla\Firefox\Profiles\s90i49i6.Asus-Stuff
user.js not found
---- Lines searchnu removed from prefs.js ----
---- Lines searchnu modified from prefs.js ----
---- Lines searchqu removed from prefs.js ----
---- Lines searchqu modified from prefs.js ----
---- Lines ICQ Search removed from prefs.js ----
user_pref("browser.search.defaultenginename", "ICQ Search");
---- Lines ICQ Search modified from prefs.js ----
---- Lines icq.com removed from prefs.js ----
user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=");
---- Lines icq.com modified from prefs.js ----
---- Lines Search Results removed from prefs.js ----
---- Lines Search Results modified from prefs.js ----
---- Lines Search-Results removed from prefs.js ----
---- Lines Search-Results modified from prefs.js ----
---- Lines 1FD91A9C-410C-4090-BBCC-55D3450EF433 removed from prefs.js ----
---- Lines 1FD91A9C-410C-4090-BBCC-55D3450EF433 modified from prefs.js ----
---- Lines mybrowserbar removed from prefs.js ----
---- Lines mybrowserbar modified from prefs.js ----
---- FireFox user.js and prefs.js backups ----
prefs__1210_.backup
==== Deleting Files \ Folders ======================
"C:\Users\Sasha\AppData\Roaming\Mozilla\Firefox\Profiles\bbpp8szj.default\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}" deleted
"C:\Program Files (x86)\Mozilla Firefox\searchplugins\Search_Results.xml" deleted
"C:\ProgramData\xml99D2.tmp" deleted
"C:\ProgramData\xmlA798.tmp" deleted
"C:\ProgramData\xmlA7E7.tmp" deleted
"C:\ProgramData\xmlC37E.tmp" deleted
"C:\ProgramData\xmlC459.tmp" deleted
"C:\ProgramData\xmlC4A8.tmp" deleted
"C:\ProgramData\hpothb07.dat" deleted
"C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\4f5d6fi7.Alte Lesezeichen\searchplugins\icqplugin-1.xml" deleted
"C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\4f5d6fi7.Alte Lesezeichen\searchplugins\icqplugin-2.xml" deleted
"C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\4f5d6fi7.Alte Lesezeichen\searchplugins\icqplugin-3.xml" deleted
"C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\4f5d6fi7.Alte Lesezeichen\searchplugins\icqplugin-4.xml" deleted
"C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\4f5d6fi7.Alte Lesezeichen\searchplugins\icqplugin-5.xml" deleted
"C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\4f5d6fi7.Alte Lesezeichen\searchplugins\icqplugin-6.xml" deleted
"C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\4f5d6fi7.Alte Lesezeichen\searchplugins\icqplugin-7.xml" deleted
"C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\4f5d6fi7.Alte Lesezeichen\searchplugins\icqplugin-8.xml" deleted
"C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\4f5d6fi7.Alte Lesezeichen\searchplugins\icqplugin.xml" deleted
"C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\4f5d6fi7.Alte Lesezeichen\searchplugins\icq-search.xml" deleted
"C:\Users\Sasha\AppData\Roaming\Mozilla\Firefox\Profiles\bbpp8szj.default\searchplugins\Search_Results.xml" deleted
"C:\Users\Sasha\AppData\Roaming\Mozilla\Firefox\Profiles\s90i49i6.Asus-Stuff\searchplugins\icqplugin-1.xml" deleted
"C:\Users\Sasha\AppData\Roaming\Mozilla\Firefox\Profiles\s90i49i6.Asus-Stuff\searchplugins\icqplugin-2.xml" deleted
"C:\Users\Sasha\AppData\Roaming\Mozilla\Firefox\Profiles\s90i49i6.Asus-Stuff\searchplugins\icqplugin-3.xml" deleted
"C:\Users\Sasha\AppData\Roaming\Mozilla\Firefox\Profiles\s90i49i6.Asus-Stuff\searchplugins\icqplugin-4.xml" deleted
"C:\Users\Sasha\AppData\Roaming\Mozilla\Firefox\Profiles\s90i49i6.Asus-Stuff\searchplugins\icqplugin-5.xml" deleted
"C:\Users\Sasha\AppData\Roaming\Mozilla\Firefox\Profiles\s90i49i6.Asus-Stuff\searchplugins\icqplugin-6.xml" deleted
"C:\Users\Sasha\AppData\Roaming\Mozilla\Firefox\Profiles\s90i49i6.Asus-Stuff\searchplugins\icqplugin-7.xml" deleted
"C:\Users\Sasha\AppData\Roaming\Mozilla\Firefox\Profiles\s90i49i6.Asus-Stuff\searchplugins\icqplugin-8.xml" deleted
"C:\Users\Sasha\AppData\Roaming\Mozilla\Firefox\Profiles\s90i49i6.Asus-Stuff\searchplugins\icqplugin.xml" deleted
"C:\Users\Sasha\AppData\Roaming\Mozilla\Firefox\Profiles\s90i49i6.Asus-Stuff\searchplugins\icq-search.xml" deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\TB" deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin" deleted
"C:\Program Files (x86)\Windows Searchqu Toolbar" deleted
"C:\ProgramData\Partner" deleted
"C:\ProgramData\boost_interprocess" deleted
"C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zmz3mvt4.default\searchqutoolbar" deleted
"C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\4f5d6fi7.Alte Lesezeichen\searchqutoolbar" deleted
"C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\sde4qaok.default\searchqutoolbar" deleted
"C:\Users\Sasha\AppData\Roaming\Mozilla\Firefox\Profiles\bbpp8szj.default\searchqutoolbar" deleted
"C:\Users\Sasha\AppData\Roaming\Mozilla\Firefox\Profiles\s90i49i6.Asus-Stuff\searchqutoolbar" deleted
==== Files Recently Created / Modified ======================
====== C:\Windows ====
2013-04-26 10:00:18 079AA86246996F5192821A6FFD2ADC61 303171855 ----a-w- C:\Windows\MEMORY.DMP
====== C:\Users\ADMINI~1\AppData\Local\Temp ====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2013-05-14 06:52:45 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
2013-04-24 14:17:26 B98F8C6E31CD07B2E6F71F7F648E38C0 1656680 ----a-w- C:\Windows\Sysnative\drivers\ntfs.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-05-01 09:26:00 -------- d-----w- C:\Program Files\iPod
2013-05-01 09:25:59 -------- d-----w- C:\Program Files\iTunes
======= C:\Program Files (x86) =====
2013-05-11 17:53:04 -------- d-----w- C:\Program Files (x86)\Easy Phone Sync
2013-05-09 09:49:37 -------- d-----w- C:\Program Files (x86)\ipswDownloader
2013-05-01 09:25:59 -------- d-----w- C:\Program Files (x86)\iTunes
2013-05-01 09:18:30 -------- d-----w- C:\Program Files (x86)\QuickTime
2013-04-17 15:56:40 -------- d-----w- C:\Program Files (x86)\Mozilla Thunderbird
======= =====
====== C:\Users\Administrator\AppData\Roaming ======
2013-05-11 17:51:45 -------- d-----w- C:\users\Sasha\AppData\Roaming\Media Mushroom Limited
2013-05-09 09:49:37 -------- d-----w- C:\users\Sasha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ipswDownloader
2013-04-21 11:40:10 F2CA2FDD46962F324402C71D99A0E996 5632 ----a-w- C:\users\Claudi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
====== C:\Users\Administrator ======
2013-05-11 17:57:09 -------- d-----w- C:\Users\Sasha\MSYNC
2013-05-11 17:53:13 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Phone Sync
2013-05-01 09:26:51 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2013-05-01 09:25:59 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-01 09:18:33 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
====== C: exe-files ==
2013-05-09 09:49:37 BB5064687226107A4F60995FE083B370 53074 ----a-w- C:\Program Files (x86)\ipswDownloader\uninst.exe
=== C: other files ==
2013-05-13 22:00:04 9344D34E2CD574121F8E31C0946ABDAF 6645 ----a-w- C:\Users\Claudi\.rainlendar2\backups\20130514-Rainlendar2Backup.zip
2013-05-12 22:00:00 B43A2DBCBC2D36CC138CDCF656ECFF2D 6645 ----a-w- C:\Users\Claudi\.rainlendar2\backups\20130513-Rainlendar2Backup.zip
2013-05-11 22:00:00 280C1C5F44DC2328252C126B0BF2A891 1825 ----a-w- C:\Users\Sasha\.rainlendar2\backups\20130512-Rainlendar2Backup.zip
2013-05-11 22:00:00 09829C49058FD2DD40B741F2A7725832 6645 ----a-w- C:\Users\Claudi\.rainlendar2\backups\20130512-Rainlendar2Backup.zip
2013-05-11 17:45:42 CB0B99F926B5EFBF08CEEEE672572E2B 1825 ----a-w- C:\Users\Sasha\.rainlendar2\backups\20130511-Rainlendar2Backup.zip
2013-05-11 09:43:52 9EF915D7E1DAA17409E4F2F59AD56423 6645 ----a-w- C:\Users\Claudi\.rainlendar2\backups\20130511-Rainlendar2Backup.zip
2013-05-10 07:26:52 9FEEC725FB04DBB233B32282FBD9039D 6645 ----a-w- C:\Users\Claudi\.rainlendar2\backups\20130510-Rainlendar2Backup.zip
2013-05-09 16:10:51 D1B8B1ED186473754F919BC2C13649AF 6645 ----a-w- C:\Users\Claudi\.rainlendar2\backups\20130509-Rainlendar2Backup.zip
2013-05-09 09:59:16 25323177557A26701152598B21EE7D55 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2127498475-2954064385-2103805440-1001\$I8FPQCB.zip
2013-05-09 09:47:39 037B3525B8C257A80C10FD588C5623B0 487707 ----a-w- C:\$Recycle.Bin\S-1-5-21-2127498475-2954064385-2103805440-1001\$R8FPQCB.zip
2013-05-09 09:41:15 5D41C9C507D9959A28BFF50E708DE4B6 1825 ----a-w- C:\Users\Sasha\.rainlendar2\backups\20130509-Rainlendar2Backup.zip
2013-05-07 22:00:01 8A54EEAA0CCA3DA094967660AC66F5DA 6645 ----a-w- C:\Users\Claudi\.rainlendar2\backups\20130508-Rainlendar2Backup.zip
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-21-2127498475-2954064385-2103805440-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe"
"cxrvtxxn"="C:\Users\Claudi\Zzrhrhb\tjfotxxn.exe"
"iuxksuul"="C:\Users\Claudi\AppData\Local\Temp\Bbcpfwm\oqdfgrsuul.exe"
"mixeren"="C:\Users\Claudi\AppData\Roaming\mixeren.exe -autorun"
[HKEY_USERS\S-1-5-21-2127498475-2954064385-2103805440-500\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"SuiteTray"="C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
"EgisUpdate"="C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe -d"
"EgisTecPMMUpdate"="C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
"BackupManagerTray"="C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe -h -k"
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe"
"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"DATAMNGR"="C:\PROGRA~2\WIA6EB~1\Datamngr\DATAMN~1.EXE"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"SDTray"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
" Malwarebytes Anti-Malware "="C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent"
" Malwarebytes Anti-Malware (cleanup)"="rundll32.exe C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll,ProcessCleanupScript"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mwlDaemon"="C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe"
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"Acer ePower Management"="C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe"
"ETDWare"="%ProgramFiles%\Elantech\ETDCtrl.exe "
==== Startup Registry Disabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe Reader Speed Launcher"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Reader_sl.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeAAMUpdater-1.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeAAMUpdater-1.0"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HP Software Update"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PDFPrint]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDFPrint"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\PDF24\\pdf24.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PMBVolumeWatcher]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PMBVolumeWatcher"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Sony\\PMB\\PMBVolumeWatcher.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PureSync]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PureSync"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\PureSync\\PureSyncTray.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QuickTime Task"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Steam"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Steam\\Steam.exe\" -silent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="swg"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"item"="HP Digital Imaging Monitor"
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk"
"backup"="C:\\Windows\\pss\\HP Digital Imaging Monitor.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\HEWLET~1\\DIGITA~1\\bin\\hpqtra08.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hp psc 2000 Series.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\hp psc 2000 Series.lnk"
"backup"="C:\\Windows\\pss\\hp psc 2000 Series.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\HEWLET~1\\DIGITA~1\\bin\\hpobnz08.exe "
"item"="hp psc 2000 Series"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\hpoddt01.exe.lnk"
"backup"="C:\\Windows\\pss\\hpoddt01.exe.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\HEWLET~1\\DIGITA~1\\bin\\hpotdd01.exe "
"item"="hpoddt01.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Sasha^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk]
"item"="OneNote 2010 Bildschirmausschnitt- und Startprogramm"
"path"="C:\\Users\\Sasha\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk"
"backup"="C:\\Windows\\pss\\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~2\\MICROS~2\\Office14\\ONENOTEM.EXE"
==== Startup Folders ======================
2013-02-20 09:57:58 1052 ----a-w- C:\users\Claudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2011-01-06 22:01:14 1348 ----a-w- C:\users\Claudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [12.03.2013 21:38]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [04.01.2011 19:21]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [04.01.2011 19:21]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zmz3mvt4.default
- Undetermined - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
- Searchqu Toolbar - %ProfilePath%\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
ProfilePath: C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\4f5d6fi7.Alte Lesezeichen
- Undetermined - C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
- Undetermined - C:\Programme\Java\jre6\lib\deploy\jqs\ff
- Undetermined - C:\Programme\pdfforge Toolbar\FF
- Undetermined - C:\Dokumente und Einstellungen\Sasha\Anwendungsdaten\Mozilla\Firefox\Profiles\8wyuy6g3.default\extensions\extension@virtusdesigns.com
- Undetermined - C:\Programme\Gemeinsame Dateien\Spigot\wtxpcom
- Undetermined - C:\Dokumente und Einstellungen\Sasha\Anwendungsdaten\Mozilla\Firefox\Profiles\8wyuy6g3.default\extensions\{3713a489-0634-4472-8456-dc7abd7eba00}
- Undetermined - C:\Dokumente und Einstellungen\Sasha\Anwendungsdaten\Mozilla\Firefox\Profiles\8wyuy6g3.default\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}
- Undetermined - C:\Dokumente und Einstellungen\Sasha\Anwendungsdaten\Mozilla\Firefox\Profiles\8wyuy6g3.default\extensions\CrystalFox_Qute@BigRedBrent
- Undetermined - C:\Dokumente und Einstellungen\Sasha\Anwendungsdaten\Mozilla\Firefox\Profiles\8wyuy6g3.default\extensions\{20C3BDFF-DA68-468d-8D9A-F5A6C76B0F9E}
- Chromifox Basic - %ProfilePath%\extensions\chromifox@altmusictv.com
- CrystalFox Qute - %ProfilePath%\extensions\CrystalFox_Qute@BigRedBrent
- Virtus Search Opt-in - %ProfilePath%\extensions\extension@virtusdesigns.com
- Utopia FFSE White - %ProfilePath%\extensions\{20C3BDFF-DA68-468d-8D9A-F5A6C76B0F9E}
- Google Toolbar for Firefox - %ProfilePath%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
- Abaca classic - %ProfilePath%\extensions\{3713a489-0634-4472-8456-dc7abd7eba00}
- Aero Fox Silver XL - %ProfilePath%\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}
- iFox Graphite - %ProfilePath%\extensions\{74b288e6-77b6-41c7-8138-bb81f4539689}
- Vista Nature - %ProfilePath%\extensions\{9864f3b8-68ba-463e-9589-20a4da429bb7}
- Searchqu Toolbar - %ProfilePath%\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
- Miint - %ProfilePath%\extensions\{d596c130-b00a-11db-abbd-0800200c9a66}
ProfilePath: C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\sde4qaok.default
- Searchqu Toolbar - %ProfilePath%\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
- HS-Fulda Theme - %ProfilePath%\extensions\{08198ea0-e430-11df-bccf-0800200c9a66}.xpi
- Utopia FFSE White - %ProfilePath%\extensions\{20C3BDFF-DA68-468d-8D9A-F5A6C76B0F9E}.xpi
ProfilePath: C:\Users\Sasha\AppData\Roaming\Mozilla\Firefox\Profiles\bbpp8szj.default
- Utopia FFSE White - %ProfilePath%\extensions\{20C3BDFF-DA68-468d-8D9A-F5A6C76B0F9E}
- Searchqu Toolbar - %ProfilePath%\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
- Free YouTube Download Free Studio Menu - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
ProfilePath: C:\Users\Sasha\AppData\Roaming\Mozilla\Firefox\Profiles\s90i49i6.Asus-Stuff
- Chromifox Basic - %ProfilePath%\extensions\chromifox@altmusictv.com
- CrystalFox Qute - %ProfilePath%\extensions\CrystalFox_Qute@BigRedBrent
- Virtus Search Opt-in - %ProfilePath%\extensions\extension@virtusdesigns.com
- Google Toolbar for Firefox - %ProfilePath%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
- Abaca classic - %ProfilePath%\extensions\{3713a489-0634-4472-8456-dc7abd7eba00}
- Aero Fox Silver XL - %ProfilePath%\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}
- iFox Graphite - %ProfilePath%\extensions\{74b288e6-77b6-41c7-8138-bb81f4539689}
- Vista Nature - %ProfilePath%\extensions\{9864f3b8-68ba-463e-9589-20a4da429bb7}
- Searchqu Toolbar - %ProfilePath%\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
- Miint - %ProfilePath%\extensions\{d596c130-b00a-11db-abbd-0800200c9a66}
- Stealthy - %ProfilePath%\extensions\stealthyextension@gmail.com.xpi
- Utopia FFSE White - %ProfilePath%\extensions\{20C3BDFF-DA68-468d-8D9A-F5A6C76B0F9E}.xpi
- DVDVideoSoft YouTube MP3 and Video Download - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
- FXChrome - %ProfilePath%\extensions\{c0c588b6-b11d-4898-af00-079fed05aa32}.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
==== Deleting Files \ Folders ======================
"C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zmz3mvt4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}" deleted
"C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\4f5d6fi7.Alte Lesezeichen\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}" deleted
"C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\sde4qaok.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}" deleted
"C:\Users\Sasha\AppData\Roaming\Mozilla\Firefox\Profiles\bbpp8szj.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}" deleted
"C:\Users\Sasha\AppData\Roaming\Mozilla\Firefox\Profiles\s90i49i6.Asus-Stuff\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}" deleted
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273601118165l04f4z1m5v47422582"
"Default_Page_URL"="hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273601118165l04f4z1m5v47422582"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273601118165l04f4z1m5v47422582"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{67A2568C-7A0A-4EED-AECC-B5405DE63B64}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{67A2568C-7A0A-4EED-AECC-B5405DE63B64} Google Url="hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE413DE413"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Deleting CLSID Registry Keys ======================
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Claudi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Claudi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Claudi\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Claudi\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Claudi\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sasha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zmz3mvt4.default\Cache emptied successfully
C:\users\Claudi\AppData\Local\Mozilla\Firefox\Profiles\sde4qaok.default\Cache emptied successfully
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
Code:
ATTFilter 12:41:20.0195 2676 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:41:20.0476 2676 ============================================================
12:41:20.0476 2676 Current date / time: 2013/05/14 12:41:20.0476
12:41:20.0476 2676 SystemInfo:
12:41:20.0476 2676
12:41:20.0476 2676 OS Version: 6.1.7601 ServicePack: 1.0
12:41:20.0476 2676 Product type: Workstation
12:41:20.0476 2676 ComputerName: HAINSI
12:41:20.0476 2676 UserName: Administrator
12:41:20.0476 2676 Windows directory: C:\Windows
12:41:20.0476 2676 System windows directory: C:\Windows
12:41:20.0476 2676 Running under WOW64
12:41:20.0476 2676 Processor architecture: Intel x64
12:41:20.0476 2676 Number of processors: 4
12:41:20.0476 2676 Page size: 0x1000
12:41:20.0476 2676 Boot type: Normal boot
12:41:20.0476 2676 ============================================================
12:41:21.0240 2676 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:41:21.0240 2676 ============================================================
12:41:21.0240 2676 \Device\Harddisk0\DR0:
12:41:21.0240 2676 MBR partitions:
12:41:21.0240 2676 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
12:41:21.0240 2676 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x239FB800
12:41:21.0240 2676 ============================================================
12:41:21.0256 2676 C: <-> \Device\Harddisk0\DR0\Partition2
12:41:21.0256 2676 ============================================================
12:41:21.0256 2676 Initialize success
12:41:21.0256 2676 ============================================================
12:42:14.0842 4476 ============================================================
12:42:14.0842 4476 Scan started
12:42:14.0842 4476 Mode: Manual; SigCheck; TDLFS;
12:42:14.0842 4476 ============================================================
12:42:15.0544 4476 ================ Scan system memory ========================
12:42:15.0544 4476 System memory - ok
12:42:15.0544 4476 ================ Scan services =============================
12:42:15.0762 4476 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:42:15.0918 4476 1394ohci - ok
12:42:15.0981 4476 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:42:16.0012 4476 ACPI - ok
12:42:16.0090 4476 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:42:16.0137 4476 AcpiPmi - ok
12:42:16.0293 4476 [ 8B46D5A1D3EF08232C04D0EAFB871FB2 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
12:42:16.0355 4476 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
12:42:16.0355 4476 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
12:42:16.0480 4476 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:42:16.0495 4476 AdobeARMservice - ok
12:42:16.0683 4476 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:42:16.0714 4476 AdobeFlashPlayerUpdateSvc - ok
12:42:16.0761 4476 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
12:42:16.0807 4476 adp94xx - ok
12:42:16.0839 4476 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
12:42:16.0870 4476 adpahci - ok
12:42:16.0917 4476 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
12:42:16.0948 4476 adpu320 - ok
12:42:16.0995 4476 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:42:17.0073 4476 AeLookupSvc - ok
12:42:17.0119 4476 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
12:42:17.0182 4476 AFD - ok
12:42:17.0197 4476 AFS - ok
12:42:17.0244 4476 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
12:42:17.0275 4476 agp440 - ok
12:42:17.0307 4476 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
12:42:17.0400 4476 ALG - ok
12:42:17.0463 4476 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
12:42:17.0494 4476 aliide - ok
12:42:17.0525 4476 [ F687D4976EFF550FB0BE45A5CB19F18F ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:42:17.0587 4476 AMD External Events Utility - ok
12:42:17.0603 4476 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
12:42:17.0619 4476 amdide - ok
12:42:17.0665 4476 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
12:42:17.0728 4476 AmdK8 - ok
12:42:17.0899 4476 [ 74687C33C4AD25A975BBB1EA1E8B3884 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
12:42:18.0180 4476 amdkmdag - ok
12:42:18.0243 4476 [ C7F56ED86327A78E7F8A5CC503A98BD6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
12:42:18.0305 4476 amdkmdap - ok
12:42:18.0336 4476 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
12:42:18.0383 4476 AmdPPM - ok
12:42:18.0461 4476 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:42:18.0492 4476 amdsata - ok
12:42:18.0555 4476 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
12:42:18.0586 4476 amdsbs - ok
12:42:18.0601 4476 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:42:18.0633 4476 amdxata - ok
12:42:18.0726 4476 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
12:42:18.0742 4476 AntiVirSchedulerService - ok
12:42:18.0804 4476 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
12:42:18.0820 4476 AntiVirService - ok
12:42:18.0882 4476 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
12:42:18.0976 4476 AppID - ok
12:42:19.0023 4476 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:42:19.0116 4476 AppIDSvc - ok
12:42:19.0194 4476 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
12:42:19.0288 4476 Appinfo - ok
12:42:19.0444 4476 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:42:19.0459 4476 Apple Mobile Device - ok
12:42:19.0491 4476 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
12:42:19.0522 4476 arc - ok
12:42:19.0537 4476 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
12:42:19.0569 4476 arcsas - ok
12:42:19.0693 4476 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:42:19.0740 4476 aspnet_state - ok
12:42:19.0771 4476 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:42:19.0849 4476 AsyncMac - ok
12:42:19.0912 4476 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
12:42:19.0927 4476 atapi - ok
12:42:20.0021 4476 [ E642491F64E58CD5BC8FB8B347DCF65F ] athr C:\Windows\system32\DRIVERS\athrx.sys
12:42:20.0130 4476 athr - ok
12:42:20.0193 4476 [ FC0E8778C000291CAF60EB88C011E931 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
12:42:20.0239 4476 atksgt - ok
12:42:20.0333 4476 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:42:20.0427 4476 AudioEndpointBuilder - ok
12:42:20.0458 4476 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
12:42:20.0505 4476 AudioSrv - ok
12:42:20.0583 4476 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
12:42:20.0598 4476 avgntflt - ok
12:42:20.0645 4476 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
12:42:20.0676 4476 avipbb - ok
12:42:20.0692 4476 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
12:42:20.0707 4476 avkmgr - ok
12:42:20.0801 4476 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:42:20.0926 4476 AxInstSV - ok
12:42:20.0988 4476 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
12:42:21.0097 4476 b06bdrv - ok
12:42:21.0113 4476 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
12:42:21.0175 4476 b57nd60a - ok
12:42:21.0222 4476 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
12:42:21.0300 4476 BDESVC - ok
12:42:21.0331 4476 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
12:42:21.0425 4476 Beep - ok
12:42:21.0519 4476 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
12:42:21.0612 4476 BFE - ok
12:42:21.0675 4476 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
12:42:21.0784 4476 BITS - ok
12:42:21.0831 4476 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:42:21.0877 4476 blbdrive - ok
12:42:22.0002 4476 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:42:22.0033 4476 Bonjour Service - ok
12:42:22.0096 4476 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:42:22.0158 4476 bowser - ok
12:42:22.0205 4476 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:42:22.0267 4476 BrFiltLo - ok
12:42:22.0283 4476 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:42:22.0345 4476 BrFiltUp - ok
12:42:22.0408 4476 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
12:42:22.0486 4476 Browser - ok
12:42:22.0501 4476 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:42:22.0579 4476 Brserid - ok
12:42:22.0595 4476 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:42:22.0642 4476 BrSerWdm - ok
12:42:22.0689 4476 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:42:22.0735 4476 BrUsbMdm - ok
12:42:22.0767 4476 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:42:22.0813 4476 BrUsbSer - ok
12:42:22.0845 4476 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
12:42:22.0891 4476 BTHMODEM - ok
12:42:22.0923 4476 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
12:42:23.0001 4476 bthserv - ok
12:42:23.0032 4476 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:42:23.0110 4476 cdfs - ok
12:42:23.0188 4476 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:42:23.0250 4476 cdrom - ok
12:42:23.0328 4476 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
12:42:23.0422 4476 CertPropSvc - ok
12:42:23.0469 4476 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
12:42:23.0500 4476 circlass - ok
12:42:23.0593 4476 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
12:42:23.0640 4476 CLFS - ok
12:42:23.0718 4476 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:42:23.0749 4476 clr_optimization_v2.0.50727_32 - ok
12:42:23.0859 4476 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:42:23.0890 4476 clr_optimization_v2.0.50727_64 - ok
12:42:23.0983 4476 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:42:24.0046 4476 clr_optimization_v4.0.30319_32 - ok
12:42:24.0077 4476 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:42:24.0093 4476 clr_optimization_v4.0.30319_64 - ok
12:42:24.0124 4476 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:42:24.0186 4476 CmBatt - ok
12:42:24.0233 4476 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:42:24.0264 4476 cmdide - ok
12:42:24.0327 4476 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
12:42:24.0389 4476 CNG - ok
12:42:24.0436 4476 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:42:24.0467 4476 Compbatt - ok
12:42:24.0498 4476 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
12:42:24.0576 4476 CompositeBus - ok
12:42:24.0592 4476 COMSysApp - ok
12:42:24.0607 4476 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
12:42:24.0639 4476 crcdisk - ok
12:42:24.0701 4476 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:42:24.0763 4476 CryptSvc - ok
12:42:24.0841 4476 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:42:24.0919 4476 DcomLaunch - ok
12:42:24.0966 4476 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
12:42:25.0013 4476 defragsvc - ok
12:42:25.0060 4476 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:42:25.0153 4476 DfsC - ok
12:42:25.0247 4476 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
12:42:25.0325 4476 Dhcp - ok
12:42:25.0356 4476 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
12:42:25.0403 4476 discache - ok
12:42:25.0434 4476 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
12:42:25.0465 4476 Disk - ok
12:42:25.0512 4476 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:42:25.0606 4476 Dnscache - ok
12:42:25.0653 4476 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
12:42:25.0746 4476 dot3svc - ok
12:42:25.0793 4476 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
12:42:25.0887 4476 DPS - ok
12:42:25.0933 4476 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:42:25.0996 4476 drmkaud - ok
12:42:26.0089 4476 [ 1FCA854CEDFC2CCD0C22E46EA4EA18F1 ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
12:42:26.0121 4476 DsiWMIService - ok
12:42:26.0214 4476 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
12:42:26.0245 4476 dtsoftbus01 - ok
12:42:26.0323 4476 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:42:26.0417 4476 DXGKrnl - ok
12:42:26.0448 4476 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
12:42:26.0511 4476 EapHost - ok
12:42:26.0620 4476 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
12:42:26.0823 4476 ebdrv - ok
12:42:26.0854 4476 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
12:42:26.0932 4476 EFS - ok
12:42:27.0010 4476 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:42:27.0119 4476 ehRecvr - ok
12:42:27.0150 4476 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
12:42:27.0228 4476 ehSched - ok
12:42:27.0291 4476 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
12:42:27.0337 4476 elxstor - ok
12:42:27.0447 4476 [ 3EA2C4F68A782839D97B3C83595575B6 ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
12:42:27.0493 4476 ePowerSvc - ok
12:42:27.0556 4476 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:42:27.0587 4476 ErrDev - ok
12:42:27.0665 4476 [ 0975BF32399A24117E317B5BF1D5D0AA ] ETD C:\Windows\system32\DRIVERS\ETD.sys
12:42:27.0696 4476 ETD - ok
12:42:27.0727 4476 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
12:42:27.0774 4476 EventSystem - ok
12:42:27.0790 4476 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
12:42:27.0868 4476 exfat - ok
12:42:27.0899 4476 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:42:27.0977 4476 fastfat - ok
12:42:28.0055 4476 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
12:42:28.0149 4476 Fax - ok
12:42:28.0180 4476 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:42:28.0242 4476 fdc - ok
12:42:28.0289 4476 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
12:42:28.0367 4476 fdPHost - ok
12:42:28.0398 4476 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
12:42:28.0476 4476 FDResPub - ok
12:42:28.0507 4476 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:42:28.0523 4476 FileInfo - ok
12:42:28.0554 4476 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:42:28.0648 4476 Filetrace - ok
12:42:28.0741 4476 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:42:28.0804 4476 FLEXnet Licensing Service - ok
12:42:28.0835 4476 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:42:28.0882 4476 flpydisk - ok
12:42:28.0975 4476 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:42:29.0007 4476 FltMgr - ok
12:42:29.0085 4476 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
12:42:29.0209 4476 FontCache - ok
12:42:29.0272 4476 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:42:29.0303 4476 FontCache3.0.0.0 - ok
12:42:29.0334 4476 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:42:29.0350 4476 FsDepends - ok
12:42:29.0397 4476 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:42:29.0428 4476 Fs_Rec - ok
12:42:29.0506 4476 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:42:29.0568 4476 fvevol - ok
12:42:29.0584 4476 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
12:42:29.0599 4476 gagp30kx - ok
12:42:29.0646 4476 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:42:29.0677 4476 GEARAspiWDM - ok
12:42:29.0740 4476 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
12:42:29.0833 4476 gpsvc - ok
12:42:29.0927 4476 [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
12:42:29.0943 4476 GREGService - ok
12:42:30.0067 4476 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:42:30.0083 4476 gupdate - ok
12:42:30.0114 4476 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:42:30.0130 4476 gupdatem - ok
12:42:30.0177 4476 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
12:42:30.0223 4476 gusvc - ok
12:42:30.0255 4476 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:42:30.0348 4476 hcw85cir - ok
12:42:30.0426 4476 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:42:30.0504 4476 HdAudAddService - ok
12:42:30.0535 4476 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
12:42:30.0582 4476 HDAudBus - ok
12:42:30.0629 4476 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
12:42:30.0660 4476 HECIx64 - ok
12:42:30.0691 4476 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
12:42:30.0723 4476 HidBatt - ok
12:42:30.0754 4476 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
12:42:30.0816 4476 HidBth - ok
12:42:30.0847 4476 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
12:42:30.0894 4476 HidIr - ok
12:42:30.0925 4476 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
12:42:31.0003 4476 hidserv - ok
12:42:31.0097 4476 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:42:31.0128 4476 HidUsb - ok
12:42:31.0191 4476 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:42:31.0284 4476 hkmsvc - ok
12:42:31.0331 4476 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:42:31.0378 4476 HomeGroupListener - ok
12:42:31.0440 4476 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:42:31.0471 4476 HomeGroupProvider - ok
12:42:31.0581 4476 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll
12:42:37.0415 4476 hpqcxs08 - ok
12:42:37.0493 4476 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll
12:42:37.0524 4476 hpqddsvc - ok
12:42:37.0571 4476 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:42:37.0602 4476 HpSAMD - ok
12:42:37.0696 4476 [ D4F91CF4DE215D6F14A06087D46725E4 ] HPSLPSVC C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC64.DLL
12:42:37.0789 4476 HPSLPSVC - ok
12:42:37.0867 4476 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:42:37.0992 4476 HTTP - ok
12:42:38.0039 4476 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:42:38.0070 4476 hwpolicy - ok
12:42:38.0117 4476 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
12:42:38.0164 4476 i8042prt - ok
12:42:38.0195 4476 [ 1384872112E8E7FD5786ECEB8BDDF4C9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
12:42:38.0226 4476 iaStor - ok
12:42:38.0304 4476 [ 6B24D1C3096DE796D15571079EA5E98C ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
12:42:38.0320 4476 IAStorDataMgrSvc - ok
12:42:38.0398 4476 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:42:38.0445 4476 iaStorV - ok
12:42:38.0585 4476 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:42:38.0601 4476 IDriverT ( UnsignedFile.Multi.Generic ) - warning
12:42:38.0601 4476 IDriverT - detected UnsignedFile.Multi.Generic (1)
12:42:38.0741 4476 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:42:38.0819 4476 idsvc - ok
12:42:38.0881 4476 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
12:42:38.0928 4476 iirsp - ok
12:42:38.0975 4476 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
12:42:39.0115 4476 IKEEXT - ok
12:42:39.0193 4476 [ 235362D403D9D677514649D88DB31914 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
12:42:39.0334 4476 IntcAzAudAddService - ok
12:42:39.0365 4476 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
12:42:39.0381 4476 intelide - ok
12:42:39.0412 4476 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:42:39.0459 4476 intelppm - ok
12:42:39.0505 4476 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:42:39.0583 4476 IPBusEnum - ok
12:42:39.0646 4476 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:42:39.0724 4476 IpFilterDriver - ok
12:42:39.0771 4476 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:42:39.0817 4476 iphlpsvc - ok
12:42:39.0880 4476 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:42:39.0942 4476 IPMIDRV - ok
12:42:39.0973 4476 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:42:40.0067 4476 IPNAT - ok
12:42:40.0176 4476 [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
12:42:40.0223 4476 iPod Service - ok
12:42:40.0239 4476 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:42:40.0285 4476 IRENUM - ok
12:42:40.0332 4476 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:42:40.0348 4476 isapnp - ok
12:42:40.0395 4476 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:42:40.0441 4476 iScsiPrt - ok
12:42:40.0488 4476 [ 37E053A2CF8F0082B689ED74106E0CEC ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
12:42:40.0551 4476 k57nd60a - ok
12:42:40.0613 4476 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
12:42:40.0644 4476 kbdclass - ok
12:42:40.0707 4476 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
12:42:40.0753 4476 kbdhid - ok
12:42:40.0785 4476 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
12:42:40.0800 4476 KeyIso - ok
12:42:40.0863 4476 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:42:40.0894 4476 KSecDD - ok
12:42:40.0909 4476 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:42:40.0925 4476 KSecPkg - ok
12:42:40.0972 4476 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
12:42:41.0065 4476 ksthunk - ok
12:42:41.0112 4476 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
12:42:41.0159 4476 KtmRm - ok
12:42:41.0253 4476 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
12:42:41.0331 4476 LanmanServer - ok
12:42:41.0409 4476 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:42:41.0471 4476 LanmanWorkstation - ok
12:42:41.0518 4476 [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
12:42:41.0549 4476 lirsgt - ok
12:42:41.0580 4476 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:42:41.0643 4476 lltdio - ok
12:42:41.0689 4476 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:42:41.0799 4476 lltdsvc - ok
12:42:41.0814 4476 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:42:41.0908 4476 lmhosts - ok
12:42:41.0986 4476 [ DBC1136A62BD4DECC3632DF650284C2E ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
12:42:42.0017 4476 LMS - ok
12:42:42.0064 4476 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
12:42:42.0079 4476 LSI_FC - ok
12:42:42.0095 4476 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
12:42:42.0111 4476 LSI_SAS - ok
12:42:42.0142 4476 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:42:42.0157 4476 LSI_SAS2 - ok
12:42:42.0189 4476 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:42:42.0204 4476 LSI_SCSI - ok
12:42:42.0235 4476 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
12:42:42.0313 4476 luafv - ok
12:42:42.0376 4476 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
12:42:42.0407 4476 MBAMProtector - ok
12:42:42.0516 4476 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:42:42.0547 4476 MBAMScheduler - ok
12:42:42.0610 4476 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
12:42:42.0657 4476 MBAMService - ok
12:42:42.0719 4476 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:42:42.0766 4476 Mcx2Svc - ok
12:42:42.0797 4476 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
12:42:42.0813 4476 megasas - ok
12:42:42.0828 4476 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
12:42:42.0859 4476 MegaSR - ok
12:42:42.0906 4476 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
12:42:42.0984 4476 MMCSS - ok
12:42:43.0015 4476 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
12:42:43.0093 4476 Modem - ok
12:42:43.0125 4476 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:42:43.0156 4476 monitor - ok
12:42:43.0203 4476 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
12:42:43.0218 4476 mouclass - ok
12:42:43.0249 4476 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:42:43.0296 4476 mouhid - ok
12:42:43.0343 4476 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:42:43.0390 4476 mountmgr - ok
12:42:43.0483 4476 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:42:43.0515 4476 MozillaMaintenance - ok
12:42:43.0530 4476 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
12:42:43.0561 4476 mpio - ok
12:42:43.0577 4476 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:42:43.0639 4476 mpsdrv - ok
12:42:43.0686 4476 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:42:43.0827 4476 MpsSvc - ok
12:42:43.0905 4476 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:42:43.0998 4476 MRxDAV - ok
12:42:44.0029 4476 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:42:44.0076 4476 mrxsmb - ok
12:42:44.0123 4476 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:42:44.0185 4476 mrxsmb10 - ok
12:42:44.0217 4476 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:42:44.0263 4476 mrxsmb20 - ok
12:42:44.0295 4476 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
12:42:44.0310 4476 msahci - ok
12:42:44.0373 4476 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:42:44.0404 4476 msdsm - ok
12:42:44.0435 4476 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
12:42:44.0466 4476 MSDTC - ok
12:42:44.0529 4476 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:42:44.0575 4476 Msfs - ok
12:42:44.0591 4476 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:42:44.0638 4476 mshidkmdf - ok
12:42:44.0700 4476 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:42:44.0731 4476 msisadrv - ok
12:42:44.0763 4476 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:42:44.0856 4476 MSiSCSI - ok
12:42:44.0872 4476 msiserver - ok
12:42:44.0903 4476 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:42:44.0997 4476 MSKSSRV - ok
12:42:45.0028 4476 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:42:45.0090 4476 MSPCLOCK - ok
12:42:45.0090 4476 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:42:45.0153 4476 MSPQM - ok
12:42:45.0199 4476 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:42:45.0215 4476 MsRPC - ok
12:42:45.0277 4476 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
12:42:45.0293 4476 mssmbios - ok
12:42:45.0309 4476 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:42:45.0371 4476 MSTEE - ok
12:42:45.0402 4476 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
12:42:45.0449 4476 MTConfig - ok
12:42:45.0480 4476 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
12:42:45.0511 4476 Mup - ok
12:42:45.0543 4476 [ 6FFECC25B39DC7652A0CEC0ADA9DB589 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
12:42:45.0558 4476 mwlPSDFilter - ok
12:42:45.0574 4476 [ 0BEFE32CA56D6EE89D58175725596A85 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
12:42:45.0589 4476 mwlPSDNServ - ok
12:42:45.0605 4476 [ D43BC633B8660463E446E28E14A51262 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
12:42:45.0621 4476 mwlPSDVDisk - ok
12:42:45.0683 4476 [ 3E5E20817259F7328C8F3BE5421F35B9 ] MWLService C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
12:42:45.0714 4476 MWLService - ok
12:42:45.0777 4476 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
12:42:45.0886 4476 napagent - ok
12:42:45.0933 4476 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:42:45.0995 4476 NativeWifiP - ok
12:42:46.0104 4476 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:42:46.0167 4476 NDIS - ok
12:42:46.0198 4476 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:42:46.0260 4476 NdisCap - ok
12:42:46.0291 4476 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:42:46.0385 4476 NdisTapi - ok
12:42:46.0463 4476 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:42:46.0541 4476 Ndisuio - ok
12:42:46.0619 4476 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:42:46.0744 4476 NdisWan - ok
12:42:46.0837 4476 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:42:46.0931 4476 NDProxy - ok
12:42:47.0040 4476 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
12:42:47.0071 4476 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
12:42:47.0071 4476 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
12:42:47.0118 4476 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:42:47.0212 4476 NetBIOS - ok
12:42:47.0259 4476 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:42:47.0368 4476 NetBT - ok
12:42:47.0399 4476 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
12:42:47.0399 4476 Netlogon - ok
12:42:47.0446 4476 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
12:42:47.0539 4476 Netman - ok
12:42:47.0571 4476 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:42:47.0602 4476 NetMsmqActivator - ok
12:42:47.0602 4476 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:42:47.0617 4476 NetPipeActivator - ok
12:42:47.0649 4476 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
12:42:47.0711 4476 netprofm - ok
12:42:47.0727 4476 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:42:47.0727 4476 NetTcpActivator - ok
12:42:47.0727 4476 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:42:47.0742 4476 NetTcpPortSharing - ok
12:42:47.0789 4476 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
12:42:47.0805 4476 nfrd960 - ok
12:42:47.0867 4476 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:42:47.0929 4476 NlaSvc - ok
12:42:48.0007 4476 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:42:48.0085 4476 Npfs - ok
12:42:48.0132 4476 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
12:42:48.0226 4476 nsi - ok
12:42:48.0257 4476 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:42:48.0319 4476 nsiproxy - ok
12:42:48.0413 4476 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:42:48.0522 4476 Ntfs - ok
12:42:48.0616 4476 [ 9A308FCDCCA98A15B6F62D36A272160E ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
12:42:48.0631 4476 NTI IScheduleSvc - ok
12:42:48.0678 4476 [ EE3BA1024594D5D09E314F206B94069E ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
12:42:48.0694 4476 NTIDrvr - ok
12:42:48.0772 4476 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
12:42:48.0850 4476 Null - ok
12:42:48.0897 4476 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:42:48.0928 4476 nvraid - ok
12:42:49.0006 4476 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:42:49.0037 4476 nvstor - ok
12:42:49.0131 4476 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:42:49.0162 4476 nv_agp - ok
12:42:49.0224 4476 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:42:49.0271 4476 ohci1394 - ok
12:42:49.0333 4476 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:42:49.0365 4476 ose - ok
12:42:49.0552 4476 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:42:49.0645 4476 osppsvc - ok
12:42:49.0692 4476 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:42:49.0755 4476 p2pimsvc - ok
12:42:49.0801 4476 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
12:42:49.0848 4476 p2psvc - ok
12:42:49.0879 4476 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:42:49.0926 4476 Parport - ok
12:42:49.0989 4476 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:42:50.0004 4476 partmgr - ok
12:42:50.0051 4476 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:42:50.0082 4476 PcaSvc - ok
12:42:50.0113 4476 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
12:42:50.0129 4476 pci - ok
12:42:50.0191 4476 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
12:42:50.0223 4476 pciide - ok
12:42:50.0254 4476 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
12:42:50.0301 4476 pcmcia - ok
12:42:50.0316 4476 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
12:42:50.0332 4476 pcw - ok
12:42:50.0363 4476 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:42:50.0472 4476 PEAUTH - ok
12:42:50.0581 4476 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
12:42:50.0644 4476 PerfHost - ok
12:42:50.0722 4476 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
12:42:50.0862 4476 pla - ok
12:42:50.0940 4476 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:42:51.0018 4476 PlugPlay - ok
12:42:51.0159 4476 [ 63694C307273062A2167AE4CE80730EF ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
12:42:51.0190 4476 PMBDeviceInfoProvider - ok
12:42:51.0268 4476 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
12:42:51.0283 4476 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
12:42:51.0283 4476 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
12:42:51.0315 4476 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:42:51.0330 4476 PNRPAutoReg - ok
12:42:51.0346 4476 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:42:51.0361 4476 PNRPsvc - ok
12:42:51.0424 4476 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:42:51.0486 4476 PolicyAgent - ok
12:42:51.0517 4476 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
12:42:51.0564 4476 Power - ok
12:42:51.0627 4476 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:42:51.0736 4476 PptpMiniport - ok
12:42:51.0783 4476 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
12:42:51.0814 4476 Processor - ok
12:42:51.0907 4476 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
12:42:51.0970 4476 ProfSvc - ok
12:42:51.0985 4476 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:42:52.0017 4476 ProtectedStorage - ok
12:42:52.0095 4476 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:42:52.0173 4476 Psched - ok
12:42:52.0251 4476 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
12:42:52.0282 4476 PxHlpa64 - ok
12:42:52.0329 4476 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
12:42:52.0407 4476 ql2300 - ok
12:42:52.0422 4476 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
12:42:52.0453 4476 ql40xx - ok
12:42:52.0485 4476 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
12:42:52.0516 4476 QWAVE - ok
12:42:52.0531 4476 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:42:52.0578 4476 QWAVEdrv - ok
12:42:52.0609 4476 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:42:52.0641 4476 RasAcd - ok
12:42:52.0687 4476 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:42:52.0781 4476 RasAgileVpn - ok
12:42:52.0812 4476 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
12:42:52.0859 4476 RasAuto - ok
12:42:52.0906 4476 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:42:52.0984 4476 Rasl2tp - ok
12:42:53.0015 4476 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
12:42:53.0093 4476 RasMan - ok
12:42:53.0124 4476 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:42:53.0171 4476 RasPppoe - ok
12:42:53.0187 4476 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:42:53.0249 4476 RasSstp - ok
12:42:53.0296 4476 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:42:53.0374 4476 rdbss - ok
12:42:53.0389 4476 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
12:42:53.0405 4476 rdpbus - ok
12:42:53.0436 4476 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:42:53.0499 4476 RDPCDD - ok
12:42:53.0545 4476 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:42:53.0623 4476 RDPENCDD - ok
12:42:53.0655 4476 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:42:53.0701 4476 RDPREFMP - ok
12:42:53.0764 4476 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:42:53.0842 4476 RDPWD - ok
12:42:53.0904 4476 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:42:53.0951 4476 rdyboost - ok
12:42:53.0982 4476 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:42:54.0060 4476 RemoteAccess - ok
12:42:54.0107 4476 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:42:54.0216 4476 RemoteRegistry - ok
12:42:54.0247 4476 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:42:54.0310 4476 RpcEptMapper - ok
12:42:54.0357 4476 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
12:42:54.0372 4476 RpcLocator - ok
12:42:54.0435 4476 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
12:42:54.0497 4476 RpcSs - ok
12:42:54.0544 4476 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:42:54.0637 4476 rspndr - ok
12:42:54.0700 4476 [ 763AE0C6D9DF4C24B7E2C26036A8188A ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
12:42:54.0731 4476 RSUSBSTOR - ok
12:42:54.0793 4476 [ D6D381B76056C668679723938F06F16C ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
12:42:54.0825 4476 RTHDMIAzAudService - ok
12:42:54.0840 4476 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
12:42:54.0856 4476 SamSs - ok
12:42:54.0934 4476 [ 5EFBBFCC6ADAC121C8E2FE76641ED329 ] SANDRA C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011c\WNt500x64\Sandra.sys
12:42:54.0965 4476 SANDRA - ok
12:42:54.0981 4476 [ 0595DD5F0E5453C9258665B9DCB992A3 ] SandraAgentSrv C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011c\RpcAgentSrv.exe
12:42:55.0043 4476 SandraAgentSrv ( UnsignedFile.Multi.Generic ) - warning
12:42:55.0043 4476 SandraAgentSrv - detected UnsignedFile.Multi.Generic (1)
12:42:55.0090 4476 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:42:55.0105 4476 sbp2port - ok
12:42:55.0137 4476 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:42:55.0183 4476 SCardSvr - ok
12:42:55.0246 4476 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:42:55.0324 4476 scfilter - ok
12:42:55.0386 4476 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
12:42:55.0464 4476 Schedule - ok
12:42:55.0511 4476 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
12:42:55.0558 4476 SCPolicySvc - ok
12:42:55.0605 4476 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:42:55.0652 4476 SDRSVC - ok
12:42:55.0808 4476 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
12:42:55.0840 4476 SDScannerService - ok
12:42:55.0933 4476 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
12:42:55.0964 4476 SDUpdateService - ok
12:42:56.0011 4476 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
12:42:56.0027 4476 SDWSCService - ok
12:42:56.0058 4476 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:42:56.0136 4476 secdrv - ok
12:42:56.0183 4476 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
12:42:56.0276 4476 seclogon - ok
12:42:56.0323 4476 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
12:42:56.0386 4476 SENS - ok
12:42:56.0401 4476 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:42:56.0432 4476 SensrSvc - ok
12:42:56.0464 4476 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:42:56.0495 4476 Serenum - ok
12:42:56.0526 4476 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:42:56.0557 4476 Serial - ok
12:42:56.0604 4476 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
12:42:56.0651 4476 sermouse - ok
12:42:56.0699 4476 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
12:42:56.0792 4476 SessionEnv - ok
12:42:56.0839 4476 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:42:56.0901 4476 sffdisk - ok
12:42:56.0933 4476 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:42:56.0964 4476 sffp_mmc - ok
12:42:56.0995 4476 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:42:57.0042 4476 sffp_sd - ok
12:42:57.0089 4476 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
12:42:57.0135 4476 sfloppy - ok
12:42:57.0213 4476 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:42:57.0323 4476 SharedAccess - ok
12:42:57.0369 4476 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:42:57.0432 4476 ShellHWDetection - ok
12:42:57.0479 4476 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:42:57.0494 4476 SiSRaid2 - ok
12:42:57.0525 4476 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
12:42:57.0541 4476 SiSRaid4 - ok
12:42:57.0603 4476 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
12:42:57.0697 4476 SkypeUpdate - ok
12:42:57.0713 4476 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:42:57.0791 4476 Smb - ok
12:42:57.0853 4476 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:42:57.0900 4476 SNMPTRAP - ok
12:42:57.0947 4476 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
12:42:57.0962 4476 spldr - ok
12:42:58.0025 4476 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
12:42:58.0103 4476 Spooler - ok
12:42:58.0243 4476 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
12:42:58.0368 4476 sppsvc - ok
12:42:58.0399 4476 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:42:58.0477 4476 sppuinotify - ok
12:42:58.0586 4476 [ 9AB59CF736981ED1F83C6AB5FAA8BA5C ] sptd C:\Windows\system32\Drivers\sptd.sys
12:42:58.0633 4476 sptd - ok
12:42:58.0695 4476 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
12:42:58.0773 4476 srv - ok
12:42:58.0820 4476 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:42:58.0883 4476 srv2 - ok
12:42:58.0914 4476 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:42:58.0945 4476 srvnet - ok
12:42:58.0976 4476 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:42:59.0054 4476 SSDPSRV - ok
12:42:59.0085 4476 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:42:59.0179 4476 SstpSvc - ok
12:42:59.0241 4476 Steam Client Service - ok
12:42:59.0288 4476 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
12:42:59.0319 4476 stexstor - ok
12:42:59.0382 4476 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
12:42:59.0429 4476 StillCam - ok
12:42:59.0491 4476 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
12:42:59.0538 4476 stisvc - ok
12:42:59.0600 4476 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
12:42:59.0631 4476 swenum - ok
12:42:59.0678 4476 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
12:42:59.0756 4476 swprv - ok
12:42:59.0819 4476 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
12:42:59.0912 4476 SysMain - ok
12:42:59.0959 4476 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:43:00.0006 4476 TabletInputService - ok
12:43:00.0068 4476 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
12:43:00.0209 4476 TapiSrv - ok
12:43:00.0271 4476 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
12:43:00.0333 4476 TBS - ok
12:43:00.0443 4476 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:43:00.0552 4476 Tcpip - ok
12:43:00.0630 4476 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:43:00.0692 4476 TCPIP6 - ok
12:43:00.0739 4476 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:43:00.0801 4476 tcpipreg - ok
12:43:00.0833 4476 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:43:00.0864 4476 TDPIPE - ok
12:43:00.0926 4476 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:43:00.0973 4476 TDTCP - ok
12:43:01.0051 4476 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:43:01.0145 4476 tdx - ok
12:43:01.0191 4476 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
12:43:01.0223 4476 TermDD - ok
12:43:01.0285 4476 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
12:43:01.0394 4476 TermService - ok
12:43:01.0425 4476 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
12:43:01.0441 4476 Themes - ok
12:43:01.0472 4476 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
12:43:01.0519 4476 THREADORDER - ok
12:43:01.0535 4476 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
12:43:01.0597 4476 TrkWks - ok
12:43:01.0706 4476 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:43:01.0769 4476 TrustedInstaller - ok
12:43:01.0815 4476 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:43:01.0878 4476 tssecsrv - ok
12:43:01.0956 4476 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:43:02.0034 4476 TsUsbFlt - ok
12:43:02.0112 4476 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:43:02.0190 4476 tunnel - ok
12:43:02.0221 4476 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
12:43:02.0252 4476 uagp35 - ok
12:43:02.0283 4476 [ A17D5E1A6DF4EAB0A480F2C490DE4C9D ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
12:43:02.0299 4476 UBHelper - ok
12:43:02.0346 4476 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:43:02.0455 4476 udfs - ok
12:43:02.0502 4476 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:43:02.0549 4476 UI0Detect - ok
12:43:02.0595 4476 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:43:02.0627 4476 uliagpkx - ok
12:43:02.0689 4476 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
12:43:02.0736 4476 umbus - ok
12:43:02.0783 4476 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
12:43:02.0845 4476 UmPass - ok
12:43:02.0970 4476 [ 7466809E6DA561D60C2F1CE8EDE3C73F ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
12:43:03.0017 4476 UNS - ok
12:43:03.0079 4476 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
12:43:03.0095 4476 Updater Service - ok
12:43:03.0126 4476 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
12:43:03.0204 4476 upnphost - ok
12:43:03.0282 4476 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
12:43:03.0329 4476 USBAAPL64 - ok
12:43:03.0391 4476 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
12:43:03.0438 4476 usbaudio - ok
12:43:03.0500 4476 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:43:03.0516 4476 usbccgp - ok
12:43:03.0594 4476 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:43:03.0656 4476 usbcir - ok
12:43:03.0687 4476 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
12:43:03.0734 4476 usbehci - ok
12:43:03.0765 4476 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:43:03.0828 4476 usbhub - ok
12:43:03.0875 4476 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:43:03.0937 4476 usbohci - ok
12:43:03.0999 4476 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:43:04.0062 4476 usbprint - ok
12:43:04.0093 4476 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
12:43:04.0155 4476 usbscan - ok
12:43:04.0202 4476 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:43:04.0280 4476 USBSTOR - ok
12:43:04.0327 4476 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
12:43:04.0358 4476 usbuhci - ok
12:43:04.0421 4476 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
12:43:04.0483 4476 usbvideo - ok
12:43:04.0514 4476 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
12:43:04.0577 4476 UxSms - ok
12:43:04.0592 4476 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
12:43:04.0608 4476 VaultSvc - ok
12:43:04.0686 4476 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:43:04.0717 4476 vdrvroot - ok
12:43:04.0779 4476 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
12:43:04.0873 4476 vds - ok
12:43:04.0920 4476 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:43:04.0935 4476 vga - ok
12:43:04.0951 4476 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
12:43:04.0998 4476 VgaSave - ok
12:43:05.0060 4476 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:43:05.0107 4476 vhdmp - ok
12:43:05.0169 4476 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
12:43:05.0185 4476 viaide - ok
12:43:05.0247 4476 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:43:05.0263 4476 volmgr - ok
12:43:05.0325 4476 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:43:05.0372 4476 volmgrx - ok
12:43:05.0388 4476 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:43:05.0419 4476 volsnap - ok
12:43:05.0466 4476 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
12:43:05.0481 4476 vsmraid - ok
12:43:05.0559 4476 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
12:43:05.0653 4476 VSS - ok
12:43:05.0684 4476 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
12:43:05.0747 4476 vwifibus - ok
12:43:05.0778 4476 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
12:43:05.0809 4476 vwififlt - ok
12:43:05.0856 4476 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
12:43:05.0903 4476 vwifimp - ok
12:43:05.0934 4476 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
12:43:05.0996 4476 W32Time - ok
12:43:06.0027 4476 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
12:43:06.0059 4476 WacomPen - ok
12:43:06.0137 4476 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:43:06.0230 4476 WANARP - ok
12:43:06.0246 4476 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:43:06.0293 4476 Wanarpv6 - ok
12:43:06.0371 4476 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
12:43:06.0527 4476 wbengine - ok
12:43:06.0558 4476 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:43:06.0605 4476 WbioSrvc - ok
12:43:06.0667 4476 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:43:06.0729 4476 wcncsvc - ok
12:43:06.0761 4476 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:43:06.0823 4476 WcsPlugInService - ok
12:43:06.0854 4476 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
12:43:06.0870 4476 Wd - ok
12:43:06.0948 4476 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:43:06.0995 4476 Wdf01000 - ok
12:43:07.0026 4476 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:43:07.0119 4476 WdiServiceHost - ok
12:43:07.0119 4476 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:43:07.0151 4476 WdiSystemHost - ok
12:43:07.0197 4476 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
12:43:07.0275 4476 WebClient - ok
12:43:07.0307 4476 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:43:07.0385 4476 Wecsvc - ok
12:43:07.0416 4476 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:43:07.0494 4476 wercplsupport - ok
12:43:07.0525 4476 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
12:43:07.0603 4476 WerSvc - ok
12:43:07.0650 4476 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:43:07.0681 4476 WfpLwf - ok
12:43:07.0697 4476 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:43:07.0712 4476 WIMMount - ok
12:43:07.0743 4476 WinDefend - ok
12:43:07.0759 4476 WinHttpAutoProxySvc - ok
12:43:07.0821 4476 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:43:07.0931 4476 Winmgmt - ok
12:43:08.0024 4476 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
12:43:08.0180 4476 WinRM - ok
12:43:08.0289 4476 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
12:43:08.0352 4476 WinUsb - ok
12:43:08.0399 4476 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
12:43:08.0430 4476 Wlansvc - ok
12:43:08.0617 4476 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:43:08.0664 4476 wlidsvc - ok
12:43:08.0726 4476 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:43:08.0757 4476 WmiAcpi - ok
12:43:08.0789 4476 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:43:08.0851 4476 wmiApSrv - ok
12:43:08.0898 4476 WMPNetworkSvc - ok
12:43:08.0929 4476 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:43:08.0960 4476 WPCSvc - ok
12:43:09.0007 4476 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:43:09.0038 4476 WPDBusEnum - ok
12:43:09.0069 4476 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:43:09.0116 4476 ws2ifsl - ok
12:43:09.0147 4476 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
12:43:09.0163 4476 wscsvc - ok
12:43:09.0163 4476 WSearch - ok
12:43:09.0257 4476 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
12:43:09.0366 4476 wuauserv - ok
12:43:09.0428 4476 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:43:09.0506 4476 WudfPf - ok
12:43:09.0522 4476 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:43:09.0584 4476 WUDFRd - ok
12:43:09.0631 4476 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:43:09.0678 4476 wudfsvc - ok
12:43:09.0725 4476 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
12:43:09.0803 4476 WwanSvc - ok
12:43:09.0834 4476 ================ Scan global ===============================
12:43:09.0865 4476 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:43:09.0912 4476 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
12:43:09.0959 4476 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
12:43:09.0974 4476 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:43:10.0005 4476 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:43:10.0005 4476 [Global] - ok
12:43:10.0005 4476 ================ Scan MBR ==================================
12:43:10.0021 4476 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:43:10.0489 4476 \Device\Harddisk0\DR0 - ok
12:43:10.0489 4476 ================ Scan VBR ==================================
12:43:10.0489 4476 [ 120B6DB1BD966B52A21DD2B55D7FF2E3 ] \Device\Harddisk0\DR0\Partition1
12:43:10.0489 4476 \Device\Harddisk0\DR0\Partition1 - ok
12:43:10.0520 4476 [ 4457D88FF58A4EBC1635A985FC7A98E0 ] \Device\Harddisk0\DR0\Partition2
12:43:10.0536 4476 \Device\Harddisk0\DR0\Partition2 - ok
12:43:10.0536 4476 ============================================================
12:43:10.0536 4476 Scan finished
12:43:10.0536 4476 ============================================================
12:43:10.0551 5548 Detected object count: 5
12:43:10.0551 5548 Actual detected object count: 5
12:44:00.0690 5548 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:44:00.0690 5548 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:44:00.0706 5548 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
12:44:00.0706 5548 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:44:00.0706 5548 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
12:44:00.0706 5548 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:44:00.0706 5548 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
12:44:00.0706 5548 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:44:00.0706 5548 SandraAgentSrv ( UnsignedFile.Multi.Generic ) - skipped by user
12:44:00.0706 5548 SandraAgentSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
14.05.2013, 12:00
| #4 |
| /// Malwareteam / Visitor | Inkasso Mail mit Zip-Anhang geöffnet, Trojaner Fund mit Malware Bytes Es sieht Meiner Meinung nach schon ziemlich sauber aus 
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
|
|
14.05.2013, 15:14
| #5 |
| | Inkasso Mail mit Zip-Anhang geöffnet, Trojaner Fund mit Malware Bytes Oh, das klingt ja schon mal nicht schlecht. Hier der ZoekLog: Code:
ATTFilter Zoek.exe Version 4.0.0.2 Updated 12-May-2013
Tool run by Administrator on 14.05.2013 at 16:07:42,89.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
==== Older Logs ======================
C:\zoek-results14.05.2013-1606.log 35080 bytes
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DATAMNGR"=-
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.300 - Datei am 14/05/2013 um 16:18:37 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Administrator - HAINSI
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Claudi\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Users\Sasha\AppData\LocalLow\Searchqutoolbar
Ordner Gelöscht : C:\Users\Sasha\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Sasha\AppData\Roaming\pdfforge
***** [Registrierungsdatenbank] *****
Daten Gelöscht : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll
Daten Gelöscht : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\WIA6EB~1\Datamngr\x64\IEBHO.dll
Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\WIA6EB~1\Datamngr\datamngr.dll
Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\WIA6EB~1\Datamngr\IEBHO.dll
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BrowserConnection.Loader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BrowserConnection.Loader.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DnsBHO.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gelöscht : HKLM\Software\SearchquMediabarTb
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16537
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v20.0.1 (de)
Datei : C:\Users\Sasha\AppData\Roaming\Mozilla\Firefox\Profiles\bbpp8szj.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\Sasha\AppData\Roaming\Mozilla\Firefox\Profiles\s90i49i6.Asus-Stuff\prefs.js
Gelöscht : user_pref("icqtoolbar.allowSendURL", false);
Gelöscht : user_pref("icqtoolbar.engineVerified", true);
Gelöscht : user_pref("icqtoolbar.hiddenElements", "itb_options");
Gelöscht : user_pref("icqtoolbar.history", "studivz.de||volksbank%20riesa||Avatar%20DVD||Satie%20Klingelton||Vo[...]
Gelöscht : user_pref("icqtoolbar.numberOfSearches", 0);
Gelöscht : user_pref("icqtoolbar.previousFFVersion", "3.6.3");
Gelöscht : user_pref("icqtoolbar.skip_default_search", "no");
Gelöscht : user_pref("icqtoolbar.suggestions", false);
Gelöscht : user_pref("icqtoolbar.uninstStatSent", true);
Gelöscht : user_pref("icqtoolbar.uniqueID", "123530524412353052441235314986329");
Gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1270753163);
Gelöscht : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Gelöscht : user_pref("icqtoolbar.xmlLanguage", "de");
Datei : C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\4f5d6fi7.Alte Lesezeichen\prefs.js
Gelöscht : user_pref("icqtoolbar.allowSendURL", false);
Gelöscht : user_pref("icqtoolbar.engineVerified", true);
Gelöscht : user_pref("icqtoolbar.hiddenElements", "itb_options");
Gelöscht : user_pref("icqtoolbar.history", "studivz.de||volksbank%20riesa||Avatar%20DVD||Satie%20Klingelton||Vo[...]
Gelöscht : user_pref("icqtoolbar.numberOfSearches", 0);
Gelöscht : user_pref("icqtoolbar.previousFFVersion", "3.6.3");
Gelöscht : user_pref("icqtoolbar.skip_default_search", "no");
Gelöscht : user_pref("icqtoolbar.suggestions", false);
Gelöscht : user_pref("icqtoolbar.uninstStatSent", true);
Gelöscht : user_pref("icqtoolbar.uniqueID", "123530524412353052441235314986329");
Gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1270753163);
Gelöscht : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Gelöscht : user_pref("icqtoolbar.xmlLanguage", "de");
Datei : C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\sde4qaok.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zmz3mvt4.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [7466 octets] - [14/05/2013 16:18:37]
########## EOF - \AdwCleaner[S1].txt - [7526 octets] ##########
|
|
14.05.2013, 18:06
| #6 |
| /// Malwareteam / Visitor | Inkasso Mail mit Zip-Anhang geöffnet, Trojaner Fund mit Malware Bytes Mach noch diese Check: Downloade Dir bitte  SecurityCheck und:
|
|
14.05.2013, 19:17
| #7 |
| | Inkasso Mail mit Zip-Anhang geöffnet, Trojaner Fund mit Malware Bytes Security Check Log: Code:
ATTFilter Results of screen317's Security Check version 0.99.63 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Malwarebytes Anti-Malware Version 1.75.0.1300 Java(TM) 6 Update 29 Java 7 Update 13 Java version out of Date! Adobe Flash Player 11.6.602.180 Adobe Reader XI Mozilla Firefox (20.0.1) Mozilla Thunderbird (17.0.5) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Spybot Teatimer.exe is disabled! Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
15.05.2013, 08:24
| #8 |
| /// Malwareteam / Visitor | Inkasso Mail mit Zip-Anhang geöffnet, Trojaner Fund mit Malware Bytes Mach diese Check: https://www.mozilla.org/de/plugincheck/ Veraltete Plugins aktualisieren lassen. Wenn es keine Probleme mehr gibt denke ich, wir waren fertig |
|
15.05.2013, 08:52
| #9 |
| | Inkasso Mail mit Zip-Anhang geöffnet, Trojaner Fund mit Malware Bytes Gut, ich habe alles was ausstand aktualisiert, den Rechner nochmal neu hochgefahren und es gibt nichts auffälliges. Super, vielen lieben Dank für die schnelle Hilfe, ich bin begeistert!!! Was mache ich mit den ganzen installierten Programmen? Kann ich die alle deinstallieren? Oder ist es empfehlenswert zumindest Malwarebytes drauf zu lassen?? Lieben Gruß Malwarto Jetzt ist der Firefox doch wieder abgestürzt (2x). Ich weiß nicht, kann das damit noch zusammen hängen, da ich das vorher nie hatte? Diese Meldung erscheint, wenn ich den Browser meist schon eine Weile geöffnet habe. "Modzilla Absturz Melder Ein Problem ist aufgetreten und Firefox ist abgestürzt. Es wird versucht, Ihre Tabs und Fenster bei einem Neustart wiederherzustellen. Um uns zu helfen, dieses Problem zu erkennen und zu reparieren, können Sie uns eine Absturz-Meldung schicken...´" Kann ich noch irgendetwas tun, um das Problem zu beheben? Jetzt hab ich nochwas. Beim Hochfahren gerade hat sich Malwarebytes gemeldet und wieder etwas gefunden: Spyware.Fareit und in Quarantäne verschoben. Code:
ATTFilter 2013/05/15 08:56:52 +0200 HAINSI (null) MESSAGE Executing scheduled update: Daily
2013/05/15 08:56:54 +0200 HAINSI (null) MESSAGE Starting protection
2013/05/15 08:56:54 +0200 HAINSI (null) MESSAGE Protection started successfully
2013/05/15 08:56:54 +0200 HAINSI (null) MESSAGE Starting IP protection
2013/05/15 08:56:58 +0200 HAINSI (null) MESSAGE IP Protection started successfully
2013/05/15 08:57:06 +0200 HAINSI (null) MESSAGE Starting database refresh
2013/05/15 08:57:06 +0200 HAINSI (null) MESSAGE Scheduled update executed successfully: database updated from version v2013.05.14.01 to version v2013.05.15.05
2013/05/15 08:57:06 +0200 HAINSI (null) MESSAGE Stopping IP protection
2013/05/15 08:57:06 +0200 HAINSI (null) MESSAGE IP Protection stopped successfully
2013/05/15 08:57:08 +0200 HAINSI (null) MESSAGE Database refreshed successfully
2013/05/15 08:57:08 +0200 HAINSI (null) MESSAGE Starting IP protection
2013/05/15 08:57:12 +0200 HAINSI (null) MESSAGE IP Protection started successfully
2013/05/15 09:44:12 +0200 HAINSI Claudi MESSAGE Starting protection
2013/05/15 09:44:13 +0200 HAINSI Claudi MESSAGE Protection started successfully
2013/05/15 09:44:13 +0200 HAINSI Claudi MESSAGE Starting IP protection
2013/05/15 09:44:17 +0200 HAINSI Claudi MESSAGE IP Protection started successfully
2013/05/15 15:04:19 +0200 HAINSI (null) MESSAGE Starting protection
2013/05/15 15:04:19 +0200 HAINSI (null) MESSAGE Protection started successfully
2013/05/15 15:04:19 +0200 HAINSI (null) MESSAGE Starting IP protection
2013/05/15 15:04:23 +0200 HAINSI (null) MESSAGE IP Protection started successfully
2013/05/15 15:08:21 +0200 HAINSI Claudi DETECTION C:\Users\Claudi\AppData\Local\Temp\mixerje.exe Spyware.Fareit QUARANTINE
Danke, ich hoffe es ist ok, dass ich die Sachen hier noch mit anbringe. |
|
15.05.2013, 22:10
| #10 |
| /// Malwareteam / Visitor | Inkasso Mail mit Zip-Anhang geöffnet, Trojaner Fund mit Malware Bytes Kannst Du mich auch der Log von Malwarebytes posten, diese ist der Protection Log  |
|
16.05.2013, 08:51
| #11 |
| | Inkasso Mail mit Zip-Anhang geöffnet, Trojaner Fund mit Malware Bytes Malwarebytes hatte ja gestern von selbst den Fund angezeigt ohne das ich einen Suchlauf gemacht habe und in Quarantäne verschoben, da gibt es ja sicher keinen Log dazu, oder? Habe gerade nochmal einen Suchlauf gestartet, wo nichts mehr gefunden wurde. Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.16.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16576 Claudi :: HAINSI [limitiert] Schutz: Aktiviert 16.05.2013 09:38:29 mbam-log-2013-05-16 (09-38-29).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 203425 Laufzeit: 8 Minute(n), 45 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Soll ich ihn löschen?? |
|
16.05.2013, 08:57
| #12 | |
| /// Malwareteam / Visitor | Inkasso Mail mit Zip-Anhang geöffnet, Trojaner Fund mit Malware BytesZitat:
Mach folgendes noch: Bitte lade die zoek.exe von hier: http://hijackthis.nl/smeenk/
|
|
16.05.2013, 09:13
| #13 |
| | Inkasso Mail mit Zip-Anhang geöffnet, Trojaner Fund mit Malware Bytes Also löschen lässt sich das Ding nicht... Hier der Log von Zoek: Code:
ATTFilter
Zoek.exe Version 4.0.0.2 Updated 15-May-2013
Tool run by Administrator on 16.05.2013 at 10:02:41,09.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
==== Older Logs ======================
C:\zoek-results14.05.2013-1606.log 35080 bytes
C:\zoek-results14.05.2013-1610.log 485 bytes
==== Files Recently Created / Modified ======================
====== C:\Windows ====
2013-04-26 10:00:18 079AA86246996F5192821A6FFD2ADC61 303171855 ----a-w- C:\Windows\MEMORY.DMP
====== C:\Users\ADMINI~1\AppData\Local\Temp ====
====== C:\Windows\SysWOW64 =====
2013-05-15 09:29:33 49834B94A8E8383B700EDDEF46C2AE6A 2706432 ----a-w- C:\Windows\SysWOW64\mshtml.tlb
2013-05-15 09:29:33 28AEB03752D716BF149DBC93A9ACC17E 391168 ----a-w- C:\Windows\SysWOW64\ieui.dll
2013-05-15 09:29:32 DFDBC397D0DDBD1AFA3CB400D4C003A9 61440 ----a-w- C:\Windows\SysWOW64\iesetup.dll
2013-05-15 09:29:31 F59A16A9418044C1D505C53DA370B099 2046976 ----a-w- C:\Windows\SysWOW64\iertutil.dll
2013-05-15 09:29:31 5915AA67DECA289F7B4AFB686CDB09E9 71680 ----a-w- C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-05-15 09:29:31 52AA8A8DA4175580F365D275EB53DBE3 493056 ----a-w- C:\Windows\SysWOW64\msfeeds.dll
2013-05-15 09:29:31 3CC9825BFFE7B7429C8B79B0395ACDA8 33280 ----a-w- C:\Windows\SysWOW64\iernonce.dll
2013-05-15 09:29:31 366D8EA2ADCBA228C9487BC6D2427DDC 109056 ----a-w- C:\Windows\SysWOW64\iesysprep.dll
2013-05-15 09:29:30 65C95886E1B17001ADDF163AC18C5525 1130496 ----a-w- C:\Windows\SysWOW64\urlmon.dll
2013-05-15 09:29:29 0142341520F0A0F2B0E312335B96705B 690688 ----a-w- C:\Windows\SysWOW64\jscript.dll
2013-05-15 09:29:28 C9A062F32FF600C96795B43CD9A53151 2877440 ----a-w- C:\Windows\SysWOW64\jscript9.dll
2013-05-15 09:29:28 03180AFD271BFD88813F428421BC4A1A 39424 ----a-w- C:\Windows\SysWOW64\jsproxy.dll
2013-05-15 09:29:27 5ABB3F36AF17007F33FA275E96A2C95E 1767424 ----a-w- C:\Windows\SysWOW64\wininet.dll
2013-05-15 09:29:25 7A468BC721C1D34E60389D3F2F87BBEA 14323712 ----a-w- C:\Windows\SysWOW64\mshtml.dll
2013-05-15 09:29:22 D5E5A86F49ACC11768D8339094C3AFD8 13760512 ----a-w- C:\Windows\SysWOW64\ieframe.dll
2013-05-15 07:40:10 8255AD29A44B2E14B2DD99319F92A0AB 95648 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-05-15 07:10:45 565D78187494FB5F08B5A52DEB2AEA7A 12872704 ----a-w- C:\Windows\SysWOW64\shell32.dll
2013-05-15 07:10:44 E904178851A6A44BFA97E064EF779E9D 1796096 ----a-w- C:\Windows\SysWOW64\authui.dll
2013-05-15 07:10:44 1F05F5A16881CD928C82D53CEFCF4477 180224 ----a-w- C:\Windows\SysWOW64\shdocvw.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2013-05-15 09:29:34 9B2BB51ED6D28860A48CFF46FD6D3DC1 2706432 ----a-w- C:\Windows\Sysnative\mshtml.tlb
2013-05-15 09:29:33 FE6CB2001A8C2A85B617CD3FC85D8242 526336 ----a-w- C:\Windows\Sysnative\ieui.dll
2013-05-15 09:29:32 97588F2871E1FE8E3EB57B17B98DF03B 67072 ----a-w- C:\Windows\Sysnative\iesetup.dll
2013-05-15 09:29:32 42758AF68D3C4912C8D8A18088AD2555 51712 ----a-w- C:\Windows\Sysnative\ie4uinit.exe
2013-05-15 09:29:31 EC6E8273B6CB79CA5B7B00CA82D1FCEE 136704 ----a-w- C:\Windows\Sysnative\iesysprep.dll
2013-05-15 09:29:31 A197763AA7487807279AB61CD6835CEF 89600 ----a-w- C:\Windows\Sysnative\RegisterIEPKEYs.exe
2013-05-15 09:29:31 9D6B9124B582F0FBF275B434CE5A672C 2647552 ----a-w- C:\Windows\Sysnative\iertutil.dll
2013-05-15 09:29:31 7DAA72F6C30D81EE31EC2BDC90054326 603136 ----a-w- C:\Windows\Sysnative\msfeeds.dll
2013-05-15 09:29:31 168602AB16D30D5D6E091CA609FC7E75 39936 ----a-w- C:\Windows\Sysnative\iernonce.dll
2013-05-15 09:29:30 E34F0440799F9A0F9DC4265F4ADA75C1 1365504 ----a-w- C:\Windows\Sysnative\urlmon.dll
2013-05-15 09:29:29 772EC073332D1BA2DBEC32C6D063811A 855552 ----a-w- C:\Windows\Sysnative\jscript.dll
2013-05-15 09:29:29 2C96C695B6015042AC867EA419A45C20 3958784 ----a-w- C:\Windows\Sysnative\jscript9.dll
2013-05-15 09:29:28 254502230F2259D255D4149C235173B1 53248 ----a-w- C:\Windows\Sysnative\jsproxy.dll
2013-05-15 09:29:27 27A9000C534AA9BADC9EE74940F50C6D 2242048 ----a-w- C:\Windows\Sysnative\wininet.dll
2013-05-15 09:29:24 C56EF4C50A1FEED0CC9B7AE068CBBBBB 19231232 ----a-w- C:\Windows\Sysnative\mshtml.dll
2013-05-15 09:29:23 7F4F74880E0B586EB7A9E225C34B1296 15404032 ----a-w- C:\Windows\Sysnative\ieframe.dll
2013-05-15 07:11:07 943F527DF79E6B400104341AA7023C75 144384 ----a-w- C:\Windows\Sysnative\cdd.dll
2013-05-15 07:10:48 1BFC94665BCA35F9001ADC7BFB167C63 14172672 ----a-w- C:\Windows\Sysnative\shell32.dll
2013-05-15 07:10:46 3EF480BFED1B5947A32585E30A58D4ED 1930752 ----a-w- C:\Windows\Sysnative\authui.dll
2013-05-15 07:10:45 22A0AE97360C1B146FDD9AA55AC0E989 197120 ----a-w- C:\Windows\Sysnative\shdocvw.dll
2013-05-15 07:10:44 E948D1D42DC68923ABD75EEB5BCCD1D3 111448 ----a-w- C:\Windows\Sysnative\consent.exe
2013-05-15 07:10:44 9D2A2369AB4B08A4905FE72DB104498F 70144 ----a-w- C:\Windows\Sysnative\appinfo.dll
2013-05-15 07:10:36 FE90B750AB808FB9DD8FBB428B5FF83B 230400 ----a-w- C:\Windows\Sysnative\wwansvc.dll
2013-05-15 07:10:36 A11523523B31086DD760C0189C763359 3153920 ----a-w- C:\Windows\Sysnative\win32k.sys
2013-05-15 07:10:36 30B1489F2DCD8DC1AB6BB60CA6093615 48640 ----a-w- C:\Windows\Sysnative\wwanprotdim.dll
====== C:\Windows\Sysnative\drivers =====
2013-05-15 07:11:08 AF2E16242AA723F68F461B6EAE2EAD3D 983400 ----a-w- C:\Windows\Sysnative\drivers\dxgkrnl.sys
2013-05-15 07:11:07 1F04CFB79DD5FB7694468CE3FB3DCC31 265064 ----a-w- C:\Windows\Sysnative\drivers\dxgmms1.sys
2013-05-14 06:52:45 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
2013-04-24 14:17:26 B98F8C6E31CD07B2E6F71F7F648E38C0 1656680 ----a-w- C:\Windows\Sysnative\drivers\ntfs.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-05-01 09:26:00 -------- d-----w- C:\Program Files\iPod
2013-05-01 09:25:59 -------- d-----w- C:\Program Files\iTunes
======= C:\Program Files (x86) =====
2013-05-11 17:53:04 -------- d-----w- C:\Program Files (x86)\Easy Phone Sync
2013-05-09 09:49:37 -------- d-----w- C:\Program Files (x86)\ipswDownloader
2013-05-01 09:25:59 -------- d-----w- C:\Program Files (x86)\iTunes
2013-05-01 09:18:30 -------- d-----w- C:\Program Files (x86)\QuickTime
2013-04-17 15:56:40 -------- d-----w- C:\Program Files (x86)\Mozilla Thunderbird
======= =====
2013-05-14 14:18:37 DA13DDDB92EA6D267D9879F4F27F137E 7573 ----a-w- \AdwCleaner[S1].txt
====== C:\Users\Administrator\AppData\Roaming ======
2013-05-15 07:38:32 -------- d-----w- C:\users\Administrator\AppData\Locallow\Sun
2013-05-14 10:21:28 -------- d-----w- C:\users\Administrator\AppData\Local\Temp
2013-05-11 17:51:45 -------- d-----w- C:\users\Sasha\AppData\Roaming\Media Mushroom Limited
2013-05-09 09:49:37 -------- d-----w- C:\users\Sasha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ipswDownloader
2013-04-21 11:40:10 F2CA2FDD46962F324402C71D99A0E996 5632 ----a-w- C:\users\Claudi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
====== C:\Users\Administrator ======
2013-05-11 17:57:09 -------- d-----w- C:\Users\Sasha\MSYNC
2013-05-11 17:53:13 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Phone Sync
2013-05-01 09:26:51 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2013-05-01 09:25:59 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-01 09:18:33 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
====== C: exe-files ==
2013-05-15 09:29:30 CEA304830B4770BDA3572B87D0841848 775232 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2013-05-15 09:29:30 AAD90795E84E710543C6C7C2F7048E30 770608 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2013-05-14 19:25:27 C26BB2535C1B20DEAFAEB12634BF4DC9 781592 ----a-w- C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleUpdateSetup.exe
2013-05-14 19:25:27 8F11F0321ED84B1533FC1384AC71AC8D 59784 ----atw- C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleUpdateBroker.exe
2013-05-14 19:25:27 00F714CA28A01FACB709486D6DA306A8 59784 ----atw- C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleUpdateOnDemand.exe
2013-05-14 19:25:21 76B35CB0F3A4E69D6DFF27F542B9F856 216968 ----atw- C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
2013-05-14 19:25:21 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleUpdate.exe
2013-05-14 19:25:21 4E252E85E5DC31BD645E809222AFAF27 287624 ----atw- C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe
2013-05-14 19:25:20 C26BB2535C1B20DEAFAEB12634BF4DC9 781592 ----a-w- C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.145\GoogleUpdateSetup.exe
2013-05-09 09:49:37 BB5064687226107A4F60995FE083B370 53074 ----a-w- C:\Program Files (x86)\ipswDownloader\uninst.exe
=== C: other files ==
2013-05-16 07:30:16 9F73EAF81A9520320557D8ABC1707D76 6645 ----a-w- C:\Users\Claudi\.rainlendar2\backups\20130516-Rainlendar2Backup.zip
2013-05-15 16:48:11 9839BA2BA95991F6E03FA19F968B532E 9252995 ----a-w- C:\Users\Sasha\Downloads\flash_player_android_v.11.1.115.54.zip
2013-05-15 15:40:48 AC760D43919B4CA9326F1B67BD615B6B 1825 ----a-w- C:\Users\Sasha\.rainlendar2\backups\20130515-Rainlendar2Backup.zip
2013-05-15 07:20:46 77DF435F8E45B1453E52EFE6CF0F83A4 6645 ----a-w- C:\Users\Claudi\.rainlendar2\backups\20130515-Rainlendar2Backup.zip
2013-05-13 22:00:04 E746B4748057AAB661A6E8BE9E50223C 6645 ----a-w- C:\Users\Claudi\.rainlendar2\backups\20130514-Rainlendar2Backup.zip
2013-05-12 22:00:00 B43A2DBCBC2D36CC138CDCF656ECFF2D 6645 ----a-w- C:\Users\Claudi\.rainlendar2\backups\20130513-Rainlendar2Backup.zip
2013-05-11 22:00:00 280C1C5F44DC2328252C126B0BF2A891 1825 ----a-w- C:\Users\Sasha\.rainlendar2\backups\20130512-Rainlendar2Backup.zip
2013-05-11 22:00:00 09829C49058FD2DD40B741F2A7725832 6645 ----a-w- C:\Users\Claudi\.rainlendar2\backups\20130512-Rainlendar2Backup.zip
2013-05-11 17:45:42 CB0B99F926B5EFBF08CEEEE672572E2B 1825 ----a-w- C:\Users\Sasha\.rainlendar2\backups\20130511-Rainlendar2Backup.zip
2013-05-11 09:43:52 9EF915D7E1DAA17409E4F2F59AD56423 6645 ----a-w- C:\Users\Claudi\.rainlendar2\backups\20130511-Rainlendar2Backup.zip
2013-05-10 07:26:52 9FEEC725FB04DBB233B32282FBD9039D 6645 ----a-w- C:\Users\Claudi\.rainlendar2\backups\20130510-Rainlendar2Backup.zip
2013-05-09 16:10:51 D1B8B1ED186473754F919BC2C13649AF 6645 ----a-w- C:\Users\Claudi\.rainlendar2\backups\20130509-Rainlendar2Backup.zip
2013-05-09 09:41:15 5D41C9C507D9959A28BFF50E708DE4B6 1825 ----a-w- C:\Users\Sasha\.rainlendar2\backups\20130509-Rainlendar2Backup.zip
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-21-2127498475-2954064385-2103805440-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe"
"cxrvtxxn"="C:\Users\Claudi\Zzrhrhb\tjfotxxn.exe"
"iuxksuul"="C:\Users\Claudi\AppData\Local\Temp\Bbcpfwm\oqdfgrsuul.exe"
[HKEY_USERS\S-1-5-21-2127498475-2954064385-2103805440-500\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-21-2127498475-2954064385-2103805440-500\Software\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"SuiteTray"="C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
"EgisUpdate"="C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe -d"
"EgisTecPMMUpdate"="C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
"BackupManagerTray"="C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe -h -k"
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe"
"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"SDTray"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mwlDaemon"="C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe"
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"Acer ePower Management"="C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe"
"ETDWare"="%ProgramFiles%\Elantech\ETDCtrl.exe "
==== Startup Registry Disabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe Reader Speed Launcher"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Reader_sl.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeAAMUpdater-1.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeAAMUpdater-1.0"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HP Software Update"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PDFPrint]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDFPrint"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\PDF24\\pdf24.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PMBVolumeWatcher]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PMBVolumeWatcher"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Sony\\PMB\\PMBVolumeWatcher.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PureSync]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PureSync"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\PureSync\\PureSyncTray.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QuickTime Task"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Steam"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Steam\\Steam.exe\" -silent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="swg"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"item"="HP Digital Imaging Monitor"
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk"
"backup"="C:\\Windows\\pss\\HP Digital Imaging Monitor.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\HEWLET~1\\DIGITA~1\\bin\\hpqtra08.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hp psc 2000 Series.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\hp psc 2000 Series.lnk"
"backup"="C:\\Windows\\pss\\hp psc 2000 Series.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\HEWLET~1\\DIGITA~1\\bin\\hpobnz08.exe "
"item"="hp psc 2000 Series"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\hpoddt01.exe.lnk"
"backup"="C:\\Windows\\pss\\hpoddt01.exe.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\HEWLET~1\\DIGITA~1\\bin\\hpotdd01.exe "
"item"="hpoddt01.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Sasha^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk]
"item"="OneNote 2010 Bildschirmausschnitt- und Startprogramm"
"path"="C:\\Users\\Sasha\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk"
"backup"="C:\\Windows\\pss\\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~2\\MICROS~2\\Office14\\ONENOTEM.EXE"
==== Startup Folders ======================
2013-02-20 09:57:58 1052 ----a-w- C:\users\Claudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2011-01-06 22:01:14 1348 ----a-w- C:\users\Claudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [15.05.2013 09:28]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [04.01.2011 19:21]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [04.01.2011 19:21]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zmz3mvt4.default
- Undetermined - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
ProfilePath: C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\4f5d6fi7.Alte Lesezeichen
- Undetermined - C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
- Undetermined - C:\Programme\Java\jre6\lib\deploy\jqs\ff
- Undetermined - C:\Programme\pdfforge Toolbar\FF
- Undetermined - C:\Dokumente und Einstellungen\Sasha\Anwendungsdaten\Mozilla\Firefox\Profiles\8wyuy6g3.default\extensions\extension@virtusdesigns.com
- Undetermined - C:\Programme\Gemeinsame Dateien\Spigot\wtxpcom
- Undetermined - C:\Dokumente und Einstellungen\Sasha\Anwendungsdaten\Mozilla\Firefox\Profiles\8wyuy6g3.default\extensions\{3713a489-0634-4472-8456-dc7abd7eba00}
- Undetermined - C:\Dokumente und Einstellungen\Sasha\Anwendungsdaten\Mozilla\Firefox\Profiles\8wyuy6g3.default\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}
- Undetermined - C:\Dokumente und Einstellungen\Sasha\Anwendungsdaten\Mozilla\Firefox\Profiles\8wyuy6g3.default\extensions\CrystalFox_Qute@BigRedBrent
- Undetermined - C:\Dokumente und Einstellungen\Sasha\Anwendungsdaten\Mozilla\Firefox\Profiles\8wyuy6g3.default\extensions\{20C3BDFF-DA68-468d-8D9A-F5A6C76B0F9E}
- Chromifox Basic - %ProfilePath%\extensions\chromifox@altmusictv.com
- CrystalFox Qute - %ProfilePath%\extensions\CrystalFox_Qute@BigRedBrent
- Virtus Search Opt-in - %ProfilePath%\extensions\extension@virtusdesigns.com
- Utopia FFSE White - %ProfilePath%\extensions\{20C3BDFF-DA68-468d-8D9A-F5A6C76B0F9E}
- Google Toolbar for Firefox - %ProfilePath%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
- Abaca classic - %ProfilePath%\extensions\{3713a489-0634-4472-8456-dc7abd7eba00}
- Aero Fox Silver XL - %ProfilePath%\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}
- iFox Graphite - %ProfilePath%\extensions\{74b288e6-77b6-41c7-8138-bb81f4539689}
- Vista Nature - %ProfilePath%\extensions\{9864f3b8-68ba-463e-9589-20a4da429bb7}
- Miint - %ProfilePath%\extensions\{d596c130-b00a-11db-abbd-0800200c9a66}
ProfilePath: C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\sde4qaok.default
- HS-Fulda Theme - %ProfilePath%\extensions\{08198ea0-e430-11df-bccf-0800200c9a66}.xpi
- Utopia FFSE White - %ProfilePath%\extensions\{20C3BDFF-DA68-468d-8D9A-F5A6C76B0F9E}.xpi
ProfilePath: C:\Users\Sasha\AppData\Roaming\Mozilla\Firefox\Profiles\bbpp8szj.default
- Utopia FFSE White - %ProfilePath%\extensions\{20C3BDFF-DA68-468d-8D9A-F5A6C76B0F9E}
- Free YouTube Download Free Studio Menu - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
ProfilePath: C:\Users\Sasha\AppData\Roaming\Mozilla\Firefox\Profiles\s90i49i6.Asus-Stuff
- Chromifox Basic - %ProfilePath%\extensions\chromifox@altmusictv.com
- CrystalFox Qute - %ProfilePath%\extensions\CrystalFox_Qute@BigRedBrent
- Virtus Search Opt-in - %ProfilePath%\extensions\extension@virtusdesigns.com
- Google Toolbar for Firefox - %ProfilePath%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
- Abaca classic - %ProfilePath%\extensions\{3713a489-0634-4472-8456-dc7abd7eba00}
- Aero Fox Silver XL - %ProfilePath%\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}
- iFox Graphite - %ProfilePath%\extensions\{74b288e6-77b6-41c7-8138-bb81f4539689}
- Vista Nature - %ProfilePath%\extensions\{9864f3b8-68ba-463e-9589-20a4da429bb7}
- Miint - %ProfilePath%\extensions\{d596c130-b00a-11db-abbd-0800200c9a66}
- Stealthy - %ProfilePath%\extensions\stealthyextension@gmail.com.xpi
- Utopia FFSE White - %ProfilePath%\extensions\{20C3BDFF-DA68-468d-8D9A-F5A6C76B0F9E}.xpi
- DVDVideoSoft YouTube MP3 and Video Download - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
- FXChrome - %ProfilePath%\extensions\{c0c588b6-b11d-4898-af00-079fed05aa32}.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
==== HijackThis Entries ======================
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273601118165l04f4z1m5v47422582
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\RunOnce: [Report] \AdwCleaner[S1].txt
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-2127498475-2954064385-2103805440-1003\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Claudi')
O4 - S-1-5-21-2127498475-2954064385-2103805440-1003 Startup: Dropbox.lnk = Claudi\AppData\Roaming\Dropbox\bin\Dropbox.exe (User 'Claudi')
O4 - S-1-5-21-2127498475-2954064385-2103805440-1003 Startup: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (User 'Claudi')
O4 - S-1-5-21-2127498475-2954064385-2103805440-1003 User Startup: Dropbox.lnk = Claudi\AppData\Roaming\Dropbox\bin\Dropbox.exe (User 'Claudi')
O4 - S-1-5-21-2127498475-2954064385-2103805440-1003 User Startup: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (User 'Claudi')
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {DB7ACFA2-9634-4C98-BC9D-FB9416153022} (nvEPLMedia Control) - hxxp://g80fw.dyndns.org:2018/nvEPLMedia.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011c\RpcAgentSrv.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
==== Silent Runners ======================
"Silent Runners.vbs", revision 69.2, hxxp://www.silentrunners.org/
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
swg = "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [Google Inc.]
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
Report = \AdwCleaner[S1].txt [null data]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
mwlDaemon = C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [Egis Technology Inc.]
RtHDVCpl = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [Realtek Semiconductor]
ETDWare = C:\Program Files\Elantech\ETDCtrl.exe
Acer ePower Management = C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [Acer Incorporated]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++}
IAStorIcon = C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [null data]
SuiteTray = "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [Egis Technology Inc.]
EgisUpdate = "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d [Egis Technology Inc.]
EgisTecPMMUpdate = "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" [Egis Technology Inc.]
BackupManagerTray = "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k [NewTech Infosystems, Inc.]
StartCCC = "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [Advanced Micro Devices, Inc.]
LManager = C:\Program Files (x86)\Launch Manager\LManager.exe [Dritek System Inc.]
(Default) = (empty string) [file not found]
avgnt = "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [Avira Operations GmbH & Co. KG]
APSDaemon = "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [Apple Inc.]
SDTray = "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [Safer-Networking Ltd.]
QuickTime Task = "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [Apple Inc.]
iTunesHelper = "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [Apple Inc.]
SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [Oracle Corporation]
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\
{89820200-ECBD-11cf-8B85-00AA005B4340}\(Default) = Windows Desktop Update
\StubPath = regsvr32.exe /s /n /i:U shell32.dll [MS]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\
{89820200-ECBD-11cf-8B85-00AA005B4340}\(Default) = Windows Desktop Update
\StubPath = regsvr32.exe /s /n /i:U shell32.dll [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = Windows Live ID Sign-in Helper
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
-> {HKLM...Wow...CLSID} = Windows Live ID-Anmelde-Hilfsprogramm
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = Google Toolbar Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Inc.]
-> {HKLM...Wow...CLSID} = Google Toolbar Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
-> {HKLM...CLSID} = Google Toolbar Notifier BHO
\InProcServer32\(Default) = C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll [Google Inc.]
-> {HKLM...Wow...CLSID} = Google Toolbar Notifier BHO
\InProcServer32\(Default) = C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll [Google Inc.]
{B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO
-> {HKLM...CLSID} = Office Document Cache Handler
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [MS]
-> {HKLM...Wow...CLSID} = Office Document Cache Handler
\InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL [MS]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = AcroIEHelperStub
-> {HKLM...Wow...CLSID} = Adobe PDF Link Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe Systems Incorporated]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...Wow...CLSID} = Spybot-S&D IE Protection
\InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll [Safer-Networking Ltd.]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...Wow...CLSID} = Java(tm) Plug-In SSV Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\ssv.dll [Oracle Corporation]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = Windows Live ID Sign-in Helper
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
-> {HKLM...Wow...CLSID} = Windows Live ID-Anmelde-Hilfsprogramm
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = Google Toolbar Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Inc.]
-> {HKLM...Wow...CLSID} = Google Toolbar Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
-> {HKLM...CLSID} = Google Toolbar Notifier BHO
\InProcServer32\(Default) = C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll [Google Inc.]
-> {HKLM...Wow...CLSID} = Google Toolbar Notifier BHO
\InProcServer32\(Default) = C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll [Google Inc.]
{B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO
-> {HKLM...CLSID} = Office Document Cache Handler
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [MS]
-> {HKLM...Wow...CLSID} = Office Document Cache Handler
\InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL [MS]
{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM...Wow...CLSID} = Java(tm) Plug-In 2 SSV Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [Oracle Corporation]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\
egisPSDP\(Default) = {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}
-> {HKLM...CLSID} = DragDropProtect Class
\InProcServer32\(Default) = C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll [Egis Technology Inc.]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\
egisPSDP\(Default) = {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}
-> {HKLM...Wow...CLSID} = DragDropProtect Class
\InProcServer32\(Default) = C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll [Egis Technology Inc.]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} = eDS psd drag drop protection
-> {HKLM...CLSID} = DragDropProtect Class
\InProcServer32\(Default) = C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll [Egis Technology Inc.]
{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} = Display CPL Extension
-> {HKLM...CLSID} = DisplayCplExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiama64.dll [Advanced Micro Devices, Inc.]
{5E2121EE-0300-11D4-8D3B-444553540000} = Catalyst Context Menu extension
-> {HKLM...CLSID} = SimpleShlExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [Advanced Micro Devices, Inc.]
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = Shell Extension for Malware scanning
-> {HKLM...CLSID} = Shell Extension for Malware scanning
\InProcServer32\(Default) = C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [Avira Operations GmbH & Co. KG]
{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\MSOHEVI.DLL [MS]
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
-> {HKLM...CLSID} = Microsoft Office Metadata Handler
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
-> {HKLM...CLSID} = Microsoft Office Thumbnail Handler
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search
-> {HKLM...CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL [MS]
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0}
-> {HKLM...CLSID} = ImageExtractorShellExt Class
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\VISSHE.DLL [MS]
{D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF}
-> {HKLM...CLSID} = CInfoTipShellExt Class
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\VISSHE.DLL [MS]
{7CCA70DB-DE7A-4FB7-9B2B-52E2335A3B5A} = Nameext
-> {HKLM...CLSID} = Enterprise-Projekte
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\NAMEEXT.DLL [MS]
{0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL [MS]
{D1079645-619B-4D0B-8FD5-1008B95134E1} = PureSync Shell Extension
-> {HKLM...CLSID} = PureSync Shell Extension Class
\InProcServer32\(Default) = C:\Program Files (x86)\PureSync\shellext\psshell64.dll [Jumping Bytes]
{44176360-2BBF-4EC1-93CE-384B8681A0BC} = SDECon64
-> {HKLM...CLSID} = Spybot-S&D Explorer Integration
\InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [Safer-Networking Ltd.]
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes
-> {HKLM...CLSID} = iTunes
\InProcServer32\(Default) = C:\Program Files\iTunes\iTunesMiniPlayer.dll [Apple Inc.]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} = eDS psd drag drop protection
-> {HKLM...Wow...CLSID} = DragDropProtect Class
\InProcServer32\(Default) = C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll [Egis Technology Inc.]
{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
-> {HKLM...Wow...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\msohevi.dll [MS]
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0}
-> {HKLM...Wow...CLSID} = ImageExtractorShellExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL [MS]
{D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF}
-> {HKLM...Wow...CLSID} = CInfoTipShellExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL [MS]
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search
-> {HKLM...Wow...CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\ONFILTER.DLL [MS]
{D1079645-619B-4D0B-8FD5-1008B95134E1} = PureSync Shell Extension
-> {HKLM...Wow...CLSID} = PureSync Shell Extension Class
\InProcServer32\(Default) = C:\Program Files (x86)\PureSync\shellext\psshell32.dll [Jumping Bytes]
{00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided)
-> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim
-> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim
-> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Editor Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim
-> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
{23170F69-40C1-278A-1000-000100020000} = 7-Zip Shell Extension
-> {HKLM...Wow...CLSID} = 7-Zip Shell Extension
\InProcServer32\(Default) = C:\Program Files (x86)\7-Zip\7-zip.dll [Igor Pavlov]
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
-> {HKLM...Wow...CLSID} = Microsoft Office Metadata Handler
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
-> {HKLM...Wow...CLSID} = Microsoft Office Thumbnail Handler
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]
{44176360-2BBF-4EC1-93CE-384B8681A0BC} = SDECon32
-> {HKLM...Wow...CLSID} = Spybot-S&D Explorer Integration
\InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon32.dll [Safer-Networking Ltd.]
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
<<!>> BootExecute = autocheck autochk *| [file not found]|sdnclean64.exe [Safer Networking Limited]
HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = {807573E5-5146-11D5-A672-00B0D022E945}
-> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL [MS]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
-> {HKLM...Wow...CLSID} = 7-Zip Shell Extension
\InProcServer32\(Default) = C:\Program Files (x86)\7-Zip\7-zip.dll [Igor Pavlov]
EDSshellExt\(Default) = {29FF7AB0-BE34-4992-A30B-53A9D86EE239}
-> {HKLM...CLSID} = eDSshlExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\EgisTec MyWinLocker\x64\mwlshellext.dll [Egis Technology Inc.]
-> {HKLM...Wow...CLSID} = eDSshlExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlshellext.dll [Egis Technology Inc.]
PureSync\(Default) = {D1079645-619B-4d0b-8FD5-1008B95134E1}
-> {HKLM...CLSID} = PureSync Shell Extension Class
\InProcServer32\(Default) = C:\Program Files (x86)\PureSync\shellext\psshell64.dll [Jumping Bytes]
-> {HKLM...Wow...CLSID} = PureSync Shell Extension Class
\InProcServer32\(Default) = C:\Program Files (x86)\PureSync\shellext\psshell32.dll [Jumping Bytes]
SDECon32\(Default) = {44176360-2BBF-4EC1-93CE-384B8681A0BC}
-> {HKLM...CLSID} = Spybot-S&D Explorer Integration
\InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [Safer-Networking Ltd.]
-> {HKLM...Wow...CLSID} = Spybot-S&D Explorer Integration
\InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon32.dll [Safer-Networking Ltd.]
SDECon64\(Default) = {44176360-2BBF-4EC1-93CE-384B8681A0BC}
-> {HKLM...CLSID} = Spybot-S&D Explorer Integration
\InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [Safer-Networking Ltd.]
-> {HKLM...Wow...CLSID} = Spybot-S&D Explorer Integration
\InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon32.dll [Safer-Networking Ltd.]
Shell Extension for Malware scanning\(Default) = {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
-> {HKLM...CLSID} = Shell Extension for Malware scanning
\InProcServer32\(Default) = C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [Avira Operations GmbH & Co. KG]
HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
-> {HKLM...CLSID} = MBAMShlExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]
ShredderContextMenu\(Default) = {521065F1-DE6C-4E46-BBCB-89B0D0BE860D}
-> {HKLM...CLSID} = ShredContextMenu Class
\InProcServer32\(Default) = C:\Program Files (x86)\EgisTec Shredder\x64\ShredderContextMenu.dll [Egis Technology Inc.]
-> {HKLM...Wow...CLSID} = ShredContextMenu Class
\InProcServer32\(Default) = C:\Program Files (x86)\EgisTec Shredder\x86\ShredderContextMenu.dll [Egis Technology Inc.]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
-> {HKLM...Wow...CLSID} = 7-Zip Shell Extension
\InProcServer32\(Default) = C:\Program Files (x86)\7-Zip\7-zip.dll [Igor Pavlov]
EDSshellExt\(Default) = {29FF7AB0-BE34-4992-A30B-53A9D86EE239}
-> {HKLM...CLSID} = eDSshlExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\EgisTec MyWinLocker\x64\mwlshellext.dll [Egis Technology Inc.]
-> {HKLM...Wow...CLSID} = eDSshlExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlshellext.dll [Egis Technology Inc.]
PureSync\(Default) = {D1079645-619B-4d0b-8FD5-1008B95134E1}
-> {HKLM...CLSID} = PureSync Shell Extension Class
\InProcServer32\(Default) = C:\Program Files (x86)\PureSync\shellext\psshell64.dll [Jumping Bytes]
-> {HKLM...Wow...CLSID} = PureSync Shell Extension Class
\InProcServer32\(Default) = C:\Program Files (x86)\PureSync\shellext\psshell32.dll [Jumping Bytes]
HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\
7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
-> {HKLM...Wow...CLSID} = 7-Zip Shell Extension
\InProcServer32\(Default) = C:\Program Files (x86)\7-Zip\7-zip.dll [Igor Pavlov]
HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\
ACE\(Default) = {5E2121EE-0300-11D4-8D3B-444553540000}
-> {HKLM...CLSID} = SimpleShlExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [Advanced Micro Devices, Inc.]
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info
-> {HKLM...Wow...CLSID} = PDF Shell Extension
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
-> {HKLM...CLSID} = MBAMShlExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]
SDECon32\(Default) = {44176360-2BBF-4EC1-93CE-384B8681A0BC}
-> {HKLM...CLSID} = Spybot-S&D Explorer Integration
\InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [Safer-Networking Ltd.]
-> {HKLM...Wow...CLSID} = Spybot-S&D Explorer Integration
\InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon32.dll [Safer-Networking Ltd.]
SDECon64\(Default) = {44176360-2BBF-4EC1-93CE-384B8681A0BC}
-> {HKLM...CLSID} = Spybot-S&D Explorer Integration
\InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [Safer-Networking Ltd.]
-> {HKLM...Wow...CLSID} = Spybot-S&D Explorer Integration
\InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon32.dll [Safer-Networking Ltd.]
Shell Extension for Malware scanning\(Default) = {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
-> {HKLM...CLSID} = Shell Extension for Malware scanning
\InProcServer32\(Default) = C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [Avira Operations GmbH & Co. KG]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
SCRNSAVE.EXE = C:\Windows\System32\Acer.scr [null data]
Windows Portable Device AutoPlay Handlers
-----------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
BridgeCS3ImportMediaOnArrival\
Provider = Adobe Bridge CS3
InvokeProgID = Adobe.adobebridge
InvokeVerb = launch
HKLM\SOFTWARE\Classes\Adobe.adobebridge\shell\launch\command\(Default) = C:\Program Files (x86)\Adobe\Adobe Bridge CS3\bridgeproxy.exe -v %1 [Adobe Systems, Inc.]
CanonCWDCEventHandler\
Provider = Canon CameraWindow
ProgID = CwDC.AutoplayHandler
HKLM\SOFTWARE\Classes\CwDC.AutoplayHandler\CLSID\(Default) = {CB7F044B-4400-48a4-8FEF-23B8D0D986EC}
-> {HKLM...CLSID} = Canon CameraWindow
\LocalServer32\(Default) = "C:\Program Files (x86)\Canon\CameraWindow\CameraWindowLauncher\CameraLauncher.exe" [CANON INC.]
CanonZB4PicturesOnArrival\
Provider = Canon ZoomBrowser EX
InvokeProgID = Zb.AutoplayHandler
InvokeVerb = open
HKLM\SOFTWARE\Classes\Zb.AutoplayHandler\shell\open\command\(Default) = C:\Program Files (x86)\Canon\ZoomBrowser EX MCU\MCULauncher.exe [null data]
CDBurnerXP\
Provider = CDBurnerXP
InvokeProgID = CDBurnerXPOpen
InvokeVerb = open
HKLM\SOFTWARE\Classes\CDBurnerXPOpen\shell\open\command\(Default) = "C:\Program Files\CDBurnerXP\cdbxpp.exe" /od "%1" [null data]
Fotoimport1320-38\
Provider = CEWE FOTOIMPORTER
InvokeProgID = Fotoimport1320-38
InvokeVerb = play
HKLM\SOFTWARE\Classes\Fotoimport1320-38\shell\play\command\(Default) = "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOIMPORTER.exe" -startDirectory %1 [null data]
Fotoschau1320-38\
Provider = CEWE FOTOSCHAU
InvokeProgID = Fotoschau1320-38
InvokeVerb = play
HKLM\SOFTWARE\Classes\Fotoschau1320-38\shell\play\command\(Default) = "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d %1 [null data]
iTunesBurnCDOnArrival\
Provider = iTunes
InvokeProgID = iTunes.BurnCD
InvokeVerb = burn
HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayBurn "%L" [Apple Inc.]
iTunesImportSongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.ImportSongsOnCD
InvokeVerb = import
HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayImportSongs "%L" [Apple Inc.]
iTunesPlaySongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.PlaySongsOnCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /playCD "%L" [Apple Inc.]
iTunesShowSongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.ShowSongsOnCD
InvokeVerb = showsongs
HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayShowSongs "%L" [Apple Inc.]
MSLivePhotoAcquireDropHandler\
Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10
InvokeProgID = Microsoft.LivePhotoAcqDTShim.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = {00F33137-EE26-412F-8D71-F84E4C2C6625}
-> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]
MSLiveShowPicturesOnArrival\
Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10
InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7}
-> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]
MSPlayCDAudioOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.AudioCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS]
MSPlayDVDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.DVD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS]
MSPlaySuperVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]
MSPlayVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]
MSWMPBurnCDOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.BurnCD
InvokeVerb = Burn
HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS]
NTIBurner\
Provider = NTI Media Maker
InvokeProgID = NTIBurnerOpen
InvokeVerb = open
HKLM\SOFTWARE\Classes\NTIBurnerOpen\shell\open\command\(Default) = "C:\Program Files (x86)\NTI\NTI Media Maker 9\Launcher.exe" [null data]
PDVD9PlayCDAudioOnArrival\
Provider = PowerDVD 9
InvokeProgID = AudioCD
InvokeVerb = PlayWithPowerDVD9
HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerDVD9\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVDLaunchPolicy.exe" "%L" [CyberLink Corp.]
PDVD9PlayDVDMovieOnArrival\
Provider = PowerDVD 9
InvokeProgID = DVD
InvokeVerb = PlayWithPowerDVD9
HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD9\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVDLaunchPolicy.exe" "%L" [CyberLink Corp.]
PDVD9PlaySVCDOnArrival\
Provider = PowerDVD 9
InvokeProgID = SVCD
InvokeVerb = PlayWithPowerDVD9
HKLM\SOFTWARE\Classes\SVCD\shell\PlayWithPowerDVD9\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVDLaunchPolicy.exe" "%L" [CyberLink Corp.]
PDVD9PlayVCDMovieOnArrival\
Provider = PowerDVD 9
InvokeProgID = VCD
InvokeVerb = PlayWithPowerDVD9
HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPowerDVD9\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVDLaunchPolicy.exe" "%L" [CyberLink Corp.]
SonyPMBImportPicturesOnArrival\
Provider = PMB
InvokeProgID = SonyPMB.VolumeAutoPlay
InvokeVerb = launch
HKLM\SOFTWARE\Classes\SonyPMB.VolumeAutoPlay\shell\launch\command\(Default) = C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe /autoplay /path %1 [Sony Corporation]
SpybotScanFiles\
Provider = Spybot - Search & Destroy
InvokeProgID = SpybotFilesScanner
InvokeVerb = scanfiles
HKLM\SOFTWARE\Classes\SpybotFilesScanner\shell\scanfiles\command\(Default) = "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFiles.exe" [Safer-Networking Ltd.]
Non-disabled Scheduled Tasks: {++}
-----------------------------
C:\Windows\System32\Tasks
Adobe Flash Player Updater -> launches: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated]
AdobeAAMUpdater-1.0-Hainsi-Sasha -> launches: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled [Adobe Systems Incorporated]
GoogleUpdateTaskMachineCore -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c [Google Inc.]
GoogleUpdateTaskMachineUA -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
User_Feed_Synchronization-{4442C2EB-4F17-4641-B024-FA47B8AA3F3D} -> (HIDDEN!) launches: C:\Windows\system32\msfeedssync.exe sync [MS]
{02DC4BCB-13D4-4C80-893E-13F59A015B2A} -> launches: "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/4.1.0.179.367/de/privacy?source=lightinstaller [Mozilla Corporation]
{1BE8E7B3-797B-425A-8FEE-6365602B7DD9} -> launches: C:\Windows\system32\pcalua.exe -a C:\Users\Sasha\Desktop\No23Recorder.exe -d C:\Users\Sasha\Desktop [MS]
{8B01EDC9-1A5D-4FF5-A990-C2B293F897AE} -> launches: C:\Windows\system32\pcalua.exe -a D:\install_spanisch.exe -d D:\ [MS]
{9131E624-BD8E-4EA2-A13A-0C69CA65C745} -> launches: C:\Windows\system32\pcalua.exe -a D:\Programme\7Zip\7z465.exe -d D:\Programme\7Zip [MS]
{E15F1729-B598-47D6-A6D0-F5644C8AB36B} -> launches: "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/4.1.0.179.367/de/privacy?source=lightinstaller [Mozilla Corporation]
C:\Windows\System32\Tasks\Apple
AppleSoftwareUpdate -> launches: C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe -task [Apple Inc.]
C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}
-> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
\InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]
-> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
\InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
AitAgent -> launches: aitagent [MS]
ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Autochk
Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
-> {HKLM...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
-> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
-> {HKLM...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
-> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS]
KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c}
-> {HKLM...CLSID} = KernelCeipCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS]
UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}
-> {HKLM...CLSID} = UsbCeip
\InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]
-> {HKLM...Wow...CLSID} = UsbCeip
\InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3}
-> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Location
Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance
WinSAT -> launches: {A9A33436-678B-4C9C-A211-7CC38785E79D}
-> {HKLM...CLSID} = WinSAT Task Manger Task
\InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]
-> {HKLM...Wow...CLSID} = WinSAT Task Manger Task
\InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
ActivateWindowsSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS]
ConfigureInternetTimeService -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS]
DispatchRecoveryTasks -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS]
ehDRMInit -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS]
InstallPlayReady -> launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS]
mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS]
mcupdate_scheduled -> launches: %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15 [MS]
MediaCenterRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS]
ObjectStoreRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS]
OCURActivate -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS]
OCURDiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS]
PBDADiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS]
PBDADiscoveryW1 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS]
PBDADiscoveryW2 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS]
PvrRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS]
PvrScheduleTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS]
RegisterSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS]
ReindexSearchRoot -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS]
SqlLiteRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS]
StartRecording -> launches: %SystemRoot%\ehome\ehrec /StartRecording [MS]
UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
-> {HKLM...CLSID} = MemoryDiagnosticCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]
DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
-> {HKLM...CLSID} = MemoryDiagnosticCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
-> {HKLM...CLSID} = HotStart User Agent
\InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\MUI
LPRemove -> launches: %windir%\system32\lpremove.exe [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}
-> {HKLM...CLSID} = Microsoft PlaySoundService Class
\InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]
-> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class
\InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace
GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data]
C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
AnalyzeSystem -> launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\RAC
RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6}
-> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler
\InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]
-> {HKLM...Wow...CLSID} = ReliabilityAnalysisCustomHandler
\InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Ras
MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa}
-> {HKLM...CLSID} = RasMobilityManager
\InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Registry
RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2}
-> {HKLM...CLSID} = RegistryIdleBackupHandler
\InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61}
-> {HKLM...CLSID} = GadgetsManager Class
\InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4}
-> {HKLM...CLSID} = RunTask
\InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]
-> {HKLM...Wow...CLSID} = RunTask
\InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
IpAddressConflict1 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS]
IpAddressConflict2 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}
-> {HKLM...CLSID} = MsCtfMonitor task handler
\InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]
-> {HKLM...Wow...CLSID} = MsCtfMonitor task handler
\InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\WDI
ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}
-> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]
-> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing
UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup
ConfigNotification -> launches: %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Wininet
CacheTask -> launches: {0358b920-0ac7-461f-98f4-58e32cd89148}
-> {HKLM...CLSID} = Wininet Cache task object
\InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS]
-> {HKLM...Wow...CLSID} = Wininet Cache task object
\InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows Defender
MP Scheduled Scan -> (HIDDEN!) launches: c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan [MS]
C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE
Extractor Definitions Update Task -> launches: {3519154C-227E-47F3-9CC9-12C3F05817F1}
-> {HKLM...Wow...CLSID} = Windows Live Social Object Extractor Engine Definition Updater
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\SOXE\wlsoxe.dll [MS]
C:\Windows\System32\Tasks\Safer-Networking\Spybot - Search and Destroy
Check for updates -> launches: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe /autoupdate /silent /autoclose [Safer-Networking Ltd.]
Refresh immunization -> launches: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe /immunize /silent /autoclose [Safer-Networking Ltd.]
Scan the system -> launches: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe /scan /cleanclose [Safer-Networking Ltd.]
C:\Windows\System32\Tasks\WPD
SqmUpload_S-1-5-21-2127498475-2954064385-2103805440-1003 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000005\LibraryPath = C:\Program Files (x86)\Bonjour\mdnsNSP.dll [Apple Inc.]
000000000006\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000007\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000008\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000009\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000005\LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll [Apple Inc.]
000000000006\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000007\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000008\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000009\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 10
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 10
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
-> {HKLM...CLSID} = Google Toolbar
\InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Inc.]
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = (no title provided)
-> {HKLM...CLSID} = Google Toolbar
\InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Inc.]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = (no title provided)
-> {HKLM...Wow...CLSID} = Google Toolbar
\InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
ButtonText = An OneNote senden
MenuText = An OneNote s&enden
CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}
-> {HKLM...CLSID} = Send to OneNote from Internet Explorer button
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll [MS]
{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\
ButtonText = Verknpfte &OneNote-Notizen
MenuText = Verknpfte &OneNote-Notizen
CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52}
-> {HKLM...CLSID} = Linked Notes button
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [MS]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\
{219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\
ButtonText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004
MenuText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003
CLSIDExtension = {5F7B1267-94A9-47F5-98DB-E99415F33AEC}
-> {HKLM...Wow...CLSID} = BlogThisToolbarButton Class
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [MS]
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
ButtonText = An OneNote senden
MenuText = An OneNote s&enden
CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}
-> {HKLM...Wow...CLSID} = Send to OneNote from Internet Explorer button
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll [MS]
{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\
ButtonText = Verknpfte &OneNote-Notizen
MenuText = Verknpfte &OneNote-Notizen
CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52}
-> {HKLM...Wow...CLSID} = Linked Notes button
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [MS]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\
MenuText = Spybot - Search && Destroy Configuration
CLSIDExtension = {53707962-6F74-2D53-2644-206D7942484F}
-> {HKLM...Wow...CLSID} = Spybot-S&D IE Protection
\InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll [Safer-Networking Ltd.]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Acer ePower Service, ePowerSvc, C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [Acer Incorporated]
Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated]
AMD External Events Utility, AMD External Events Utility, C:\Windows\system32\atiesrxx.exe [AMD]
Apple Mobile Device, Apple Mobile Device, "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [Apple Inc.]
Avira Echtzeit Scanner, AntiVirService, "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [Avira Operations GmbH & Co. KG]
Avira Planer, AntiVirSchedulerService, "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [Avira Operations GmbH & Co. KG]
Dienst "Bonjour", Bonjour Service, "C:\Program Files\Bonjour\mDNSResponder.exe" [Apple Inc.]
Dritek WMI Service, DsiWMIService, C:\Program Files (x86)\Launch Manager\dsiwmis.exe [Dritek System Inc.]
GREGService, GREGService, C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [Acer Incorporated]
HP CUE DeviceDiscovery Service, hpqddsvc, C:\Windows\system32\svchost.exe -k hpdevmgmt {C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll [Hewlett-Packard Co.]}
HP Network Devices Support, HPSLPSVC, C:\Windows\system32\svchost.exe -k HPService {C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC64.DLL [Hewlett-Packard Co.]}
hpqcxs08, hpqcxs08, C:\Windows\system32\svchost.exe -k hpdevmgmt {C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll [Hewlett-Packard Co.]}
Intel(R) Management & Security Application User Notification Service, UNS, "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [Intel Corporation]
Intel(R) Management and Security Application Local Management Service, LMS, C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [Intel Corporation]
Intel(R) Rapid Storage Technology, IAStorDataMgrSvc, "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe" [null data]
iPod-Dienst, iPod Service, "C:\Program Files\iPod\bin\iPodService.exe" [Apple Inc.]
MBAMScheduler, MBAMScheduler, "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [Malwarebytes Corporation]
MBAMService, MBAMService, "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [Malwarebytes Corporation]
Microsoft .NET Framework NGEN v4.0.30319_X64, clr_optimization_v4.0.30319_64, C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [MS]
Microsoft .NET Framework NGEN v4.0.30319_X86, clr_optimization_v4.0.30319_32, C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [MS]
Net Driver HPZ12, Net Driver HPZ12, C:\Windows\System32\svchost.exe -k HPZ12 {C:\Windows\system32\HPZinw12.dll [Hewlett-Packard]}
NTI IScheduleSvc, NTI IScheduleSvc, C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [NewTech Infosystems, Inc.]
PMBDeviceInfoProvider, PMBDeviceInfoProvider, "C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe" [Sony Corporation]
Pml Driver HPZ12, Pml Driver HPZ12, C:\Windows\System32\svchost.exe -k HPZ12 {C:\Windows\system32\HPZipm12.dll [Hewlett-Packard]}
Spybot-S&D 2 Scanner Service, SDScannerService, C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [Safer-Networking Ltd.]
Spybot-S&D 2 Security Center Service, SDWSCService, C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [Safer-Networking Ltd.]
Spybot-S&D 2 Updating Service, SDUpdateService, C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [Safer-Networking Ltd.]
Updater Service, Updater Service, C:\Program Files\Acer\Acer Updater\UpdaterService.exe [Acer Group]
Windows Live ID Sign-in Assistant, wlidsvc, "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [MS]
Safe Mode Drivers & Services (subkey name, subkey default value):
-----------------------------------------------------------------
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\
<<!>> MCODS,
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\
<<!>> MCODS,
Print Monitors:
---------------
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
hpf3l101.dll\Driver = hpf3l101.dll [Hewlett-Packard Company]
LIDIL hpzlllhn\Driver = hpzlllhn.dll [Hewlett-Packard Company]
PCL hpz3llhn\Driver = hpz3llhn.dll [Hewlett-Packard Company]
pdfcmon\Driver = pdfcmon.dll [pdfforge GbR]
|
|
16.05.2013, 09:52
| #14 |
| /// Malwareteam / Visitor | Inkasso Mail mit Zip-Anhang geöffnet, Trojaner Fund mit Malware Bytes
Der Problem mit den Firefox tritt diese auf bei alle User oder bei eine bestimmte User? |
|
16.05.2013, 11:55
| #15 |
| | Inkasso Mail mit Zip-Anhang geöffnet, Trojaner Fund mit Malware Bytes Also bisher ist der Firefoxabsturz nur bei User Claudi aufgefallen. Die anderen User werden aber auch selten genutzt. Hier der Zoeklog. Code:
ATTFilter
Zoek.exe Version 4.0.0.2 Updated 15-May-2013
Tool run by Administrator on 16.05.2013 at 12:51:14,88.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
==== Older Logs ======================
C:\zoek-results14.05.2013-1606.log 35080 bytes
C:\zoek-results14.05.2013-1610.log 485 bytes
C:\zoek-results16.05.2013-1011.log 94489 bytes
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_USERS\S-1-5-21-2127498475-2954064385-2103805440-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"cxrvtxxn"=-
"iuxksuul"=-
==== Deleting Files \ Folders ======================
"C:\Users\Claudi\Zzrhrhb" not found
"C:\Users\Administrator\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\*" not found
"C:\Users\Sasha\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\0507975091.data" deleted
"C:\Users\Sasha\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\0507975091.quar" deleted
"C:\Users\Sasha\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\1786873297.data" deleted
"C:\Users\Sasha\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\1786873297.quar" deleted
"C:\Users\Sasha\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\8401147501.data" deleted
"C:\Users\Sasha\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\8401147501.quar" deleted
"C:\Users\Sasha\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\9125248524.data" deleted
"C:\Users\Sasha\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\9125248524.quar" deleted
"C:\Users\Claudi\AppData\Local\Temp\Bbcpfwm" deleted
|
|
| Themen zu Inkasso Mail mit Zip-Anhang geöffnet, Trojaner Fund mit Malware Bytes |
| .dll, acer, administrator, antivir, autostart, avg, clean, desktop, explorer, free, google, home, iexplore.exe, mail, malware, malware bytes, modul, modzilla, neu, nt.dll, pmmupdate.exe, programm, prozesse, rechner, recycle.bin, registry, svchost.exe, trojan.fakenero.ed, trojaner, windows, zip-anhang, zip-anhang geöffnet |
Linear-Darstellung
