| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: gvu trojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.05.2013, 13:54
| #1 |
 |  gvu trojaner hi nochmal... neues Problem... hab ja in einem anderen Thema den Laptop meines Nachbarn mit Leo in der mache und hab dann aus langeweile mit meinem rechner mir die zeit vertrieben... nun hab ich mir mit dem auch den gvu Trojaner eingefangen... (ich hab Talent in die haufen zu greifen)  hab mich an die erste Anweisung aus dem anderen Thema gehalten und otl durchlaufen lassen hier die logs  Code:
ATTFilter OTL logfile created on: 30.05.2013 14:30:17 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = j:\ 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 3,05 Gb Available Physical Memory | 79,02% Memory free 7,73 Gb Paging File | 6,93 Gb Available in Paging File | 89,60% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 918,39 Gb Total Space | 666,61 Gb Free Space | 72,58% Space Free | Partition Type: NTFS Drive D: | 13,02 Gb Total Space | 1,80 Gb Free Space | 13,82% Space Free | Partition Type: NTFS Drive E: | 7,30 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive J: | 7,26 Gb Total Space | 7,26 Gb Free Space | 99,99% Space Free | Partition Type: FAT32 Computer Name: CAROLIN-RECHNER | User Name: Ted2011 | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.28 01:09:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- j:\OTL.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2013.02.19 14:56:14 | 000,182,752 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp) SRV:64bit: - [2013.02.19 14:53:32 | 000,218,760 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV:64bit: - [2013.02.19 14:51:54 | 000,241,456 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV:64bit: - [2012.08.31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service) SRV:64bit: - [2012.08.31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy) SRV:64bit: - [2012.08.31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc) SRV:64bit: - [2012.08.31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV:64bit: - [2012.08.31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV:64bit: - [2012.08.31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV:64bit: - [2011.11.10 05:11:32 | 000,204,288 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2013.05.15 15:05:19 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.26 00:05:10 | 000,384,048 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS) SRV - [2012.08.30 17:46:30 | 000,076,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.04.25 20:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe -- (KSS) SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2010.11.20 14:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2010.10.12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010.05.02 23:34:28 | 005,027,328 | ---- | M] (Moonware Studios) [Disabled | Stopped] -- C:\Program Files (x86)\wLite\wService.exe -- (wxpSvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009.10.02 13:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.02.22 13:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Stopped] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc) SRV - [2007.12.17 05:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01) SRV - [2007.01.11 05:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.02.19 14:59:06 | 000,070,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids) DRV:64bit: - [2013.02.19 14:56:26 | 000,340,216 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk) DRV:64bit: - [2013.02.19 14:55:14 | 000,106,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet) DRV:64bit: - [2013.02.19 14:54:32 | 000,771,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2013.02.19 14:53:42 | 000,515,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek) DRV:64bit: - [2013.02.19 14:53:02 | 000,309,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2013.02.19 14:52:44 | 000,179,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.07.09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.04.20 17:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.11.10 05:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2011.11.10 05:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.11.10 04:12:44 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.08.01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011.07.28 19:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 12:49:51 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST) DRV:64bit: - [2010.04.09 04:24:48 | 000,059,392 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MHIKEY10x64.sys -- (MHIKEY10) DRV:64bit: - [2010.03.28 22:03:30 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.01.07 03:20:22 | 000,448,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8187.sys -- (RTL8187) DRV:64bit: - [2009.11.19 09:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.10.02 13:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.09.17 14:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.09.17 07:58:38 | 000,026,624 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60) DRV:64bit: - [2009.08.21 02:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.08.05 23:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.19 23:48:42 | 000,702,976 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x) DRV:64bit: - [2009.04.29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV:64bit: - [2008.05.02 10:58:48 | 000,018,432 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64) DRV:64bit: - [2007.07.23 07:57:04 | 000,052,992 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Alpham164.sys -- (Alpham1) DRV:64bit: - [2007.03.27 18:18:58 | 010,550,272 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snpstd3.sys -- (SNPSTD3) DRV:64bit: - [2007.03.20 09:51:04 | 000,021,760 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Alpham264.sys -- (Alpham2) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B60D4390-21CD-4E13-89EC-6CE6745F553C} IE:64bit: - HKLM\..\SearchScopes\{B60D4390-21CD-4E13-89EC-6CE6745F553C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {B60D4390-21CD-4E13-89EC-6CE6745F553C} IE - HKLM\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=fsy&s={searchTerms}&f=4&hl={language}&src=chrm IE - HKLM\..\SearchScopes\{B60D4390-21CD-4E13-89EC-6CE6745F553C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {B60D4390-21CD-4E13-89EC-6CE6745F553C} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {B60D4390-21CD-4E13-89EC-6CE6745F553C} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2286582126-1764155742-3075240171-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4 IE - HKU\S-1-5-21-2286582126-1764155742-3075240171-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-21-2286582126-1764155742-3075240171-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-2286582126-1764155742-3075240171-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-2286582126-1764155742-3075240171-1004\..\SearchScopes,DefaultScope = {B60D4390-21CD-4E13-89EC-6CE6745F553C} IE - HKU\S-1-5-21-2286582126-1764155742-3075240171-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2286582126-1764155742-3075240171-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3 FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=1a14b3710000000000004061867aaeb0&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17395&q=" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@thrixxx.com/WebLaunch: C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@thrixxx.com/WebLaunch: C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ted2011\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ted2011\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\program files (x86)\Mozilla Firefox\components [2012.10.23 22:40:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\program files (x86)\Mozilla Firefox\plugins [2012.10.17 19:57:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013.05.27 23:24:52 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files (x86)\PriceGong\2.1.0\FF [2010.10.16 14:00:58 | 000,000,000 | ---D | M] [2010.03.28 16:43:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ted2011\AppData\Roaming\mozilla\Extensions [2012.12.14 13:55:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ted2011\AppData\Roaming\mozilla\Firefox\Profiles\fnm7dgp8.default\extensions [2010.10.15 13:08:48 | 000,002,055 | ---- | M] () -- C:\Users\Ted2011\AppData\Roaming\mozilla\firefox\profiles\fnm7dgp8.default\searchplugins\daemon-search.xml [2010.10.16 14:00:54 | 000,003,915 | ---- | M] () -- C:\Users\Ted2011\AppData\Roaming\mozilla\firefox\profiles\fnm7dgp8.default\searchplugins\sweetim.xml [2012.10.23 22:40:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012.10.23 22:40:37 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.03.26 18:11:15 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2006.08.09 12:16:08 | 000,030,408 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npWebLaunch.dll [2012.10.23 22:40:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.23 22:40:34 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.23 22:40:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.03.10 17:00:26 | 000,002,035 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchFsy.xml [2012.10.23 22:40:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.23 22:40:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.23 22:40:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: about:blank CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Ted2011\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ted2011\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ted2011\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: thriXXX WebLaunch (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npWebLaunch.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Ted2011\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: AT_AnnaSui = C:\Users\Ted2011\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjohejgigkmiclpgnilojffhiohcglib\3_1\ CHR - Extension: Google-Suche = C:\Users\Ted2011\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Google Mail = C:\Users\Ted2011\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2010.07.12 22:16:48 | 000,000,910 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 216.239.59.99 hxxp://www.youporn.com O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.1.0\PriceGongIE.dll (PriceGong) O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com) O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKU\S-1-5-21-2286582126-1764155742-3075240171-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3:64bit: - HKU\S-1-5-21-2286582126-1764155742-3075240171-1004\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKU\S-1-5-21-2286582126-1764155742-3075240171-1004\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\S-1-5-21-2286582126-1764155742-3075240171-1004\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2286582126-1764155742-3075240171-1004\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [Zboard] C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe (Ideazon, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2286582126-1764155742-3075240171-1004..\Run: [KSS] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKU\S-1-5-21-2286582126-1764155742-3075240171-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKU\S-1-5-21-2286582126-1764155742-3075240171-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.3.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{134C91A2-C05D-4D1E-9252-B8BC91D3F49D}: DhcpNameServer = 192.168.3.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-2286582126-1764155742-3075240171-1004 Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-2286582126-1764155742-3075240171-1004 Winlogon: Shell - (C:\Users\Ted2011\AppData\Roaming\AltShell.dat) - C:\Users\Ted2011\AppData\Roaming\AltShell.dat () O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O31 - SafeBoot: UseAlternatShell - 1 O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.10.26 18:45:39 | 000,779,496 | R--- | M] (BioWare) - E:\autorun.exe -- [ UDF ] O32 - AutoRun File - [2009.10.26 23:21:41 | 000,000,054 | R--- | M] () - E:\autorun.inf -- [ UDF ] O33 - MountPoints2\{95ba8214-d7fa-11df-8647-4061867aaeb0}\Shell - "" = AutoRun O33 - MountPoints2\{95ba8214-d7fa-11df-8647-4061867aaeb0}\Shell\AutoRun\command - "" = K:\SBM_Setup.exe O33 - MountPoints2\{d9c4e712-016c-11df-bcf5-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{d9c4e712-016c-11df-bcf5-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2009.10.26 18:45:39 | 000,779,496 | R--- | M] (BioWare) O33 - MountPoints2\{fb64380a-2208-11df-ae96-4061867aaeb0}\Shell - "" = AutoRun O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autorun.exe -- [2009.10.26 18:45:39 | 000,779,496 | R--- | M] (BioWare) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.30 14:33:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2013.05.28 01:09:44 | 000,000,000 | ---D | C] -- C:\Users\Ted2011\Desktop\trbord [2013.05.15 18:57:48 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.05.15 18:57:48 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.05.15 18:57:48 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.05.15 18:57:47 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.05.15 18:57:47 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.05.15 18:57:47 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.05.15 18:57:47 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.05.15 18:57:47 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.05.15 18:57:47 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.05.15 18:57:47 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.05.15 18:57:47 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.05.15 18:57:47 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.05.15 18:57:45 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.05.15 18:57:45 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.05.15 18:57:44 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.05.15 13:33:09 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.05.15 13:33:07 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.05.15 13:15:43 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2013.05.15 13:15:43 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2013.05.15 13:15:33 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013.05.15 13:15:33 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013.05.15 13:15:33 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll [2013.05.15 13:15:33 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2013.05.15 13:15:19 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.30 14:25:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.30 14:25:51 | 3113,545,728 | -HS- | M] () -- C:\hiberfil.sys [2013.05.30 11:44:52 | 000,000,004 | ---- | M] () -- C:\Users\Ted2011\AppData\Roaming\AltShell.ini [2013.05.30 11:29:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2286582126-1764155742-3075240171-1001UA.job [2013.05.30 11:28:01 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2286582126-1764155742-3075240171-1004UA.job [2013.05.30 11:23:11 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.30 11:23:11 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.30 11:15:52 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.29 00:06:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.29 00:05:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.28 23:28:30 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2286582126-1764155742-3075240171-1004Core.job [2013.05.27 23:37:59 | 001,642,220 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.27 23:37:59 | 000,707,316 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.27 23:37:59 | 000,660,934 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.27 23:37:59 | 000,152,908 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.27 23:37:59 | 000,125,124 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.27 23:10:14 | 000,339,776 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.15 15:05:18 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.05.15 15:05:18 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.05.15 14:29:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2286582126-1764155742-3075240171-1001Core.job [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.30 11:43:12 | 000,000,004 | ---- | C] () -- C:\Users\Ted2011\AppData\Roaming\AltShell.ini [2013.03.11 22:03:55 | 000,000,153 | ---- | C] () -- C:\ProgramData\5136356.reg [2013.03.11 22:03:55 | 000,000,062 | ---- | C] () -- C:\ProgramData\5136356.bat [2012.10.18 09:46:20 | 000,023,245 | ---- | C] () -- C:\Users\Ted2011\AppData\Roaming\UserTile.png [2012.04.17 20:57:38 | 000,007,614 | ---- | C] () -- C:\Users\Ted2011\AppData\Local\Resmon.ResmonCfg [2012.01.11 11:44:24 | 000,031,232 | ---- | C] () -- C:\Users\Ted2011\AppData\Roaming\AltShell.dat [2011.11.10 04:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2011.11.10 04:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.02.21 23:50:00 | 000,166,802 | ---- | C] () -- C:\Users\Ted2011\Desktop.pdf [2010.09.07 18:40:23 | 000,002,008 | ---- | C] () -- C:\Users\Ted2011\AppData\Roaming\wklnhst.dat [2010.03.23 01:22:53 | 000,000,095 | ---- | C] () -- C:\Users\Ted2011\AppData\Local\fusioncache.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 30.05.2013 14:30:18 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = j:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,87 Gb Total Physical Memory | 3,05 Gb Available Physical Memory | 79,02% Memory free
7,73 Gb Paging File | 6,93 Gb Available in Paging File | 89,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918,39 Gb Total Space | 666,61 Gb Free Space | 72,58% Space Free | Partition Type: NTFS
Drive D: | 13,02 Gb Total Space | 1,80 Gb Free Space | 13,82% Space Free | Partition Type: NTFS
Drive E: | 7,30 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive J: | 7,26 Gb Total Space | 7,26 Gb Free Space | 99,99% Space Free | Partition Type: FAT32
Computer Name: CAROLIN-RECHNER | User Name: Ted2011 | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{093535CF-E3FD-426F-84D0-43893C168709}" = rport=137 | protocol=17 | dir=out | app=system |
"{1A258324-BFDF-4C2E-8307-5CA22F3E5BB0}" = rport=138 | protocol=17 | dir=out | app=system |
"{22D697CA-32F6-4375-B3DD-766DD8F554D7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{33A7B0D0-AC6E-4CB5-8CCB-D74F66F98DED}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{370F58B8-25B0-4D48-BAB4-0DAFE1D7F176}" = rport=139 | protocol=6 | dir=out | app=system |
"{3B4D4BEF-A399-485B-AC13-BDF886754512}" = lport=445 | protocol=6 | dir=in | app=system |
"{3E33C59F-B74B-46BC-978E-4D7BA38D8DF0}" = lport=137 | protocol=17 | dir=in | app=system |
"{47114CBE-023B-43D3-81E6-8628F4503585}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{471D382F-0602-417B-9E57-B4865C860AA9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4B722872-F47C-496F-81C3-A3D19783F9CA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{59DAE0B0-0ADB-456E-B63B-826B86CCC7D1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{61B70D06-44FB-465C-98AF-E3808CD5853C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{65FA5E69-94B6-48EB-A963-2BB0ED3BFB24}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{68FFF8CE-3369-4872-AA10-238E37AB586B}" = rport=445 | protocol=6 | dir=out | app=system |
"{6C0A04FC-AD59-42D6-85DB-8AC0FC3BCCC7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{71D2102A-5590-46EA-956B-BC87D7E6013B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7613FC83-9273-4E4D-99E4-0AE55531D0A3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7B1D0AE6-47DD-4E60-AD38-A3DB3ED1C0E0}" = lport=3389 | protocol=6 | dir=in | app=system |
"{7C901DE5-58BD-428E-8A1A-3AE1D564127D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{821482A2-14C7-4E8D-AA83-D5B1E11876D7}" = lport=138 | protocol=17 | dir=in | app=system |
"{8F961C12-1FCD-49CA-AC54-42BBDF2C39C8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{90113960-D34D-455C-8A67-50E5241E49B2}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A46E4651-D897-45CB-AAF5-E84926D509AA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A94F9701-3765-4885-8E89-621962B49CF5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B1579F27-7B3B-4B1B-856F-2A30D59A1210}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BBAF7EDB-FF2B-4918-96AC-7FD5AE8321FB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C0D85EEC-584C-4929-AB5F-30C7370F41C0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C74DF835-8F67-4FDF-9B6A-5B0CE3027EB0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C96C1BA7-6165-49C7-BFB7-BDBF072F4595}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CE63E895-88B8-434F-9150-98E59134842D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D00C0538-B95A-4D4B-B18A-2E28B3AD3AF2}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D9E4F0BB-D811-49F5-92CC-152BE59E9904}" = lport=139 | protocol=6 | dir=in | app=system |
"{E5804824-E1A8-4189-A83D-468DD63AE824}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F7D0A294-8352-4DB1-AB61-DAEFF662F9DD}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0532023F-7C06-44AF-B99A-B7BC110C1474}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{06AB8B74-0EF9-4A0D-BD02-ECB2B530A680}" = protocol=6 | dir=out | app=system |
"{0D13D576-6FD4-49D3-889E-780BF4A4A811}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{10029F8D-BB25-48BF-9EE7-EDE4D41645E8}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{13F4E983-3915-443B-91BD-762D62DA7D00}" = protocol=17 | dir=in | app=c:\program files\black prophecy\bin\win32\blackprophecy.exe |
"{16D47493-265E-4666-A8E4-7709504B7FA8}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{1B4A4507-7979-4DB6-B215-9F2019D91458}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1DFA5D3A-D9D9-4A7C-A59A-B62BA42F4093}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\farmingsimulator2011.exe |
"{1EAE276A-A8E7-4BA6-A6A9-AA26D39ABA77}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{1FCDD148-BC4F-48C9-A9E2-047ABDA1556B}" = protocol=6 | dir=in | app=c:\program files (x86)\wlite\wlite.exe |
"{20F0F300-DF68-4CB7-839C-BBE8F7F826A5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{23DBC34B-3A75-4ECB-AFEF-28CDAD8CE15E}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\game.exe |
"{25A618BC-D05D-48C3-90AF-EB5181D9167D}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect 2\masseffect2launcher.exe |
"{25EF91A2-21B1-4CE3-BA93-350B062F910B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2E377B3E-766B-4DAC-BD3D-6CAA505D3269}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{311E5705-B12A-427F-A25C-EC78616BE416}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3397AF2B-3235-4A82-8C9C-4476AD21E61D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{3433BDCE-6E70-4C2F-8325-675440B7892F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{36511323-D8D1-4D45-A20F-1892EB6E98FB}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield 2142 deluxe edition\bf2142.exe |
"{3C87638B-20D3-407E-BFA6-20FF5B02E435}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{3E527099-B5D8-4D54-B78B-8309CF42FE09}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{40C8C478-8C74-4BFD-A790-B8B2266960F5}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{4126F27D-790E-40FF-B587-A3CBF6838D6A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{44CE82E9-9E96-4D5F-8E8D-5579673B0AFB}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe |
"{44D471BA-A058-4E86-846B-A2227A8F7BB8}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{458BFA7C-8930-46A8-8E08-904C5230219D}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect 2\masseffect2launcher.exe |
"{48BAEF06-1238-41AA-B137-110D2E9D72E0}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{4C446E2D-5DE9-46AD-8AA1-85DA08AA4E09}" = protocol=6 | dir=in | app=c:\program files\black prophecy\bin\win32\blackprophecy.exe |
"{506F7E0F-BAB4-4F83-BF76-F19493C608B9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{52D36215-6AC8-4E63-A580-7D0934D51E45}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{53181518-E0BA-4A3A-A1AB-08BA1A724DB9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{58B06C11-1C75-42A3-86A1-694A77DE0B95}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5B750C84-7629-4A86-87E3-1D3F8BD53807}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{5DCFED8E-3E8C-48B4-92A1-C2372C356766}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6365AA4B-B0FE-4141-8053-78EDEC010EB0}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{63CBA916-D8DB-43AF-B2BB-9E2694C7D938}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{64D1C5C7-5A42-4250-8544-69CF0A8DE44E}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{688AB139-E5D7-4C9C-A14C-5CDDEE7823B4}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect 2\binaries\masseffect2.exe |
"{6AEE5D01-7A4B-4EE9-BC8D-9F182A417C08}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield 2142 deluxe edition\bf2142.exe |
"{6B75DA70-BFFB-4484-8E47-8FC7B757CAA0}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe |
"{7502B38A-362D-4890-A908-C01B0B910FAE}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{766E9C13-F7EE-47F1-9265-70C7BE1CBF03}" = protocol=17 | dir=in | app=c:\program files\black prophecy\bin\win32\launcher.exe |
"{780CBED6-7F00-4046-B95B-3CD70D136912}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{79FF42FA-1A14-4199-95F3-0630E89307CA}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{7D90C756-AD4F-48AF-8041-D307A429B679}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7EA656D2-EF5B-4997-9DCE-B214327CB259}" = protocol=17 | dir=in | app=c:\program files (x86)\wlite\wservice.exe |
"{818BFE81-C713-412B-850A-7F87D4A71098}" = protocol=17 | dir=in | app=c:\program files (x86)\wlite\wlite.exe |
"{836002E2-AC2D-4313-9392-A8D67ADE0D90}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{84216EFF-24A6-403C-BC04-255CBB09883C}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{857C2B5E-9B69-4E11-AF61-93068F0B87CC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{86EF046E-1D67-4A7E-980C-3CF20834F5A3}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe |
"{8D69A237-01B4-410A-9C5B-81F8C730AD19}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9020608F-195A-4BEC-B1B2-ABF5C552CBF1}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\farmingsimulator2011.exe |
"{9AC107D1-007F-4DC1-B514-9B24B43B205C}" = protocol=6 | dir=in | app=c:\program files\black prophecy\bin\win32\patcher.exe |
"{9B1FB592-72F3-450A-B44C-36A560FEFDD1}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect 2\binaries\masseffect2.exe |
"{9DC4E4E0-E3F3-48C9-83CD-341EBF9A0E2F}" = protocol=6 | dir=in | app=c:\program files (x86)\wlite\wservice.exe |
"{9E6CAA7C-0E88-4E52-9D9F-3A84B88357FC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A3CA3AEC-3370-4A2F-A4F6-50133C3BAD0E}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{A8B5D872-F1AF-4A56-B461-7893C7BDB029}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{AD2A7EB5-238C-40EC-A074-6DE9CC735335}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe |
"{B7F159DC-6F60-4AE3-8CF9-9EAA0EE25EDC}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield 2142 deluxe edition\bf2142.exe |
"{BE98679A-B4C3-4556-AB88-1960BB45B90A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C2649CFB-2134-4EE4-9AD0-C62EB18B3E68}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{C434466D-B970-4B50-9741-E5A0420027D9}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield 2142 deluxe edition\bf2142.exe |
"{CCDD5AB1-A906-47BE-AB05-DA9317362CDE}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D22574AD-4EEF-4D21-9181-83ED7C9E511C}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{D238C799-4096-4C9F-9177-79785147EF9D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D43C466C-4EDD-487F-BE67-AE1946612887}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D576B086-C1D6-44FB-8F58-D5CA17B78ADE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E51CD941-3701-43FE-A4D8-364F894FC5C0}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\game.exe |
"{EACE18DC-F5CC-4187-90EE-2FF3B25BC9F4}" = protocol=6 | dir=in | app=c:\program files\black prophecy\bin\win32\launcher.exe |
"{EAFFEB5E-54AD-4813-B546-03E15EA4EC41}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F3088427-862F-44E1-9D8B-E17AF2E9C3B5}" = protocol=17 | dir=in | app=c:\program files\black prophecy\bin\win32\patcher.exe |
"{F836C76D-A86A-4BCE-8FC8-75F47C9CB353}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{FAAA7B58-5018-40A0-8B01-64BC02FBF87E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{FC2A8638-3970-4FE0-B9DC-17A9F1865099}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"TCP Query User{0DAD10FE-98F8-4FCD-9E8F-9C49CB899C64}C:\program files (x86)\air mouse\air mouse\air mouse.exe" = protocol=6 | dir=in | app=c:\program files (x86)\air mouse\air mouse\air mouse.exe |
"TCP Query User{13DCE341-1DE7-4CAC-B84F-2DA47FB8A39D}C:\users\public\games\cryptic studios\star trek online\live\gameclient.exe" = protocol=6 | dir=in | app=c:\users\public\games\cryptic studios\star trek online\live\gameclient.exe |
"TCP Query User{2164D2EA-054B-43D2-B0A8-1FCFAEEDF64D}C:\program files (x86)\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"TCP Query User{40B02BA3-8BE6-4E4B-ABF2-D13284C53255}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{4C474A2B-B127-419C-9157-E5791EFDDF52}C:\users\ted2011\downloads\wow-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\ted2011\downloads\wow-dede-installer-downloader.exe |
"TCP Query User{5344D5EB-8783-4E61-9C8D-B3D1ECFC3759}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{5787AE41-93D6-4A00-B069-4DD860976209}C:\windows\syswow64\ipcamera.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\ipcamera.exe |
"TCP Query User{578CE39D-FFF4-4A69-926E-EA36054D041D}C:\program files (x86)\air mouse\air mouse\mobile mouse service.exe" = protocol=6 | dir=in | app=c:\program files (x86)\air mouse\air mouse\mobile mouse service.exe |
"TCP Query User{5A8D6A4F-5468-4E92-8CDA-004BA4E7B836}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"TCP Query User{64489637-AB72-46F5-8668-60C785A3D4BF}C:\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\totalcmd\totalcmd.exe |
"TCP Query User{66CA4B9A-9C67-40C0-A398-0530DCAF9762}C:\program files (x86)\air mouse\air mouse\mobile mouse service.exe" = protocol=6 | dir=in | app=c:\program files (x86)\air mouse\air mouse\mobile mouse service.exe |
"TCP Query User{6D7001AB-F296-4B41-BFE1-F9084B842100}C:\program files (x86)\air mouse\air mouse\air mouse.exe" = protocol=6 | dir=in | app=c:\program files (x86)\air mouse\air mouse\air mouse.exe |
"TCP Query User{A5BA70F7-90CE-4826-9A65-C2F4CF49254A}C:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.game" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.game |
"TCP Query User{AC2163E3-F5DB-47F3-AE97-2B604E75BC06}C:\windows\syswow64\ipcamera.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\ipcamera.exe |
"TCP Query User{BDE4C037-7620-4960-B216-A911990F4A5C}J:\michel-sps\0s-skypeportable\app\skype\phone\skype.exe" = protocol=6 | dir=in | app=j:\michel-sps\0s-skypeportable\app\skype\phone\skype.exe |
"TCP Query User{D174AC11-2DE8-464C-8D14-F409EB5F2E1E}C:\program files (x86)\icq7.0\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"TCP Query User{DED79A7B-B99B-41E5-8CBF-F6E9DEA36193}C:\program files (x86)\microsoft games\freelancer\exe\freelancer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\freelancer\exe\freelancer.exe |
"TCP Query User{E452FE19-2E1A-4FDD-BDBC-2210E4EC712C}C:\users\public\games\cryptic studios\star trek online\live\gameclient.exe" = protocol=6 | dir=in | app=c:\users\public\games\cryptic studios\star trek online\live\gameclient.exe |
"TCP Query User{E5BED7F8-EA9A-4F13-B9E7-13DB9556E67D}C:\farmhelper\fvbot.exe" = protocol=6 | dir=in | app=c:\farmhelper\fvbot.exe |
"TCP Query User{F44B6F1F-2619-4E94-8AFB-AE0ECE009C34}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{13538CEA-8EC2-4148-9A5B-89B813A4CABD}C:\program files (x86)\air mouse\air mouse\air mouse.exe" = protocol=17 | dir=in | app=c:\program files (x86)\air mouse\air mouse\air mouse.exe |
"UDP Query User{1428F033-B458-42D2-99C5-E627E45DAA1F}J:\michel-sps\0s-skypeportable\app\skype\phone\skype.exe" = protocol=17 | dir=in | app=j:\michel-sps\0s-skypeportable\app\skype\phone\skype.exe |
"UDP Query User{1432A0F5-7B73-4D8F-9326-7D27CD0EB615}C:\program files (x86)\air mouse\air mouse\air mouse.exe" = protocol=17 | dir=in | app=c:\program files (x86)\air mouse\air mouse\air mouse.exe |
"UDP Query User{21E81EF5-417F-444C-A4BA-626430CE896C}C:\program files (x86)\icq7.0\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"UDP Query User{39061AB3-6012-450F-B058-ECB2D41A9845}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{4FDDCEB9-E049-41CF-8E84-2C6E53B05049}C:\program files (x86)\microsoft games\freelancer\exe\freelancer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\freelancer\exe\freelancer.exe |
"UDP Query User{55CA909B-9D85-4B09-99D2-FC9D38201030}C:\users\public\games\cryptic studios\star trek online\live\gameclient.exe" = protocol=17 | dir=in | app=c:\users\public\games\cryptic studios\star trek online\live\gameclient.exe |
"UDP Query User{62D0AC08-7822-4A0C-A352-632633F5A6EA}C:\program files (x86)\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"UDP Query User{657AA368-6CE7-4BDA-B762-7B6789944409}C:\farmhelper\fvbot.exe" = protocol=17 | dir=in | app=c:\farmhelper\fvbot.exe |
"UDP Query User{65EC0795-FD6F-4A2B-BFE3-C99CDA69D976}C:\users\public\games\cryptic studios\star trek online\live\gameclient.exe" = protocol=17 | dir=in | app=c:\users\public\games\cryptic studios\star trek online\live\gameclient.exe |
"UDP Query User{6F78BDFE-C4E4-4D18-9C74-F95B3FA4AA10}C:\windows\syswow64\ipcamera.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\ipcamera.exe |
"UDP Query User{742EB0C1-800F-4523-935B-6EEC20DAFF15}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"UDP Query User{7C1AF122-F4C3-4F36-A273-AD809576215B}C:\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\totalcmd\totalcmd.exe |
"UDP Query User{84BC520F-0AC2-41C7-8071-44A0C64ADF5E}C:\windows\syswow64\ipcamera.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\ipcamera.exe |
"UDP Query User{C6A421D2-F923-47AD-B944-05B5D7EB15BB}C:\program files (x86)\air mouse\air mouse\mobile mouse service.exe" = protocol=17 | dir=in | app=c:\program files (x86)\air mouse\air mouse\mobile mouse service.exe |
"UDP Query User{C736FB10-6BED-4CEC-9949-C2DDDF312D51}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{C8702D7B-8B2F-482D-8FD9-C9F2B2F6A9CB}C:\users\ted2011\downloads\wow-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\ted2011\downloads\wow-dede-installer-downloader.exe |
"UDP Query User{D43A73A0-5E33-49B3-8558-3B026A31A90C}C:\program files (x86)\air mouse\air mouse\mobile mouse service.exe" = protocol=17 | dir=in | app=c:\program files (x86)\air mouse\air mouse\mobile mouse service.exe |
"UDP Query User{E32458BE-701B-4B49-8944-477FFEC4FA0E}C:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.game" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.game |
"UDP Query User{E35D2DBA-F69C-440A-9B4D-B3D8709EF863}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0BD776F3-057D-4C11-020C-4FA9B13D04F9}" = AMD Catalyst Install Manager
"{0DA20600-6130-443B-9D4B-F30520315FA6}" = Bonjour-Druckdienste
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F0A36649-873E-4832-A5F1-BF5DF8600BDB}" = Windows Live Family Safety
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"EPSON Stylus SX200 Series" = Druckerdeinstallation für EPSON Stylus SX200 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"OfficeTrial" = Testversion von Microsoft Office Home and Student 2007
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0A64756B-89CD-4C79-BD2A-AD0CA1B322DE}" = Weight Loss Oracle
"{0C171CF9-E6CB-427F-B1E8-55637C603586}_is1" = FarmHelper
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0FBCF6E4-1F1A-4729-940F-A354CC84A770}" = Mobile Mouse Server
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{18472E28-FCA0-421F-BDAC-AC65012E29F2}" = ArcSoft MediaImpression
"{1A2606DD-5E86-4ADA-954B-D98012A174E0}" = ocxinstall
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2AE2EFF4-A14B-42AB-B364-F04DB651180F}" = Z Engine
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3D6A24EA-A543-6C84-351E-D7646E7AB86E}" = Catalyst Control Center InstallProxy
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{495A8A3C-8FD0-4C46-9979-95C26181A1AB}" = HP Support Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{55A9EAFE-D20C-4DCA-8BE1-3C71AEE92BCF}" = BotCLLSetup
"{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58D7E559-CE30-452A-A1B0-362454CAE5A6}" = LOADSTREET Easy Tools für Win 7
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6F96D81F-92C9-456F-9F32-65471323A9ED}" = DedicatedServer
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{77532A3D-454A-48EA-BA8D-57892361E47C}" = BotCLLSetup
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{795288DC-2652-44A5-99FD-2ECDF3C633BF}" = SweetIM for Messenger 3.3
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 2.9.1
"{82696435-8572-4D8B-A230-D1AA567D0F0F}" = Command & Conquer™ 4 Tiberian Twilight
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8463E56B-A986-4ACB-AD13-DDFC950BED2C}" = Gewichtslogger
"{852019C5-8AF7-4ECF-BB25-79AE53FBD245}_is1" = Strassenbau Simulator 1.2.16
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{944B9BCC-0499-47E0-A1D7-941DC2732612}" = korAccount 3
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{aa61503e-7e94-4ed1-9daf-1b1b60d75f2e}" = Nero 9 Lite
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C01AE05C-3C8C-75B3-C9F0-1B525DD3697C}" = Catalyst Control Center InstallProxy
"{C3DF1C57-780A-DB9C-F30A-68EB45526761}" = Catalyst Control Center InstallProxy
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E7391464-6939-413C-B427-32F33FE13484}" = GameSpy Comrade
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}" = Battlefield 2142 Deluxe Edition
"{ED704A92-B0BB-4969-AE50-727B0A856DEB}_is1" = Sonderfahrzeug-Simulator 2012 Version 1.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7efeb9935159a92ad4e101276c2a02bb" = Delicious - Emily's Childhood Memories Premium Edition
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BabylonToolbar" = Babylon toolbar
"Black Prophecy_is1" = Black Prophecy
"Cheat Engine 6.0_is1" = Cheat Engine 6.0
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Setup.divx.com" = DivX-Setup
"EA Download Manager" = EA Download Manager
"Easy Macro Recorder_is1" = Easy Macro Recorder 3.82
"EasyBits Magic Desktop" = Magic Desktop
"ElsterFormular 11.2.0.4074" = ElsterFormular
"eMule" = eMule
"EPSON Scanner" = EPSON Scan
"FarmingSimulator2011_PLATINUMDE_is1" = Landwirtschafts Simulator 2011
"Freelancer 1.0" = Freelancer
"GiftBox+" = GiftBox+
"HP Remote Solution" = HP Remote Solution
"ImgBurn" = ImgBurn
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"InstallWIX_{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"IP Camera" = IP Camera
"IrfanView" = IrfanView (remove only)
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"MSC" = McAfee Internet Security Suite
"Origin" = Origin
"PDF Blender" = PDF Blender
"PriceGong" = PriceGong 2.1.0
"Scribus 1.3.8" = Scribus 1.3.8
"sniper_de_is1" = Sniper - Art of Victory
"Sniper2005_is1" = Sniper v. 2.33
"Star Trek Online" = Star Trek Online
"Starpoint Gemini1.010 DE" = Starpoint Gemini
"Totalcmd" = Total Commander (Remove or Repair)
"UseNeXT_is1" = UseNeXT
"VLC media player" = VLC media player 0.9.9
"Vuze_Remote Toolbar" = Vuze_Remote Toolbar
"WEB.DE Club SmartFax" = WEB.DE Club SmartFax
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"Woodcutter Simulator" = Woodcutter Simulator
"X3TerranConflict_is1" = X3 Terran Conflict v3.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2286582126-1764155742-3075240171-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Bejeweled 3 Deluxe" = Bejeweled 3 Deluxe
"Big City Adventure - New York City Deluxe" = Big City Adventure - New York City Deluxe
"Cake Mania Main Street Deluxe" = Cake Mania Main Street Deluxe
"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 18.03.2012 19:07:40 | Computer Name = Carolin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 18.03.2012 19:08:38 | Computer Name = Carolin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 18.03.2012 19:08:38 | Computer Name = Carolin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 19.03.2012 19:07:35 | Computer Name = Carolin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 19.03.2012 19:31:35 | Computer Name = Carolin-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 19.03.2012 19:32:53 | Computer Name = Carolin-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 20.03.2012 19:07:39 | Computer Name = Carolin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 20.03.2012 19:09:11 | Computer Name = Carolin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 21.03.2012 04:16:10 | Computer Name = Carolin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 21.03.2012 04:16:42 | Computer Name = Carolin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 21.03.2012 04:16:42 | Computer Name = Carolin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 21.03.2012 04:35:49 | Computer Name = Carolin-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 21.03.2012 04:37:33 | Computer Name = Carolin-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
[ Hewlett-Packard Events ]
Error - 26.03.2010 11:00:23 | Computer Name = Carolin-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib bei System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)
bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) bei System.IO.StreamReader..ctor(String path, Encoding encoding)
bei System.IO.File.ReadAllText(String path, Encoding encoding) bei n.a(Object
A_0, EventArgs A_1)
Error - 26.03.2010 11:00:24 | Computer Name = Carolin-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib bei System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)
bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) bei System.IO.StreamReader..ctor(String path, Encoding encoding)
bei System.IO.File.ReadAllText(String path, Encoding encoding) bei n.a(Object
A_0, EventArgs A_1)
Error - 18.04.2012 05:10:55 | Computer Name = Carolin-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib bei System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)
bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) bei System.IO.StreamReader..ctor(String path, Encoding encoding)
bei System.IO.File.ReadAllText(String path, Encoding encoding) bei n.a(Object
A_0, EventArgs A_1)
[ System Events ]
Error - 30.05.2013 08:25:57 | Computer Name = Carolin-Rechner | Source = Service Control Manager | ID = 7001
Description = Der Dienst "McAfee Firewall Core Service" ist vom Dienst "McAfee Validation
Trust Protection Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%1068
Error - 30.05.2013 08:25:57 | Computer Name = Carolin-Rechner | Source = Service Control Manager | ID = 7001
Description = Der Dienst "McAfee Anti-Spam Service" ist vom Dienst "McAfee Firewall
Core Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 30.05.2013 08:25:57 | Computer Name = Carolin-Rechner | Source = Service Control Manager | ID = 7001
Description = Der Dienst "McAfee Proxy Service" ist vom Dienst "McAfee Firewall
Core Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 30.05.2013 08:25:57 | Computer Name = Carolin-Rechner | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD DfsC discache mfehidk NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx vwififlt Wanarpv6
WfpLwf
Error - 30.05.2013 08:27:59 | Computer Name = Carolin-Rechner | Source = DCOM | ID = 10005
Description =
Error - 30.05.2013 08:27:59 | Computer Name = Carolin-Rechner | Source = DCOM | ID = 10005
Description =
Error - 30.05.2013 08:28:00 | Computer Name = Carolin-Rechner | Source = DCOM | ID = 10005
Description =
Error - 30.05.2013 08:27:59 | Computer Name = Carolin-Rechner | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 30.05.2013 08:29:59 | Computer Name = Carolin-Rechner | Source = DCOM | ID = 10005
Description =
Error - 30.05.2013 08:30:40 | Computer Name = Carolin-Rechner | Source = DCOM | ID = 10005
Description =
< End of report >
|
|
30.05.2013, 13:57
| #2 |
| /// Malware-holic   | gvu trojaner Hi,
__________________man sollte beim Zeitvertreib auf Pornoseiten verzichten, und auf illegale Streams wie Kinox.to, alles malware schläudern. otl fix Fixen mit OTL
Code:
ATTFilter :OTL
O20 - HKU\S-1-5-21-2286582126-1764155742-3075240171-1004 Winlogon: Shell - (C:\Users\Ted2011\AppData\Roaming\AltShell.dat) - C:\Users\Ted2011\AppData\Roaming\AltShell.dat
()
[2013.05.30 11:44:52 | 000,000,004 | ---- | M] () -- C:\Users\Ted2011\AppData\Roaming\AltShell.ini
:files
:Commands
[emptytemp]
starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
b
__________________ |
|
30.05.2013, 14:26
| #3 |
| | gvu trojaner upload hat geklappt
__________________ja mann sollte so manche Sachen nicht machen  Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2286582126-1764155742-3075240171-1004\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Ted2011\AppData\Roaming\AltShell.dat deleted successfully.
C:\Users\Ted2011\AppData\Roaming\AltShell.dat moved successfully.
C:\Users\Ted2011\AppData\Roaming\AltShell.ini moved successfully.
========== FILES ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: AppData
User: Carolin
->Temp folder emptied: 480622716 bytes
->Temporary Internet Files folder emptied: 368483869 bytes
->Java cache emptied: 18617 bytes
->FireFox cache emptied: 564784680 bytes
->Google Chrome cache emptied: 402559371 bytes
->Flash cache emptied: 280336 bytes
User: Chris I Pad1
->Temp folder emptied: 145605 bytes
->Temporary Internet Files folder emptied: 912851 bytes
->Flash cache emptied: 41620 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Gast
->Temp folder emptied: 2907401 bytes
->Temporary Internet Files folder emptied: 1229496 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 42259 bytes
User: Public
User: Ted2011
->Temp folder emptied: 160401914 bytes
->Temporary Internet Files folder emptied: 387504378 bytes
->Java cache emptied: 7113701 bytes
->FireFox cache emptied: 61525090 bytes
->Google Chrome cache emptied: 285853782 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 81766 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 155648 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 456420627 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 43742113 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 3.076,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 05302013_150711
Files\Folders moved on Reboot...
File\Folder C:\Users\Carolin\AppData\Local\Temp\[Torrentreactor.to] - Eclipse Biss Zum Abendrot TELESYNC XviD-iLG.torrent not found!
File\Folder C:\Users\Carolin\AppData\Local\Temp\[Torrentreactor.to] - Twilight Saga Eclipse Biss zum abendrot TELESYNC German XviD-CiNEJUNKiEZ.torrent not found!
C:\Users\Ted2011\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
30.05.2013, 14:28
| #4 |
| /// Malware-holic | gvu trojaner Zumal das ansehen zb, von Kinofilmen die offensichtlich nicht legal dort gelandet sein können im schlimmsten Falle teuer für euch werden können. Und die Leute stellen euch das nicht rein, weil das gute Menschen sind, die verdienen damit richtig Geld, und da ists halt auch warscheinlich kein weiter Weg um mit den schadware Autoren noch weiter die leute auszuplündern, durch erpressersoftware, oder plündern von bankkonten, Datendiebstahl etc. wer dann nich mal einfachste Regeln einhält, wie Software aktuell zu halten, muss sich nicht wundern. Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
30.05.2013, 14:38
| #5 |
| | gvu trojaner naja mit der seite hatte ich bis heute keine probs ich schau da immer meine anemis... naja jetzt halt nicht mehr ..... Code:
ATTFilter 15:30:50.0508 4316 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:30:51.0397 4316 ============================================================
15:30:51.0397 4316 Current date / time: 2013/05/30 15:30:51.0397
15:30:51.0397 4316 SystemInfo:
15:30:51.0397 4316
15:30:51.0397 4316 OS Version: 6.1.7601 ServicePack: 1.0
15:30:51.0397 4316 Product type: Workstation
15:30:51.0397 4316 ComputerName: CAROLIN-RECHNER
15:30:51.0397 4316 UserName: Ted2011
15:30:51.0397 4316 Windows directory: C:\Windows
15:30:51.0397 4316 System windows directory: C:\Windows
15:30:51.0397 4316 Running under WOW64
15:30:51.0397 4316 Processor architecture: Intel x64
15:30:51.0397 4316 Number of processors: 4
15:30:51.0397 4316 Page size: 0x1000
15:30:51.0397 4316 Boot type: Normal boot
15:30:51.0397 4316 ============================================================
15:30:51.0959 4316 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:30:51.0975 4316 Drive \Device\Harddisk1\DR1 - Size: 0x1D11B0000 (7.27 Gb), SectorSize: 0x200, Cylinders: 0x3B4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:30:51.0975 4316 ============================================================
15:30:51.0975 4316 \Device\Harddisk0\DR0:
15:30:51.0975 4316 MBR partitions:
15:30:51.0975 4316 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:30:51.0975 4316 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72CC9800
15:30:51.0975 4316 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x72CFC000, BlocksNum 0x1A0A000
15:30:51.0975 4316 \Device\Harddisk1\DR1:
15:30:51.0975 4316 MBR partitions:
15:30:51.0975 4316 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0xE86E00
15:30:51.0975 4316 ============================================================
15:30:52.0021 4316 C: <-> \Device\Harddisk0\DR0\Partition2
15:30:52.0068 4316 D: <-> \Device\Harddisk0\DR0\Partition3
15:30:52.0068 4316 ============================================================
15:30:52.0068 4316 Initialize success
15:30:52.0068 4316 ============================================================
15:31:43.0252 3044 ============================================================
15:31:43.0252 3044 Scan started
15:31:43.0252 3044 Mode: Manual; SigCheck; TDLFS;
15:31:43.0252 3044 ============================================================
15:31:43.0595 3044 ================ Scan system memory ========================
15:31:43.0595 3044 System memory - ok
15:31:43.0595 3044 ================ Scan services =============================
15:31:43.0845 3044 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:31:44.0016 3044 1394ohci - ok
15:31:44.0125 3044 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
15:31:44.0219 3044 ACDaemon - ok
15:31:44.0266 3044 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:31:44.0297 3044 ACPI - ok
15:31:44.0359 3044 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:31:44.0500 3044 AcpiPmi - ok
15:31:44.0749 3044 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:31:44.0827 3044 AdobeFlashPlayerUpdateSvc - ok
15:31:44.0890 3044 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
15:31:44.0905 3044 adp94xx - ok
15:31:44.0999 3044 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
15:31:45.0046 3044 adpahci - ok
15:31:45.0077 3044 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
15:31:45.0093 3044 adpu320 - ok
15:31:45.0124 3044 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:31:45.0233 3044 AeLookupSvc - ok
15:31:45.0295 3044 [ 6CCD1135320109D6B219F1A6E04AD9F6 ] Afc C:\Windows\syswow64\drivers\Afc.sys
15:31:45.0358 3044 Afc - ok
15:31:45.0405 3044 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
15:31:45.0529 3044 AFD - ok
15:31:45.0561 3044 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:31:45.0576 3044 agp440 - ok
15:31:45.0592 3044 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:31:45.0639 3044 ALG - ok
15:31:45.0670 3044 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
15:31:45.0670 3044 aliide - ok
15:31:45.0717 3044 [ B3E801135E0C81733542C14D9AA8120A ] Alpham1 C:\Windows\system32\DRIVERS\Alpham164.sys
15:31:45.0841 3044 Alpham1 - ok
15:31:45.0873 3044 [ 6493983FEDBC49D9112703ECE9B251FE ] Alpham2 C:\Windows\system32\DRIVERS\Alpham264.sys
15:31:45.0951 3044 Alpham2 - ok
15:31:45.0982 3044 [ 5EC60409BD50953BD4F892B18840039E ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:31:46.0075 3044 AMD External Events Utility - ok
15:31:46.0091 3044 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
15:31:46.0107 3044 amdide - ok
15:31:46.0122 3044 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
15:31:46.0185 3044 AmdK8 - ok
15:31:46.0372 3044 [ 322E5C178990F116F00E3D923F4E6B1C ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
15:31:46.0575 3044 amdkmdag - ok
15:31:46.0590 3044 [ 961A81A84FDD700E361E8294528A37BA ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
15:31:46.0699 3044 amdkmdap - ok
15:31:46.0731 3044 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:31:46.0762 3044 AmdPPM - ok
15:31:46.0809 3044 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:31:46.0902 3044 amdsata - ok
15:31:46.0918 3044 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
15:31:46.0949 3044 amdsbs - ok
15:31:46.0965 3044 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:31:47.0043 3044 amdxata - ok
15:31:47.0089 3044 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
15:31:47.0230 3044 AppID - ok
15:31:47.0261 3044 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:31:47.0308 3044 AppIDSvc - ok
15:31:47.0355 3044 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
15:31:47.0479 3044 Appinfo - ok
15:31:47.0604 3044 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:31:47.0682 3044 Apple Mobile Device - ok
15:31:47.0713 3044 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
15:31:47.0729 3044 arc - ok
15:31:47.0729 3044 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
15:31:47.0745 3044 arcsas - ok
15:31:47.0901 3044 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:31:47.0994 3044 aspnet_state - ok
15:31:48.0041 3044 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:31:48.0119 3044 AsyncMac - ok
15:31:48.0181 3044 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
15:31:48.0181 3044 atapi - ok
15:31:48.0228 3044 [ D481083348138B4933ACFE95812DB71C ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
15:31:48.0291 3044 AtiHdmiService - ok
15:31:48.0462 3044 [ 322E5C178990F116F00E3D923F4E6B1C ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
15:31:48.0587 3044 atikmdag - ok
15:31:48.0650 3044 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:31:48.0743 3044 AudioEndpointBuilder - ok
15:31:48.0743 3044 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:31:48.0790 3044 AudioSrv - ok
15:31:48.0852 3044 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:31:48.0946 3044 AxInstSV - ok
15:31:48.0977 3044 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
15:31:49.0024 3044 b06bdrv - ok
15:31:49.0071 3044 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:31:49.0133 3044 b57nd60a - ok
15:31:49.0227 3044 [ 01A24B415926BB5F772DBE12459D97DE ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
15:31:49.0289 3044 BBSvc - ok
15:31:49.0352 3044 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
15:31:49.0414 3044 BBUpdate - ok
15:31:49.0461 3044 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:31:49.0492 3044 BDESVC - ok
15:31:49.0523 3044 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:31:49.0586 3044 Beep - ok
15:31:49.0679 3044 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
15:31:49.0773 3044 BFE - ok
15:31:49.0820 3044 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
15:31:49.0991 3044 BITS - ok
15:31:50.0007 3044 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:31:50.0038 3044 blbdrive - ok
15:31:50.0163 3044 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:31:50.0210 3044 Bonjour Service - ok
15:31:50.0256 3044 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:31:50.0350 3044 bowser - ok
15:31:50.0366 3044 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:31:50.0428 3044 BrFiltLo - ok
15:31:50.0459 3044 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:31:50.0490 3044 BrFiltUp - ok
15:31:50.0522 3044 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
15:31:50.0615 3044 Browser - ok
15:31:50.0646 3044 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:31:50.0693 3044 Brserid - ok
15:31:50.0709 3044 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:31:50.0740 3044 BrSerWdm - ok
15:31:50.0756 3044 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:31:50.0787 3044 BrUsbMdm - ok
15:31:50.0802 3044 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:31:50.0818 3044 BrUsbSer - ok
15:31:50.0834 3044 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
15:31:50.0880 3044 BTHMODEM - ok
15:31:50.0912 3044 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:31:50.0974 3044 bthserv - ok
15:31:51.0021 3044 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:31:51.0099 3044 cdfs - ok
15:31:51.0146 3044 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
15:31:51.0239 3044 cdrom - ok
15:31:51.0302 3044 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
15:31:51.0395 3044 CertPropSvc - ok
15:31:51.0442 3044 [ D2B3252AD4EB499C935A56467997AA3C ] cfwids C:\Windows\system32\drivers\cfwids.sys
15:31:51.0504 3044 cfwids - ok
15:31:51.0520 3044 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
15:31:51.0567 3044 circlass - ok
15:31:51.0582 3044 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:31:51.0598 3044 CLFS - ok
15:31:51.0660 3044 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:31:51.0676 3044 clr_optimization_v2.0.50727_32 - ok
15:31:51.0723 3044 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:31:51.0738 3044 clr_optimization_v2.0.50727_64 - ok
15:31:51.0832 3044 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:31:51.0941 3044 clr_optimization_v4.0.30319_32 - ok
15:31:52.0004 3044 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:31:52.0066 3044 clr_optimization_v4.0.30319_64 - ok
15:31:52.0097 3044 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:31:52.0113 3044 CmBatt - ok
15:31:52.0160 3044 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:31:52.0175 3044 cmdide - ok
15:31:52.0206 3044 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
15:31:52.0269 3044 CNG - ok
15:31:52.0284 3044 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:31:52.0300 3044 Compbatt - ok
15:31:52.0347 3044 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
15:31:52.0440 3044 CompositeBus - ok
15:31:52.0456 3044 COMSysApp - ok
15:31:52.0487 3044 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
15:31:52.0487 3044 crcdisk - ok
15:31:52.0550 3044 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:31:52.0659 3044 CryptSvc - ok
15:31:52.0721 3044 [ 1CA90212A99DB6975C344826D11055C9 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
15:31:52.0768 3044 dc3d - ok
15:31:52.0815 3044 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:31:52.0893 3044 DcomLaunch - ok
15:31:52.0924 3044 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:31:52.0986 3044 defragsvc - ok
15:31:53.0018 3044 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:31:53.0111 3044 DfsC - ok
15:31:53.0174 3044 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
15:31:53.0252 3044 Dhcp - ok
15:31:53.0283 3044 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:31:53.0314 3044 discache - ok
15:31:53.0345 3044 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
15:31:53.0361 3044 Disk - ok
15:31:53.0408 3044 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:31:53.0501 3044 Dnscache - ok
15:31:53.0564 3044 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:31:53.0673 3044 dot3svc - ok
15:31:53.0720 3044 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
15:31:53.0844 3044 DPS - ok
15:31:53.0891 3044 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:31:53.0907 3044 drmkaud - ok
15:31:53.0969 3044 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:31:54.0063 3044 DXGKrnl - ok
15:31:54.0078 3044 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:31:54.0125 3044 EapHost - ok
15:31:54.0188 3044 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
15:31:54.0297 3044 ebdrv - ok
15:31:54.0328 3044 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
15:31:54.0422 3044 EFS - ok
15:31:54.0500 3044 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:31:54.0593 3044 ehRecvr - ok
15:31:54.0624 3044 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:31:54.0671 3044 ehSched - ok
15:31:54.0702 3044 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
15:31:54.0734 3044 elxstor - ok
15:31:54.0843 3044 [ B5581646636759D0DAFA8B008881C079 ] EPSON_EB_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
15:31:54.0952 3044 EPSON_EB_RPCV4_01 - ok
15:31:54.0983 3044 [ 1E345F2A2D95DA3190596E691CDE9342 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
15:31:55.0077 3044 EPSON_PM_RPCV4_01 - ok
15:31:55.0124 3044 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:31:55.0139 3044 ErrDev - ok
15:31:55.0155 3044 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:31:55.0217 3044 EventSystem - ok
15:31:55.0248 3044 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:31:55.0295 3044 exfat - ok
15:31:55.0326 3044 ezSharedSvc - ok
15:31:55.0342 3044 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:31:55.0373 3044 fastfat - ok
15:31:55.0436 3044 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
15:31:55.0545 3044 Fax - ok
15:31:55.0560 3044 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:31:55.0592 3044 fdc - ok
15:31:55.0607 3044 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:31:55.0654 3044 fdPHost - ok
15:31:55.0701 3044 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:31:55.0748 3044 FDResPub - ok
15:31:55.0779 3044 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:31:55.0794 3044 FileInfo - ok
15:31:55.0810 3044 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:31:55.0872 3044 Filetrace - ok
15:31:55.0904 3044 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:31:55.0935 3044 flpydisk - ok
15:31:55.0982 3044 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:31:56.0028 3044 FltMgr - ok
15:31:56.0091 3044 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
15:31:56.0200 3044 FontCache - ok
15:31:56.0262 3044 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:31:56.0340 3044 FontCache3.0.0.0 - ok
15:31:56.0356 3044 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:31:56.0372 3044 FsDepends - ok
15:31:56.0450 3044 [ 53DAB1791917A72738539AD25C4EED7F ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
15:31:56.0528 3044 fssfltr - ok
15:31:56.0621 3044 [ 206AD9A89BF05DFA1621F1FC7B82592D ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
15:31:56.0699 3044 fsssvc - ok
15:31:56.0730 3044 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:31:56.0808 3044 Fs_Rec - ok
15:31:56.0855 3044 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:31:56.0902 3044 fvevol - ok
15:31:56.0918 3044 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
15:31:56.0933 3044 gagp30kx - ok
15:31:57.0027 3044 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
15:31:57.0120 3044 GamesAppService - ok
15:31:57.0167 3044 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:31:57.0245 3044 GEARAspiWDM - ok
15:31:57.0292 3044 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
15:31:57.0386 3044 gpsvc - ok
15:31:57.0432 3044 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:31:57.0495 3044 gupdate - ok
15:31:57.0542 3044 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:31:57.0557 3044 gupdatem - ok
15:31:57.0573 3044 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:31:57.0604 3044 hcw85cir - ok
15:31:57.0651 3044 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
15:31:57.0682 3044 HDAudBus - ok
15:31:57.0713 3044 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
15:31:57.0776 3044 HECIx64 - ok
15:31:57.0822 3044 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
15:31:57.0854 3044 HidBatt - ok
15:31:57.0869 3044 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
15:31:57.0885 3044 HidBth - ok
15:31:57.0932 3044 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
15:31:57.0963 3044 HidIr - ok
15:31:57.0994 3044 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
15:31:58.0072 3044 hidserv - ok
15:31:58.0119 3044 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:31:58.0166 3044 HidUsb - ok
15:31:58.0244 3044 [ A894FB2CAE6A29F5D9C8EDA47B074623 ] HipShieldK C:\Windows\system32\drivers\HipShieldK.sys
15:31:58.0322 3044 HipShieldK - ok
15:31:58.0353 3044 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:31:58.0415 3044 hkmsvc - ok
15:31:58.0462 3044 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:31:58.0571 3044 HomeGroupListener - ok
15:31:58.0587 3044 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:31:58.0618 3044 HomeGroupProvider - ok
15:31:58.0696 3044 [ C84BCC03858DAEAC4DB1E95EFCCE1934 ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
15:31:58.0774 3044 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
15:31:58.0774 3044 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
15:31:58.0821 3044 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
15:31:58.0946 3044 hpqwmiex - ok
15:31:58.0992 3044 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:31:59.0039 3044 HpSAMD - ok
15:31:59.0086 3044 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:31:59.0180 3044 HTTP - ok
15:31:59.0226 3044 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:31:59.0258 3044 hwpolicy - ok
15:31:59.0304 3044 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
15:31:59.0320 3044 i8042prt - ok
15:31:59.0351 3044 [ 631FA8935163B01FC0C02966CB3ADB92 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
15:31:59.0367 3044 iaStor - ok
15:31:59.0414 3044 [ 7493EA4DE41348F7D3EDBF9DB298F56A ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
15:31:59.0476 3044 IAStorDataMgrSvc - ok
15:31:59.0523 3044 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:31:59.0616 3044 iaStorV - ok
15:31:59.0679 3044 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
15:31:59.0726 3044 IDriverT ( UnsignedFile.Multi.Generic ) - warning
15:31:59.0726 3044 IDriverT - detected UnsignedFile.Multi.Generic (1)
15:31:59.0788 3044 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:31:59.0866 3044 idsvc - ok
15:31:59.0882 3044 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
15:31:59.0897 3044 iirsp - ok
15:31:59.0944 3044 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
15:32:00.0038 3044 IKEEXT - ok
15:32:00.0131 3044 [ 3C4B4EE54FEBB09F7E9F58776DE96DCA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:32:00.0256 3044 IntcAzAudAddService - ok
15:32:00.0287 3044 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
15:32:00.0303 3044 intelide - ok
15:32:00.0318 3044 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:32:00.0350 3044 intelppm - ok
15:32:00.0365 3044 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:32:00.0443 3044 IPBusEnum - ok
15:32:00.0474 3044 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:32:00.0615 3044 IpFilterDriver - ok
15:32:00.0662 3044 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:32:00.0740 3044 iphlpsvc - ok
15:32:00.0771 3044 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:32:00.0849 3044 IPMIDRV - ok
15:32:00.0880 3044 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:32:00.0942 3044 IPNAT - ok
15:32:01.0036 3044 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:32:01.0098 3044 iPod Service - ok
15:32:01.0145 3044 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:32:01.0208 3044 IRENUM - ok
15:32:01.0223 3044 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:32:01.0239 3044 isapnp - ok
15:32:01.0286 3044 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:32:01.0348 3044 iScsiPrt - ok
15:32:01.0410 3044 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:32:01.0426 3044 kbdclass - ok
15:32:01.0457 3044 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:32:01.0520 3044 kbdhid - ok
15:32:01.0551 3044 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
15:32:01.0551 3044 KeyIso - ok
15:32:01.0598 3044 [ 07071C1E3CD8F0F9114AAC8B072CA1E5 ] KMWDFILTER C:\Windows\system32\DRIVERS\KMWDFILTER.sys
15:32:01.0660 3044 KMWDFILTER - ok
15:32:01.0691 3044 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:32:01.0754 3044 KSecDD - ok
15:32:01.0800 3044 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:32:01.0847 3044 KSecPkg - ok
15:32:01.0956 3044 [ E47FFCA0909871AC1BFF0D446FF63CA9 ] KSS C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
15:32:02.0034 3044 KSS - ok
15:32:02.0050 3044 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:32:02.0112 3044 ksthunk - ok
15:32:02.0128 3044 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:32:02.0206 3044 KtmRm - ok
15:32:02.0237 3044 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
15:32:02.0315 3044 LanmanServer - ok
15:32:02.0346 3044 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:32:02.0424 3044 LanmanWorkstation - ok
15:32:02.0502 3044 [ 2238B91AC1A12CC6CC4C4FED41258B2A ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
15:32:02.0565 3044 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
15:32:02.0565 3044 LightScribeService - detected UnsignedFile.Multi.Generic (1)
15:32:02.0580 3044 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:32:02.0643 3044 lltdio - ok
15:32:02.0705 3044 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:32:02.0768 3044 lltdsvc - ok
15:32:02.0799 3044 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:32:02.0861 3044 lmhosts - ok
15:32:02.0892 3044 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
15:32:02.0908 3044 LSI_FC - ok
15:32:02.0939 3044 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
15:32:02.0955 3044 LSI_SAS - ok
15:32:02.0955 3044 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:32:02.0970 3044 LSI_SAS2 - ok
15:32:02.0986 3044 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:32:03.0002 3044 LSI_SCSI - ok
15:32:03.0017 3044 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:32:03.0080 3044 luafv - ok
15:32:03.0173 3044 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:32:03.0173 3044 McMPFSvc - ok
15:32:03.0204 3044 [ F928E5E72BBA15DD0CE9A26E0413D236 ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:32:03.0204 3044 mcmscsvc - ok
15:32:03.0220 3044 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:32:03.0220 3044 McNaiAnn - ok
15:32:03.0236 3044 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:32:03.0251 3044 McNASvc - ok
15:32:03.0360 3044 [ 5D57D4B57CCC07450F97C4E929D0483F ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
15:32:03.0376 3044 McODS - ok
15:32:03.0376 3044 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:32:03.0392 3044 McProxy - ok
15:32:03.0454 3044 [ 21F81090A00932C5E96700EDF2977582 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
15:32:03.0532 3044 McShield - ok
15:32:03.0563 3044 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:32:03.0641 3044 Mcx2Svc - ok
15:32:03.0657 3044 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
15:32:03.0672 3044 megasas - ok
15:32:03.0688 3044 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
15:32:03.0719 3044 MegaSR - ok
15:32:03.0766 3044 [ B1720E97FABBDF7D30B36DAF19C3DEE8 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
15:32:03.0813 3044 mfeapfk - ok
15:32:03.0844 3044 [ 113F1534B80D65DFDCA660F19967A3B7 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
15:32:03.0906 3044 mfeavfk - ok
15:32:03.0922 3044 mfeavfk01 - ok
15:32:03.0953 3044 [ C4F521310E40327BBC8E8E71DA344F48 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
15:32:04.0016 3044 mfefire - ok
15:32:04.0031 3044 [ CECC9841D036EE008091825272D91331 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
15:32:04.0109 3044 mfefirek - ok
15:32:04.0156 3044 [ EF0F85EDBDF6C0AB467E88E0CEE2B346 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
15:32:04.0218 3044 mfehidk - ok
15:32:04.0234 3044 [ 6E3A46BF6CBB80450CC24F80FE03ED5A ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
15:32:04.0281 3044 mferkdet - ok
15:32:04.0312 3044 [ 341BFCAA3A55C08E8C9ECB1654ACA905 ] mfevtp C:\Windows\system32\mfevtps.exe
15:32:04.0374 3044 mfevtp - ok
15:32:04.0390 3044 [ 2802D09F1B6ED502237539563F3C4992 ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
15:32:04.0452 3044 mfewfpk - ok
15:32:04.0468 3044 [ E805A347AB28AD569C5CED370A966D80 ] MHIKEY10 C:\Windows\system32\Drivers\MHIKEY10x64.sys
15:32:04.0562 3044 MHIKEY10 - ok
15:32:04.0593 3044 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:32:04.0655 3044 MMCSS - ok
15:32:04.0702 3044 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:32:04.0749 3044 Modem - ok
15:32:04.0796 3044 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:32:04.0827 3044 monitor - ok
15:32:04.0874 3044 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:32:04.0889 3044 mouclass - ok
15:32:04.0905 3044 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:32:04.0952 3044 mouhid - ok
15:32:04.0998 3044 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:32:05.0076 3044 mountmgr - ok
15:32:05.0092 3044 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
15:32:05.0170 3044 mpio - ok
15:32:05.0186 3044 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:32:05.0264 3044 mpsdrv - ok
15:32:05.0310 3044 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:32:05.0420 3044 MpsSvc - ok
15:32:05.0451 3044 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:32:05.0544 3044 MRxDAV - ok
15:32:05.0591 3044 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:32:05.0716 3044 mrxsmb - ok
15:32:05.0747 3044 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:32:05.0825 3044 mrxsmb10 - ok
15:32:05.0841 3044 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:32:05.0934 3044 mrxsmb20 - ok
15:32:05.0981 3044 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
15:32:06.0075 3044 msahci - ok
15:32:06.0106 3044 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:32:06.0184 3044 msdsm - ok
15:32:06.0200 3044 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:32:06.0231 3044 MSDTC - ok
15:32:06.0262 3044 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:32:06.0309 3044 Msfs - ok
15:32:06.0340 3044 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:32:06.0387 3044 mshidkmdf - ok
15:32:06.0434 3044 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:32:06.0449 3044 msisadrv - ok
15:32:06.0465 3044 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:32:06.0496 3044 MSiSCSI - ok
15:32:06.0512 3044 msiserver - ok
15:32:06.0527 3044 [ F928E5E72BBA15DD0CE9A26E0413D236 ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:32:06.0543 3044 MSK80Service - ok
15:32:06.0558 3044 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:32:06.0621 3044 MSKSSRV - ok
15:32:06.0636 3044 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:32:06.0699 3044 MSPCLOCK - ok
15:32:06.0714 3044 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:32:06.0761 3044 MSPQM - ok
15:32:06.0824 3044 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:32:06.0870 3044 MsRPC - ok
15:32:06.0917 3044 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
15:32:06.0917 3044 mssmbios - ok
15:32:06.0948 3044 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:32:07.0011 3044 MSTEE - ok
15:32:07.0058 3044 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
15:32:07.0089 3044 MTConfig - ok
15:32:07.0104 3044 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:32:07.0120 3044 Mup - ok
15:32:07.0167 3044 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
15:32:07.0229 3044 napagent - ok
15:32:07.0276 3044 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:32:07.0338 3044 NativeWifiP - ok
15:32:07.0432 3044 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:32:07.0463 3044 NDIS - ok
15:32:07.0479 3044 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:32:07.0526 3044 NdisCap - ok
15:32:07.0541 3044 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:32:07.0572 3044 NdisTapi - ok
15:32:07.0619 3044 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:32:07.0728 3044 Ndisuio - ok
15:32:07.0760 3044 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:32:07.0853 3044 NdisWan - ok
15:32:07.0884 3044 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:32:08.0009 3044 NDProxy - ok
15:32:08.0009 3044 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:32:08.0072 3044 NetBIOS - ok
15:32:08.0103 3044 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:32:08.0181 3044 NetBT - ok
15:32:08.0181 3044 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
15:32:08.0196 3044 Netlogon - ok
15:32:08.0243 3044 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:32:08.0306 3044 Netman - ok
15:32:08.0352 3044 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:32:08.0430 3044 NetMsmqActivator - ok
15:32:08.0462 3044 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:32:08.0477 3044 NetPipeActivator - ok
15:32:08.0493 3044 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:32:08.0540 3044 netprofm - ok
15:32:08.0633 3044 [ 44D4BD55191624C82A2745296BA42814 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
15:32:08.0696 3044 netr28x - ok
15:32:08.0711 3044 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:32:08.0711 3044 NetTcpActivator - ok
15:32:08.0727 3044 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:32:08.0727 3044 NetTcpPortSharing - ok
15:32:08.0742 3044 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
15:32:08.0758 3044 nfrd960 - ok
15:32:08.0789 3044 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:32:08.0836 3044 NlaSvc - ok
15:32:08.0883 3044 [ C9773EF9CBF2877725A45F07396D5DA6 ] nmwcdx64 C:\Windows\system32\drivers\ccdcmbx64.sys
15:32:08.0961 3044 nmwcdx64 - ok
15:32:08.0976 3044 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:32:09.0023 3044 Npfs - ok
15:32:09.0039 3044 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:32:09.0101 3044 nsi - ok
15:32:09.0117 3044 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:32:09.0148 3044 nsiproxy - ok
15:32:09.0226 3044 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:32:09.0304 3044 Ntfs - ok
15:32:09.0304 3044 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:32:09.0351 3044 Null - ok
15:32:09.0366 3044 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:32:09.0444 3044 nvraid - ok
15:32:09.0491 3044 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:32:09.0538 3044 nvstor - ok
15:32:09.0585 3044 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:32:09.0600 3044 nv_agp - ok
15:32:09.0632 3044 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:32:09.0678 3044 ohci1394 - ok
15:32:09.0694 3044 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:32:09.0725 3044 p2pimsvc - ok
15:32:09.0756 3044 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:32:09.0788 3044 p2psvc - ok
15:32:09.0803 3044 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
15:32:09.0819 3044 Parport - ok
15:32:09.0850 3044 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:32:09.0897 3044 partmgr - ok
15:32:09.0912 3044 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:32:09.0944 3044 PcaSvc - ok
15:32:10.0022 3044 PcdrNdisuio - ok
15:32:10.0068 3044 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
15:32:10.0131 3044 pci - ok
15:32:10.0131 3044 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
15:32:10.0146 3044 pciide - ok
15:32:10.0193 3044 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
15:32:10.0209 3044 pcmcia - ok
15:32:10.0224 3044 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:32:10.0240 3044 pcw - ok
15:32:10.0256 3044 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:32:10.0334 3044 PEAUTH - ok
15:32:10.0365 3044 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:32:10.0396 3044 PerfHost - ok
15:32:10.0458 3044 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
15:32:10.0552 3044 pla - ok
15:32:10.0599 3044 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:32:10.0708 3044 PlugPlay - ok
15:32:10.0739 3044 PnkBstrA - ok
15:32:10.0770 3044 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:32:10.0817 3044 PNRPAutoReg - ok
15:32:10.0833 3044 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:32:10.0848 3044 PNRPsvc - ok
15:32:10.0895 3044 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
15:32:10.0942 3044 Point64 - ok
15:32:10.0989 3044 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:32:11.0098 3044 PolicyAgent - ok
15:32:11.0145 3044 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:32:11.0238 3044 Power - ok
15:32:11.0285 3044 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:32:11.0394 3044 PptpMiniport - ok
15:32:11.0426 3044 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
15:32:11.0457 3044 Processor - ok
15:32:11.0488 3044 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
15:32:11.0550 3044 ProfSvc - ok
15:32:11.0566 3044 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:32:11.0582 3044 ProtectedStorage - ok
15:32:11.0613 3044 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:32:11.0753 3044 Psched - ok
15:32:11.0800 3044 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
15:32:11.0862 3044 ql2300 - ok
15:32:11.0878 3044 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
15:32:11.0894 3044 ql40xx - ok
15:32:11.0909 3044 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:32:11.0940 3044 QWAVE - ok
15:32:11.0987 3044 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:32:12.0018 3044 QWAVEdrv - ok
15:32:12.0034 3044 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:32:12.0096 3044 RasAcd - ok
15:32:12.0112 3044 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:32:12.0159 3044 RasAgileVpn - ok
15:32:12.0174 3044 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:32:12.0237 3044 RasAuto - ok
15:32:12.0268 3044 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:32:12.0377 3044 Rasl2tp - ok
15:32:12.0408 3044 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
15:32:12.0502 3044 RasMan - ok
15:32:12.0518 3044 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:32:12.0564 3044 RasPppoe - ok
15:32:12.0611 3044 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:32:12.0658 3044 RasSstp - ok
15:32:12.0705 3044 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:32:12.0814 3044 rdbss - ok
15:32:12.0830 3044 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:32:12.0845 3044 rdpbus - ok
15:32:12.0861 3044 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:32:12.0923 3044 RDPCDD - ok
15:32:12.0923 3044 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:32:12.0970 3044 RDPENCDD - ok
15:32:12.0986 3044 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:32:13.0017 3044 RDPREFMP - ok
15:32:13.0048 3044 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:32:13.0142 3044 RDPWD - ok
15:32:13.0188 3044 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:32:13.0251 3044 rdyboost - ok
15:32:13.0282 3044 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:32:13.0329 3044 RemoteAccess - ok
15:32:13.0391 3044 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:32:13.0469 3044 RemoteRegistry - ok
15:32:13.0532 3044 [ CAF88D6573D21CD2AA27001DDBFDC74D ] RMCAST C:\Windows\system32\DRIVERS\RMCAST.sys
15:32:13.0641 3044 RMCAST - ok
15:32:13.0656 3044 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:32:13.0688 3044 RpcEptMapper - ok
15:32:13.0719 3044 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:32:13.0734 3044 RpcLocator - ok
15:32:13.0781 3044 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
15:32:13.0828 3044 RpcSs - ok
15:32:13.0859 3044 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:32:13.0906 3044 rspndr - ok
15:32:13.0968 3044 [ 3B01789EE4EAEE97F5EB46B711387D5E ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
15:32:14.0093 3044 RTL8167 - ok
15:32:14.0140 3044 [ 333224D4D25F9BCCA488E08345083E1C ] RTL8187 C:\Windows\system32\DRIVERS\rtl8187.sys
15:32:14.0218 3044 RTL8187 - ok
15:32:14.0265 3044 [ 5532C4BF15173270757A75B46BAEB960 ] RtNdPt60 C:\Windows\system32\DRIVERS\RtNdPt60.sys
15:32:14.0312 3044 RtNdPt60 - ok
15:32:14.0327 3044 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
15:32:14.0343 3044 SamSs - ok
15:32:14.0390 3044 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:32:14.0452 3044 sbp2port - ok
15:32:14.0483 3044 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:32:14.0546 3044 SCardSvr - ok
15:32:14.0592 3044 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:32:14.0670 3044 scfilter - ok
15:32:14.0733 3044 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
15:32:14.0811 3044 Schedule - ok
15:32:14.0858 3044 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:32:14.0889 3044 SCPolicySvc - ok
15:32:14.0920 3044 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:32:14.0982 3044 SDRSVC - ok
15:32:15.0014 3044 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:32:15.0060 3044 secdrv - ok
15:32:15.0092 3044 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
15:32:15.0185 3044 seclogon - ok
15:32:15.0201 3044 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
15:32:15.0279 3044 SENS - ok
15:32:15.0294 3044 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:32:15.0326 3044 SensrSvc - ok
15:32:15.0326 3044 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:32:15.0372 3044 Serenum - ok
15:32:15.0388 3044 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:32:15.0419 3044 Serial - ok
15:32:15.0435 3044 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
15:32:15.0450 3044 sermouse - ok
15:32:15.0497 3044 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
15:32:15.0591 3044 SessionEnv - ok
15:32:15.0653 3044 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:32:15.0684 3044 sffdisk - ok
15:32:15.0684 3044 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:32:15.0716 3044 sffp_mmc - ok
15:32:15.0731 3044 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:32:15.0809 3044 sffp_sd - ok
15:32:15.0825 3044 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
15:32:15.0840 3044 sfloppy - ok
15:32:15.0887 3044 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:32:15.0934 3044 SharedAccess - ok
15:32:15.0996 3044 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:32:16.0074 3044 ShellHWDetection - ok
15:32:16.0106 3044 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:32:16.0121 3044 SiSRaid2 - ok
15:32:16.0121 3044 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
15:32:16.0137 3044 SiSRaid4 - ok
15:32:16.0168 3044 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:32:16.0246 3044 Smb - ok
15:32:16.0293 3044 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:32:16.0324 3044 SNMPTRAP - ok
15:32:16.0605 3044 [ 37D91C6385BB1104D67925FC43800ED0 ] SNPSTD3 C:\Windows\system32\DRIVERS\snpstd3.sys
15:32:16.0932 3044 SNPSTD3 - ok
15:32:16.0948 3044 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:32:16.0964 3044 spldr - ok
15:32:17.0010 3044 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
15:32:17.0135 3044 Spooler - ok
15:32:17.0213 3044 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
15:32:17.0291 3044 sppsvc - ok
15:32:17.0307 3044 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:32:17.0354 3044 sppuinotify - ok
15:32:17.0432 3044 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys
15:32:17.0432 3044 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
15:32:17.0447 3044 sptd ( LockedFile.Multi.Generic ) - warning
15:32:17.0447 3044 sptd - detected LockedFile.Multi.Generic (1)
15:32:17.0463 3044 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
15:32:17.0556 3044 srv - ok
15:32:17.0603 3044 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:32:17.0681 3044 srv2 - ok
15:32:17.0712 3044 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:32:17.0775 3044 srvnet - ok
15:32:17.0806 3044 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:32:17.0853 3044 SSDPSRV - ok
15:32:17.0868 3044 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:32:17.0915 3044 SstpSvc - ok
15:32:17.0931 3044 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
15:32:17.0946 3044 stexstor - ok
15:32:17.0993 3044 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
15:32:18.0087 3044 stisvc - ok
15:32:18.0134 3044 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
15:32:18.0149 3044 swenum - ok
15:32:18.0165 3044 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:32:18.0212 3044 swprv - ok
15:32:18.0290 3044 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
15:32:18.0399 3044 SysMain - ok
15:32:18.0430 3044 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:32:18.0508 3044 TabletInputService - ok
15:32:18.0539 3044 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:32:18.0633 3044 TapiSrv - ok
15:32:18.0664 3044 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:32:18.0726 3044 TBS - ok
15:32:18.0820 3044 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:32:18.0914 3044 Tcpip - ok
15:32:18.0960 3044 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:32:19.0007 3044 TCPIP6 - ok
15:32:19.0070 3044 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:32:19.0132 3044 tcpipreg - ok
15:32:19.0163 3044 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:32:19.0194 3044 TDPIPE - ok
15:32:19.0241 3044 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:32:19.0304 3044 TDTCP - ok
15:32:19.0350 3044 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:32:19.0413 3044 tdx - ok
15:32:19.0444 3044 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
15:32:19.0475 3044 TermDD - ok
15:32:19.0522 3044 [ E589BCD6041786C5E38E2D223C24C193 ] TermService C:\Windows\System32\termsrv.dll
15:32:19.0569 3044 TermService ( UnsignedFile.Multi.Generic ) - warning
15:32:19.0569 3044 TermService - detected UnsignedFile.Multi.Generic (1)
15:32:19.0584 3044 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:32:19.0616 3044 Themes - ok
15:32:19.0647 3044 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:32:19.0678 3044 THREADORDER - ok
15:32:19.0694 3044 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:32:19.0740 3044 TrkWks - ok
15:32:19.0787 3044 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:32:19.0928 3044 TrustedInstaller - ok
15:32:19.0959 3044 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:32:20.0021 3044 tssecsrv - ok
15:32:20.0084 3044 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:32:20.0177 3044 TsUsbFlt - ok
15:32:20.0224 3044 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:32:20.0333 3044 tunnel - ok
15:32:20.0349 3044 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
15:32:20.0364 3044 uagp35 - ok
15:32:20.0411 3044 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:32:20.0489 3044 udfs - ok
15:32:20.0536 3044 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:32:20.0552 3044 UI0Detect - ok
15:32:20.0598 3044 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:32:20.0614 3044 uliagpkx - ok
15:32:20.0676 3044 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
15:32:20.0723 3044 umbus - ok
15:32:20.0754 3044 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
15:32:20.0786 3044 UmPass - ok
15:32:20.0786 3044 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:32:20.0848 3044 upnphost - ok
15:32:20.0910 3044 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
15:32:20.0988 3044 USBAAPL64 - ok
15:32:21.0051 3044 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
15:32:21.0129 3044 usbaudio - ok
15:32:21.0144 3044 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:32:21.0238 3044 usbccgp - ok
15:32:21.0285 3044 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:32:21.0300 3044 usbcir - ok
15:32:21.0316 3044 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
15:32:21.0394 3044 usbehci - ok
15:32:21.0425 3044 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:32:21.0519 3044 usbhub - ok
15:32:21.0534 3044 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:32:21.0644 3044 usbohci - ok
15:32:21.0675 3044 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:32:21.0690 3044 usbprint - ok
15:32:21.0722 3044 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
15:32:21.0737 3044 usbscan - ok
15:32:21.0753 3044 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:32:21.0831 3044 USBSTOR - ok
15:32:21.0846 3044 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:32:21.0909 3044 usbuhci - ok
15:32:21.0924 3044 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:32:21.0987 3044 UxSms - ok
15:32:22.0018 3044 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
15:32:22.0018 3044 VaultSvc - ok
15:32:22.0065 3044 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:32:22.0096 3044 vdrvroot - ok
15:32:22.0143 3044 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
15:32:22.0221 3044 vds - ok
15:32:22.0252 3044 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:32:22.0283 3044 vga - ok
15:32:22.0283 3044 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:32:22.0330 3044 VgaSave - ok
15:32:22.0377 3044 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:32:22.0424 3044 vhdmp - ok
15:32:22.0455 3044 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
15:32:22.0470 3044 viaide - ok
15:32:22.0502 3044 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:32:22.0548 3044 volmgr - ok
15:32:22.0611 3044 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:32:22.0673 3044 volmgrx - ok
15:32:22.0689 3044 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:32:22.0751 3044 volsnap - ok
15:32:22.0767 3044 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
15:32:22.0782 3044 vsmraid - ok
15:32:22.0845 3044 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
15:32:23.0001 3044 VSS - ok
15:32:23.0001 3044 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
15:32:23.0032 3044 vwifibus - ok
15:32:23.0063 3044 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
15:32:23.0094 3044 vwififlt - ok
15:32:23.0126 3044 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
15:32:23.0141 3044 vwifimp - ok
15:32:23.0172 3044 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:32:23.0219 3044 W32Time - ok
15:32:23.0235 3044 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
15:32:23.0266 3044 WacomPen - ok
15:32:23.0313 3044 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:32:23.0406 3044 WANARP - ok
15:32:23.0422 3044 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:32:23.0469 3044 Wanarpv6 - ok
15:32:23.0516 3044 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
15:32:23.0640 3044 wbengine - ok
15:32:23.0656 3044 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:32:23.0687 3044 WbioSrvc - ok
15:32:23.0750 3044 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:32:23.0796 3044 wcncsvc - ok
15:32:23.0796 3044 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:32:23.0828 3044 WcsPlugInService - ok
15:32:23.0843 3044 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
15:32:23.0859 3044 Wd - ok
15:32:23.0906 3044 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:32:23.0984 3044 Wdf01000 - ok
15:32:23.0999 3044 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:32:24.0062 3044 WdiServiceHost - ok
15:32:24.0062 3044 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:32:24.0077 3044 WdiSystemHost - ok
15:32:24.0124 3044 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
15:32:24.0186 3044 WebClient - ok
15:32:24.0202 3044 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:32:24.0264 3044 Wecsvc - ok
15:32:24.0280 3044 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:32:24.0327 3044 wercplsupport - ok
15:32:24.0342 3044 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:32:24.0405 3044 WerSvc - ok
15:32:24.0452 3044 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:32:24.0483 3044 WfpLwf - ok
15:32:24.0498 3044 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:32:24.0514 3044 WIMMount - ok
15:32:24.0561 3044 WinDefend - ok
15:32:24.0561 3044 WinHttpAutoProxySvc - ok
15:32:24.0608 3044 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:32:24.0654 3044 Winmgmt - ok
15:32:24.0717 3044 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
15:32:24.0842 3044 WinRM - ok
15:32:24.0904 3044 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
15:32:25.0029 3044 WinUsb - ok
15:32:25.0060 3044 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:32:25.0107 3044 Wlansvc - ok
15:32:25.0138 3044 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:32:25.0154 3044 WmiAcpi - ok
15:32:25.0169 3044 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:32:25.0200 3044 wmiApSrv - ok
15:32:25.0232 3044 WMPNetworkSvc - ok
15:32:25.0247 3044 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:32:25.0278 3044 WPCSvc - ok
15:32:25.0310 3044 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:32:25.0372 3044 WPDBusEnum - ok
15:32:25.0403 3044 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:32:25.0466 3044 ws2ifsl - ok
15:32:25.0481 3044 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
15:32:25.0512 3044 wscsvc - ok
15:32:25.0512 3044 WSearch - ok
15:32:25.0590 3044 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:32:25.0668 3044 wuauserv - ok
15:32:25.0700 3044 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:32:25.0778 3044 WudfPf - ok
15:32:25.0793 3044 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:32:25.0871 3044 WUDFRd - ok
15:32:25.0902 3044 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:32:25.0949 3044 wudfsvc - ok
15:32:25.0980 3044 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
15:32:26.0074 3044 WwanSvc - ok
15:32:26.0168 3044 wxpSvc - ok
15:32:26.0199 3044 ================ Scan global ===============================
15:32:26.0230 3044 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:32:26.0261 3044 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:32:26.0308 3044 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:32:26.0324 3044 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:32:26.0355 3044 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:32:26.0370 3044 [Global] - ok
15:32:26.0370 3044 ================ Scan MBR ==================================
15:32:26.0386 3044 [ 32E9DC7638F8AACA3E49582367C1CB3A ] \Device\Harddisk0\DR0
15:32:26.0682 3044 \Device\Harddisk0\DR0 - ok
15:32:26.0682 3044 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
15:32:29.0178 3044 \Device\Harddisk1\DR1 - ok
15:32:29.0178 3044 ================ Scan VBR ==================================
15:32:29.0194 3044 [ 392FAA451152747B8AB1CFB46E9E4CBE ] \Device\Harddisk0\DR0\Partition1
15:32:29.0194 3044 \Device\Harddisk0\DR0\Partition1 - ok
15:32:29.0210 3044 [ 8187C1591DBF6AB8B1AC724D7AAB9F96 ] \Device\Harddisk0\DR0\Partition2
15:32:29.0210 3044 \Device\Harddisk0\DR0\Partition2 - ok
15:32:29.0241 3044 [ B7FFF3A0B3ED900C7EBD243F92964E26 ] \Device\Harddisk0\DR0\Partition3
15:32:29.0241 3044 \Device\Harddisk0\DR0\Partition3 - ok
15:32:29.0241 3044 [ E7FF011DC8904C9955440211CB62E1C4 ] \Device\Harddisk1\DR1\Partition1
15:32:29.0241 3044 \Device\Harddisk1\DR1\Partition1 - ok
15:32:29.0241 3044 ============================================================
15:32:29.0241 3044 Scan finished
15:32:29.0241 3044 ============================================================
15:32:29.0256 4412 Detected object count: 5
15:32:29.0256 4412 Actual detected object count: 5
15:32:52.0136 4412 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:32:52.0136 4412 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:32:52.0136 4412 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
15:32:52.0136 4412 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:32:52.0136 4412 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
15:32:52.0136 4412 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:32:52.0136 4412 sptd ( LockedFile.Multi.Generic ) - skipped by user
15:32:52.0136 4412 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
15:32:52.0136 4412 TermService ( UnsignedFile.Multi.Generic ) - skipped by user
15:32:52.0136 4412 TermService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:34:15.0522 2668 Deinitialize success
|
|
30.05.2013, 14:41
| #6 |
| /// Malware-holic | gvu trojaner Hi, prinzipiell geht mich so was ja auch nichts an, aber ich kann dir da ja aus unseren Erfahrungswerten berichten, und ich würde, und das is schon vorsichtig geschätzt, sagen, das mindestens 80 % derer, die hier herkommen wegen gesperrter PC's auf Kinox.to und ähnlichen Seiten unterwegs sind, und auch eigene Tests haben das gezeigt, deshalb die Warnung Scan mit Combofix
__________________ --> gvu trojaner |
|
30.05.2013, 14:46
| #7 |
| |  gvu trojaner wenn ich jetzt finden würde wo mcaffee auszuschalten geht.... weist du zuffälig wo??? tips und Warnungen nehm ich immer gern an... gefunden.... combofix is durch.... Code:
ATTFilter ComboFix 13-05-30.02 - Ted2011 30.05.2013 15:52:18.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3959.2623 [GMT 2:00]
ausgeführt von:: c:\users\Ted2011\Desktop\ComboFix.exe
AV: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\5136356.bat
c:\programdata\5136356.reg
c:\users\Carolin\AppData\Roaming\7910.org
c:\users\Carolin\AppData\Roaming\7910.org\Ticker\an1cHpL0g410022MDAwMTEyMzB8MDk0NDU1b2F8d2lyIGZhaHJlbiBhbiBkaWUgT3N0c2VlIGluIA.gif
c:\users\Ted2011\AppData\Local\Temp\acc98a83-4789-42d6-8c8f-ba0c09eb1879\CliSecureRT.dll
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-04-28 bis 2013-05-30 ))))))))))))))))))))))))))))))
.
.
2013-05-30 14:02 . 2013-05-30 14:02 -------- d-----w- c:\users\Gast\AppData\Local\temp
2013-05-15 16:57 . 2013-04-05 06:52 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-05-15 11:33 . 2013-05-15 11:33 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-15 11:28 . 2013-05-15 11:28 -------- d-----w- c:\users\Chris I Pad1
2013-05-05 12:41 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 17:01 . 2010-03-01 19:05 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-15 13:05 . 2012-07-31 20:42 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 13:05 . 2011-05-16 19:30 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-13 05:49 . 2013-05-15 11:15 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 11:15 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 11:15 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 11:15 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 11:15 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 11:15 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-10 18:15 . 2013-04-10 18:15 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-10 18:15 . 2013-04-10 18:15 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-10 18:15 . 2013-04-10 18:15 81408 ----a-w- c:\windows\system32\icardie.dll
2013-04-10 18:15 . 2013-04-10 18:15 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-10 18:15 . 2013-04-10 18:15 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-10 18:15 . 2013-04-10 18:15 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-04-10 18:15 . 2013-04-10 18:15 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-10 18:15 . 2013-04-10 18:15 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-04-10 18:15 . 2013-04-10 18:15 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-10 18:15 . 2013-04-10 18:15 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-10 18:15 . 2013-04-10 18:15 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-10 18:15 . 2013-04-10 18:15 441856 ----a-w- c:\windows\system32\html.iec
2013-04-10 18:15 . 2013-04-10 18:15 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-10 18:15 . 2013-04-10 18:15 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-04-10 18:15 . 2013-04-10 18:15 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-10 18:15 . 2013-04-10 18:15 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-10 18:15 . 2013-04-10 18:15 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-10 18:15 . 2013-04-10 18:15 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-04-10 18:15 . 2013-04-10 18:15 235008 ----a-w- c:\windows\system32\url.dll
2013-04-10 18:15 . 2013-04-10 18:15 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-10 18:15 . 2013-04-10 18:15 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-04-10 18:15 . 2013-04-10 18:15 216064 ----a-w- c:\windows\system32\msls31.dll
2013-04-10 18:15 . 2013-04-10 18:15 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-10 18:15 . 2013-04-10 18:15 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-04-10 18:15 . 2013-04-10 18:15 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-04-10 18:15 . 2013-04-10 18:15 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-10 18:15 . 2013-04-10 18:15 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-10 18:15 . 2013-04-10 18:15 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-10 18:15 . 2013-04-10 18:15 144896 ----a-w- c:\windows\system32\wextract.exe
2013-04-10 18:15 . 2013-04-10 18:15 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-10 18:15 . 2013-04-10 18:15 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-10 18:15 . 2013-04-10 18:15 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-10 18:15 . 2013-04-10 18:15 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-10 18:15 . 2013-04-10 18:15 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-10 18:15 . 2013-04-10 18:15 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-10 18:15 . 2013-04-10 18:15 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-10 18:15 . 2013-04-10 18:15 102912 ----a-w- c:\windows\system32\inseng.dll
2013-04-10 18:15 . 2013-04-10 18:15 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-10 18:15 . 2013-04-10 18:15 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-04-10 18:15 . 2013-04-10 18:15 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-10 18:15 . 2013-04-10 18:15 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-10 18:15 . 2013-04-10 18:15 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-04-10 18:15 . 2013-04-10 18:15 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-10 18:15 . 2013-04-10 18:15 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-10 18:15 . 2013-04-10 18:15 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-10 18:15 . 2013-04-10 18:15 13824 ----a-w- c:\windows\system32\mshta.exe
2013-04-10 18:15 . 2013-04-10 18:15 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-04-10 18:15 . 2013-04-10 18:15 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-10 18:15 . 2013-04-10 18:15 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-10 18:13 . 2013-04-10 18:13 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-10 18:13 . 2013-04-10 18:13 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-10 18:13 . 2013-04-10 18:13 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-10 18:13 . 2013-04-10 18:13 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-10 18:13 . 2013-04-10 18:13 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-10 18:13 . 2013-04-10 18:13 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-10 18:13 . 2013-04-10 18:13 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-04-10 18:13 . 2013-04-10 18:13 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-04-10 18:13 . 2013-04-10 18:13 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-04-10 18:13 . 2013-04-10 18:13 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-10 18:13 . 2013-04-10 18:13 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-10 18:13 . 2013-04-10 18:13 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-04-10 18:13 . 2013-04-10 18:13 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-04-10 18:13 . 2013-04-10 18:13 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-04-10 18:13 . 2013-04-10 18:13 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-10 18:13 . 2013-04-10 18:13 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-10 18:13 . 2013-04-10 18:13 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-10 18:13 . 2013-04-10 18:13 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-10 18:13 . 2013-04-10 18:13 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-10 18:13 . 2013-04-10 18:13 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-10 18:13 . 2013-04-10 18:13 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-04-10 18:13 . 2013-04-10 18:13 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-04-10 18:13 . 2013-04-10 18:13 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-10 18:13 . 2013-04-10 18:13 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-10 18:13 . 2013-04-10 18:13 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-04-10 18:13 . 2013-04-10 18:13 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-04-10 18:13 . 2013-04-10 18:13 1504768 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-04-10 18:13 . 2013-04-10 18:13 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-04-10 18:13 . 2013-04-10 18:13 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-04-10 18:13 . 2013-04-10 18:13 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-10 18:13 . 2013-04-10 18:13 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-10 18:13 . 2013-04-10 18:13 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-04-10 18:13 . 2013-04-10 18:13 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-04-10 18:13 . 2013-04-10 18:13 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-04-10 18:13 . 2013-04-10 18:13 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-04-10 18:13 . 2013-04-10 18:13 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-04-10 18:13 . 2013-04-10 18:13 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-04-10 18:13 . 2013-04-10 18:13 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-04-10 18:13 . 2013-04-10 18:13 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-04-10 18:13 . 2013-04-10 18:13 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-04-10 18:13 . 2013-04-10 18:13 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-04-10 18:13 . 2013-04-10 18:13 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-06-19 . E589BCD6041786C5E38E2D223C24C193 . 680960 . . [6.1.7601.17514] .. c:\windows\system32\termsrv.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}]
2010-08-18 10:08 353656 ----a-w- c:\program files (x86)\PriceGong\2.1.0\PriceGongIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-03-17 13:45 2355224 ----a-w- c:\program files (x86)\Vuze_Remote\tbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-10-11 15:12 1244040 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-03-17 2355224]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-10-11 1244040]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KSS"="c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" [2012-04-25 202296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Zboard"="c:\program files (x86)\Ideazon\ZEngine\Zboard.exe" [2011-02-22 182784]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-01-14 1534504]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Air Mouse.lnk - c:\program files (x86)\Air Mouse\Air Mouse\Air Mouse.exe [2012-3-8 1169920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
"<NO NAME>"=
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-28 52584]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2013-02-19 106552]
R3 MHIKEY10;MHIKEY10;c:\windows\system32\Drivers\MHIKEY10x64.sys [2010-04-09 59392]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2008-05-02 18432]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [2010-01-07 448512]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-10 204288]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R4 wxpSvc;webcamXP Service;c:\program files (x86)\wLite\wService.exe [2010-05-02 5027328]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-02-19 340216]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-28 834544]
S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 KSS;Kaspersky Security Scan Service;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-04-25 202296]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2013-02-19 218760]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-02-19 182752]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2009-09-17 26624]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-02-19 70112]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-02-19 515968]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-05-19 702976]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-21 239616]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-31 13:05]
.
2013-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-04 10:38]
.
2013-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-04 10:38]
.
2013-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2286582126-1764155742-3075240171-1001Core.job
- c:\users\Carolin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-03 12:24]
.
2013-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2286582126-1764155742-3075240171-1001UA.job
- c:\users\Carolin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-03 12:24]
.
2013-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2286582126-1764155742-3075240171-1004Core.job
- c:\users\Ted2011\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-08 14:43]
.
2013-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2286582126-1764155742-3075240171-1004UA.job
- c:\users\Ted2011\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-08 14:43]
.
.
--------- X64 Entries -----------
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files (x86)\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 192.168.3.1
TCP: Interfaces\{134C91A2-C05D-4D1E-9252-B8BC91D3F49D}: DhcpNameServer = 192.168.3.1
TCP: Interfaces\{134C91A2-C05D-4D1E-9252-B8BC91D3F49D}\5416379724F687D2138383243363: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{134C91A2-C05D-4D1E-9252-B8BC91D3F49D}\7596C68656C6D6: DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{134C91A2-C05D-4D1E-9252-B8BC91D3F49D}\75C414E4: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Ted2011\AppData\Roaming\Mozilla\Firefox\Profiles\fnm7dgp8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=1a14b3710000000000004061867aaeb0&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17395&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{495A8A3C-8FD0-4C46-9979-95C26181A1AB} - c:\program files (x86)\InstallShield Installation Information\{495A8A3C-8FD0-4C46-9979-95C26181A1AB}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wxpSvc]
"ImagePath"="c:\program files (x86)\wLite\wService.exe /startedbyscm:5053B757-40E35B3B-webcamSRV"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e3,e2,56,b7,bf,0d,59,4a,82,b5,65,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e3,e2,56,b7,bf,0d,59,4a,82,b5,65,\
.
[HKEY_USERS\S-1-5-21-2286582126-1764155742-3075240171-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:95,5e,93,4a,28,8b,34,f0,c0,75,5a,cc,e0,44,60,07,75,5b,d8,7a,18,67,46,
ac,8c,39,f1,19,89,36,bd,9c,4d,61,8d,36,fa,41,e2,d7,b5,59,c0,ca,88,0b,31,d9,\
"??"=hex:3f,eb,b2,a8,d5,51,4b,c2,1b,01,ec,08,0f,18,11,95
.
[HKEY_USERS\S-1-5-21-2286582126-1764155742-3075240171-1004\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:9c,c8,ee,66,63,bf,1b,44,a0,71,88,7f,fb,50,88,34,4c,70,74,b5,84,
3f,cc,5f,0c,1e,e5,52,53,dc,5c,90,92,e9,9f,71,f7,4c,88,1e,12,73,9a,91,19,31,\
"rkeysecu"=hex:17,0c,8b,a8,75,cb,05,56,56,b0,06,85,72,9c,ba,40
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-05-30 16:14:28 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-05-30 14:14
.
Vor Suchlauf: 14 Verzeichnis(se), 720.308.699.136 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 722.531.041.280 Bytes frei
.
- - End Of File - - C391E4AD1C13C657326E4A360D965805
anscheinend.... |
|
30.05.2013, 21:10
| #8 |
| /// Malware-holic | gvu trojaner malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
31.05.2013, 00:16
| #9 |
| | gvu trojaner erledigt Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.30.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16576 Ted2011 :: CAROLIN-RECHNER [Administrator] Schutz: Aktiviert 30.05.2013 22:15:01 mbam-log-2013-05-30 (22-15-01).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|J:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 630413 Laufzeit: 2 Stunde(n), 37 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 7 C:\Users\Carolin\AppData\Local\Zylom Games\Leeloo's Talent Agency Deluxe\leeloostalentagency.exe (PUP.Downloader.ZYL) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ted2011\AppData\Local\Zylom Games\Bejeweled 3 Deluxe\Bejeweled3.exe.exe (PUP.Downloader.ZYL) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ted2011\AppData\Local\Zylom Games\Big City Adventure - New York City Deluxe\bigcityadventuretmnewyorkcity.exe (PUP.Downloader.ZYL) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ted2011\AppData\Local\Zylom Games\Cake Mania Main Street Deluxe\cakemaniamainstreettm.exe (PUP.Downloader.ZYL) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ted2011\Desktop\unjuse\Concurrent RDP Patcher.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ted2011\Desktop\unjuse\Concurrent RDP Patcher_2-22-2011.zip (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ted2011\Desktop\unjuse\SoftonicDownloader_fuer_total-commander.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
31.05.2013, 10:26
| #10 |
| /// Malware-holic | gvu trojaner Hi, lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
31.05.2013, 14:25
| #11 |
| | gvu trojanerCode:
ATTFilter Adobe AIR Adobe Systems Inc. 20.03.2010 1.5.3.9130 notwendig Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 14.05.2013 6,00MB 11.7.700.202 notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 14.05.2013 6,00MB 11.7.700.202 notwendig Adobe Reader 9.4.6 - Deutsch Adobe Systems Incorporated 26.09.2011 227MB 9.4.6 notwendig AMD Catalyst Install Manager Advanced Micro Devices, Inc. 20.01.2012 26,2MB 3.0.855.0 notwendig Apple Application Support Apple Inc. 16.10.2012 65,0MB 2.2.2 notwendig Apple Mobile Device Support Apple Inc. 16.10.2012 23,7MB 6.0.0.59 notwendig Apple Software Update Apple Inc. 06.08.2011 2,38MB 2.1.3.127notwendig ArcSoft MediaImpression ArcSoft 24.12.2010 1.2.19.436 unbekannt Assassin's Creed Ubisoft 30.07.2011 1.02 notwendig Babylon toolbar 21.04.2011 unnötig Battlefield 2142 Deluxe Edition 20.04.2011 notwendig Bejeweled 3 Deluxe Zylom Games 20.01.2011 1.0.0 unnötig Big City Adventure - New York City Deluxe Zylom Games 20.01.2011 1.0.0 unnötig Bing Bar Microsoft Corporation 16.11.2011 26,8MB 7.0.850.0 unnötig Black Prophecy 17.04.2012 notwendig Bonjour Apple Inc. 21.01.2012 2,00MB 3.0.0.10 unbekannt Bonjour-Druckdienste Apple Inc. 23.10.2012 3,21MB 2.0.2.0 unbekannt BotCLLSetup teknik 28.10.2011 10,8MB 1.10 unbekannt Cake Mania Main Street Deluxe Zylom Games 20.01.2011 1.0.0 unnötig CCleaner Piriform 14.05.2011 3.06 notwendig Cheat Engine 6.0 Dark Byte 14.04.2011 18,4MB unnötig Command & Conquer™ 4 Tiberian Twilight Electronic Arts 11.03.2011 8.614MB 1.0.0.0 notwendig Compatibility Pack für 2007 Office System Microsoft Corporation 09.01.2013 381MB 12.0.6612.1000 unbekannt CyberLink DVD Suite Deluxe CyberLink Corp. 06.01.2010 36,2MB 7.0.2115 unbekannt DAEMON Tools Toolbar DT Soft Ltd 14.10.2010 1.1.2.0185 notwendig DedicatedServer Peanuts 07.09.2011 84,00KB 1.0.0.0 unbekannt Delicious - Emily's Childhood Memories Premium Edition 06.02.2011 unnötig DivX-Setup DivX, Inc. 19.03.2010 1.0.0.450 unbekannt Druckerdeinstallation für EPSON Stylus SX200 Series SEIKO EPSON Corporation 17.12.2010 notwendig DVD Menu Pack for HP MediaSmart Video Hewlett-Packard 06.01.2010 100,5MB 3.1.3224 unbekannt EA Download Manager Electronic Arts, Inc. 28.03.2010 6.0.4.10 notwendig Easy Macro Recorder 3.82 GoldSolution Software, Inc. 15.05.2010 notwendig ElsterFormular Landesfinanzdirektion Thüringen 22.03.2010 130.862MB 11.2.0.4074 notwendig eMule 24.04.2010 notwendig EPSON Scan 17.03.2011 notwendig FarmHelper FarmHelper 28.10.2011 unnötig Freelancer 07.09.2011 notwendig GameSpy Comrade GameSpy 28.03.2010 10,1MB 0.26.0.134 notwendig Gewichtslogger LISSWORX 28.12.2010 84,00KB 1.0.0 unnötig GiftBox+ Breakpoint Software Development 06.06.2011 1.0 unnötig Google Chrome Google Inc. 07.04.2011 27.0.1453.94 notwendig Google Earth Google 09.04.2013 173,6MB 7.0.3.8542 notwendig HP Advisor Hewlett-Packard 06.01.2010 49,8MB 3.3.9512.3162 unbekannt HP Games WildTangent 14.01.2010 1.0.0.71 unbekannt HP MediaSmart DVD Hewlett-Packard 06.01.2010 96,7MB 3.1.3317 unbekannt HP MediaSmart Music/Photo/Video Hewlett-Packard 06.01.2010 314MB 3.1.3422 unbekannt HP MediaSmart SmartMenu Hewlett-Packard 06.01.2010 1,95MB 3.1.0.1 unbekannt HP Odometer Hewlett-Packard 06.01.2010 48,00KB 2.10.0000 unbekannt HP Remote Solution Hewlett-Packard 06.01.2010 1.1.11.0 unbekannt HP Setup Hewlett-Packard 06.01.2010 1.2.3560.3170 unbekannt HP Support Assistant Hewlett-Packard 25.03.2010 19,4MB 4.3.1.2 unbekannt HP Support Information Hewlett-Packard 06.01.2010 0,16MB 10.1.0002 unbekannt HP Update Hewlett-Packard 06.01.2010 2,97MB 5.001.000.014 unbekannt iCloud Apple Inc. 16.10.2012 80,2MB 2.0.2.187 notwendig ICQ7.4 ICQ 08.04.2011 7.4 notwendig ImgBurn LIGHTNING UK! 24.06.2012 2.5.7.0 unbekannt Intel(R) Rapid Storage Technology Intel Corporation 07.01.2010 9.5.0.1037 unbekannt IP Camera 19.06.2010 unbekannt IrfanView (remove only) 13.03.2010 unbekannt iTunes Apple Inc. 16.10.2012 182,2MB 10.7.0.21 notwendig Java(TM) 6 Update 31 Oracle 25.03.2012 95,1MB 6.0.310 unbekannt Kaspersky Security Scan Kaspersky Lab 11.03.2013 12.0.1.117 notwendig korAccount 3 Kornelius 04.11.2011 4,03MB 3.3.21 unbekannt LabelPrint CyberLink Corp. 06.01.2010 231MB 2.5.2017unbekannt Landwirtschafts Simulator 2011 GIANTS Software 23.10.2011 768MB 1.0 LightScribe System Software LightScribe 06.01.2010 24,0MB 1.18.8.1 unbekannt LOADSTREET Easy Tools für Win 7 LOADSTREET.de 02.03.2010 12,8MB 1.00.0000 unbekannt Magic Desktop EasyBits Software AS 14.01.2010 unbekannt Malwarebytes Anti-Malware Version 1.75.0.1300 Malwarebytes Corporation 29.05.2013 19,3MB 1.75.0.1300 notwendig Mass Effect 2 Electronic Arts, Inc. 26.10.2010 1.00 notwendig McAfee Internet Security Suite McAfee, Inc. 29.05.2013 11.6.511 notwendig Microsoft .NET Framework 1.1 Microsoft 20.03.2010 34,8MB 1.1.4322 unbekannt Microsoft .NET Framework 4 Client Profile Microsoft Corporation 25.06.2010 38,8MB 4.0.30319 unbekannt Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 25.06.2010 2,94MB 4.0.30319 unbekannt Microsoft .NET Framework 4 Extended Microsoft Corporation 05.01.2012 52,0MB 4.0.30319 unbekannt Microsoft IntelliPoint 8.2 Microsoft Corporation 02.12.2011 8.20.468.0 unbekannt Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 09.01.2013 115,7MB 12.0.6612.1000 unbekannt Microsoft Silverlight Microsoft Corporation 12.03.2013 50,7MB 5.1.20125.0 unbekannt Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 06.01.2010 1,72MB 3.1.0000 unbekannt Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Corporation 06.01.2010 0,61MB 1.0.1215.0 unbekannt Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Corporation 06.01.2010 1,45MB 1.0.1215.0 unbekannt Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Corporation 25.02.2010 0,25MB 8.0.50727.4053 unbekannt Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 25.02.2010 0,24MB 8.0.50727.4053 unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 15.06.2011 0,29MB 8.0.59193 unbekannt Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 06.01.2010 0,69MB 8.0.61000 unbekannt Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Corporation 16.04.2011 0,57MB 8.0.51011 unbekannt Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Corporation 16.04.2011 0,77MB 9.0.30729.5570 unbekannt Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 16.04.2011 0,58MB 9.0.30729.5570 unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 06.01.2010 0,77MB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 06.01.2010 0,77MB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 15.06.2011 0,77MB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 15.05.2010 1,42MB 9.0.21022 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 06.01.2010 0,58MB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 06.01.2010 0,58MB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 15.06.2011 0,59MB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 13.05.2011 13,7MB 10.0.30319 unbekannt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 12.12.2012 12,3MB 10.0.40219 unbekannt Microsoft Works Microsoft Corporation 10.10.2012 833MB 9.7.0621 notwendig Mobile Mouse Server RPA Tech, Inc 14.08.2012 1,24MB 2.6.5 notwendig MobileMe Control Panel Apple Inc. 15.05.2011 12,0MB 3.1.6.0 unbekannt Movie Theme Pack for HP MediaSmart Video Hewlett-Packard 06.01.2010 332MB 3.1.3310 unbekannt Mozilla Firefox 11.0 (x86 de) Mozilla 22.10.2012 38,5MB 11.0 notwendig MSXML 4.0 SP2 (KB954430) Microsoft Corporation 25.02.2010 1,28MB 4.20.9870.0 unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 25.02.2010 1,33MB 4.20.9876.0 unbekannt Nero 9 Lite Nero AG 25.04.2010 notwendig Nero Toolbar Ask.com 13.11.2010 3,22MB 1.6.13.0 unnötig Nokia Connectivity Cable Driver 25.09.2010 6.80.5.1 unnötig Nur Deinstallierung der CopyTrans Suite möglich. WindSolutions 15.05.2011 2.27 unbekannt NVIDIA PhysX NVIDIA Corporation 26.10.2010 120,1MB 9.09.0814 unbekannt ocxinstall apexis 04.06.2011 1.0.0.32 unbekannt Origin Electronic Arts, Inc. 18.06.2011 8.1.2.444 notwendig Pando Media Booster Pando Networks Inc. 12.07.2012 5,47MB 2.6.0.8 unbekannt PDF Blender 21.02.2011 notwendig PDF24 Creator 2.9.1 PDF24.org 21.02.2011 33,8MB notwendig PlayReady PC Runtime amd64 Microsoft Corporation 06.01.2010 2,06MB 1.3.0 unbekannt Power2Go CyberLink Corp. 06.01.2010 169,7MB 6.0.3304 unbekannt PowerDirector CyberLink Corp. 06.01.2010 522MB 7.0.3405 unbekannt PriceGong 2.1.0 PriceGong 15.10.2010 2.1.0 unbekannt QuickTime Apple Inc. 16.10.2012 73,3MB 7.72.80.56 notwendig Realtek High Definition Audio Driver Realtek Semiconductor Corp. 06.01.2010 6.0.1.6196 unbekannt Safari Apple Inc. 16.10.2012 104,3MB 5.34.57.2 notwendig Scribus 1.3.8 The Scribus Team 20.02.2011 1.3.8 unbekannt Shared C Run-time for x64 McAfee 12.03.2013 10.0.0 unbekannt Sniper - Art of Victory City Interactive 26.12.2010 notwendig Sniper v. 2.33 City Interactive 17.01.2013 notwendig Sonderfahrzeug-Simulator 2012 Version 1.0 Astragon 16.12.2011 485MB 1.0 notwendig Star Trek Online Cryptic Studios 13.07.2012 notwendig Starpoint Gemini LGM Games 28.06.2011 1.010 DE notwendig Strassenbau Simulator 1.2.16 UIG GmbH 29.07.2012 502MB notwendig SweetIM for Messenger 3.3 SweetIM Technologies Ltd. 15.10.2010 4,04MB 3.3.0006 unbekannt TeamSpeak 3 Client TeamSpeak Systems GmbH 12.05.2013 3.0.10.1 notwendig Testversion von Microsoft Office Home and Student 2007 23.02.2010 notwendig Total Commander (Remove or Repair) Ghisler Software GmbH 21.04.2011 7.56a notwendig UseNeXT Tangysoft Ltd. 08.03.2011 4,77MB notwendig VLC media player 0.9.9 VideoLAN Team 22.10.2010 0.9.9 notwendig Vuze Vuze Inc. 27.03.2010 notwendig Vuze_Remote Toolbar 27.03.2010 unbekannt WEB.DE Club SmartFax WEB.DE GmbH 23.01.2011 2.00.223 notwendig Weight Loss Oracle JettDigitals 30.05.2011 1,25MB 1.0.0 unnötig WildTangent Games App WildTangent 22.10.2012 4.0.10.2 unbekannt WildTangent Games App (HP Games) WildTangent 22.12.2010 4.0.4.12 unbekannt Windows Live Anmelde-Assistent Microsoft Corporation 06.01.2010 1,94MB 5.000.818.5 unbekannt Windows Live Essentials Microsoft Corporation 06.01.2010 14.0.8089.0726 unbekannt Windows Live Sync Microsoft Corporation 06.01.2010 2,79MB 14.0.8089.726 unbekannt Windows Live-Uploadtool Microsoft Corporation 06.01.2010 0,22MB 14.0.8014.1029 unbekannt WinRAR 27.02.2010 notwendig Woodcutter Simulator 03.04.2010 notwendig X3 Terran Conflict v3.0 EGOSOFT 18.12.2011 notwendig Z Engine Ideazon 20.08.2011 69,7MB 2.5.0.30_DE notwendig |
|
31.05.2013, 17:26
| #12 |
| /// Malware-holic | gvu trojaner deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Babylon Bejeweled Big Bing Cake Cheat CyberLink Delicious DivX FarmHelper Gewichtslogger GiftBox ImgBurn Java: downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: McAfee : bitte behalte entweder mcafee oder kaspersky, keine 2 auf einmal, sage mir welches. Nero Toolbar Nokia Power2Go PowerDirector PriceGong SweetIM Vuze_Remote Toolbar 27.03.2010 Weight WildTangent : alle Windows Live : falls nicht benötigt, alle Öffne CCleaner, analyisieren, starten, pc neustarten. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.06.2013, 19:34
| #13 |
| | gvu trojaner hi sry hat etwas länger gedauert.... famieliere probs.... so hab mc affee drauf gelassen.... und hier der log vom adwcleaner Code:
ATTFilter # AdwCleaner v2.301 - Datei am 04/06/2013 um 20:22:12 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Ted2011 - CAROLIN-RECHNER
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Ted2011\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Datei Gelöscht : C:\Users\Ted2011\AppData\Roaming\Mozilla\Firefox\Profiles\fnm7dgp8.default\searchplugins\daemon-search.xml
Datei Gelöscht : C:\Users\Ted2011\AppData\Roaming\Mozilla\Firefox\Profiles\fnm7dgp8.default\searchplugins\SweetIm.xml
Ordner Gelöscht : C:\Program Files (x86)\DAEMON Tools Toolbar
Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\Users\Carolin\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\Carolin\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Carolin\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\Carolin\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Carolin\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Carolin\AppData\LocalLow\SweetIM
Ordner Gelöscht : C:\Users\Carolin\AppData\Roaming\Mozilla\Firefox\Profiles\0rhxo82y.default\Conduit
Ordner Gelöscht : C:\Users\Carolin\AppData\Roaming\Mozilla\Firefox\Profiles\0rhxo82y.default\ConduitCommon
Ordner Gelöscht : C:\Users\Carolin\AppData\Roaming\Mozilla\Firefox\Profiles\0rhxo82y.default\CT2504091
Ordner Gelöscht : C:\Users\Carolin\AppData\Roaming\Mozilla\Firefox\Profiles\0rhxo82y.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\Vuze_Remote
Ordner Gelöscht : C:\Users\Ted2011\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\Ted2011\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Ted2011\AppData\LocalLow\facemoods.com
Ordner Gelöscht : C:\Users\Ted2011\AppData\LocalLow\Vuze_Remote
Ordner Gelöscht : C:\Users\Ted2011\AppData\Roaming\Mozilla\Firefox\Profiles\fnm7dgp8.default\SweetIMToolbarData
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Headlight
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7efeb9935159a92ad4e101276c2a02bb
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fe2183dd58b677049b0a49ab442c4024
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16576
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v11.0 (de)
Datei : C:\Users\Carolin\AppData\Roaming\Mozilla\Firefox\Profiles\0rhxo82y.default\prefs.js
Gelöscht : user_pref("CT2504091..clientLogIsEnabled", false);
Gelöscht : user_pref("CT2504091..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gelöscht : user_pref("CT2504091..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gelöscht : user_pref("CT2504091.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Gelöscht : user_pref("CT2504091.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2504091.AppTrackingLastCheckTime", "Mon Jun 13 2011 11:13:45 GMT+0200");
Gelöscht : user_pref("CT2504091.BrowserCompStateIsOpen_129566938558801595", true);
Gelöscht : user_pref("CT2504091.BrowserCompStateIsOpen_129707804829376918", true);
Gelöscht : user_pref("CT2504091.BrowserCompStateIsOpen_129990558296257215", true);
Gelöscht : user_pref("CT2504091.BrowserCompStateIsOpen_1359634298000", true);
Gelöscht : user_pref("CT2504091.BrowserCompStateIsOpen_1366636701000", true);
Gelöscht : user_pref("CT2504091.CTID", "CT2504091");
Gelöscht : user_pref("CT2504091.CurrentServerDate", "26-4-2013");
Gelöscht : user_pref("CT2504091.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2504091.DialogsGetterLastCheckTime", "Fri Apr 26 2013 15:20:57 GMT+0200");
Gelöscht : user_pref("CT2504091.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2504091.EMailNotifierPollDate", "Thu Jan 10 2013 20:17:07 GMT+0100");
Gelöscht : user_pref("CT2504091.FeedLastCount129079840422964131", 13);
Gelöscht : user_pref("CT2504091.FeedPollDate128891351169457132", "Fri Apr 22 2011 16:14:57 GMT+0200");
Gelöscht : user_pref("CT2504091.FeedPollDate128891351169457140", "Thu Jan 10 2013 20:17:08 GMT+0100");
Gelöscht : user_pref("CT2504091.FeedPollDate129079840422964131", "Thu Jan 10 2013 20:17:08 GMT+0100");
Gelöscht : user_pref("CT2504091.FeedTTL128891351169457132", 40);
Gelöscht : user_pref("CT2504091.FeedTTL128891351169457140", 40);
Gelöscht : user_pref("CT2504091.FirstServerDate", "28-3-2010");
Gelöscht : user_pref("CT2504091.FirstTime", true);
Gelöscht : user_pref("CT2504091.FirstTimeFF3", true);
Gelöscht : user_pref("CT2504091.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2504091.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2504091.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2504091.HasUserGlobalKeys", true);
Gelöscht : user_pref("CT2504091.HomePageProtectorEnabled", false);
Gelöscht : user_pref("CT2504091.Initialize", true);
Gelöscht : user_pref("CT2504091.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2504091.InstallationAndCookieDataSentCount", 3);
Gelöscht : user_pref("CT2504091.InstalledDate", "Sun Mar 28 2010 11:58:12 GMT+0200");
Gelöscht : user_pref("CT2504091.IsAlertDBUpdated", true);
Gelöscht : user_pref("CT2504091.IsGrouping", false);
Gelöscht : user_pref("CT2504091.IsMulticommunity", false);
Gelöscht : user_pref("CT2504091.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2504091.IsOpenUninstallPage", false);
Gelöscht : user_pref("CT2504091.LanguagePackLastCheckTime", "Fri Apr 26 2013 15:20:57 GMT+0200");
Gelöscht : user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2504091.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2504091.LastLogin_2.5.8.6", "Fri Apr 22 2011 16:14:58 GMT+0200");
Gelöscht : user_pref("CT2504091.LastLogin_3.13.0.6", "Mon Sep 24 2012 14:34:26 GMT+0200");
Gelöscht : user_pref("CT2504091.LastLogin_3.15.1.0", "Fri Apr 26 2013 15:20:52 GMT+0200");
Gelöscht : user_pref("CT2504091.LastLogin_3.3.3.2", "Mon Jul 18 2011 05:45:41 GMT+0200");
Gelöscht : user_pref("CT2504091.LastLogin_3.6.0.10", "Sat Dec 03 2011 12:21:34 GMT+0100");
Gelöscht : user_pref("CT2504091.LastLogin_3.8.1.0", "Mon Jun 25 2012 18:44:01 GMT+0200");
Gelöscht : user_pref("CT2504091.LatestVersion", "3.18.0.7");
Gelöscht : user_pref("CT2504091.Locale", "en-us");
Gelöscht : user_pref("CT2504091.LoginCache", 4);
Gelöscht : user_pref("CT2504091.MAX_NUMBER_OF_ALERTS_129566938558801595", "1_1315831822136");
Gelöscht : user_pref("CT2504091.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2504091.MCDetectTooltipShow", false);
Gelöscht : user_pref("CT2504091.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2504091.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2504091.MyStuffEnabledAtInstallation", true);
Gelöscht : user_pref("CT2504091.SHRINK_TOOLBAR", 1);
Gelöscht : user_pref("CT2504091.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gelöscht : user_pref("CT2504091.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Gelöscht : user_pref("CT2504091.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2504091.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT250[...]
Gelöscht : user_pref("CT2504091.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2504091.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2504091.SearchInNewTabLastCheckTime", "Fri Apr 26 2013 15:20:50 GMT+0200");
Gelöscht : user_pref("CT2504091.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2504091.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Gelöscht : user_pref("CT2504091.SearchProtectorEnabled", false);
Gelöscht : user_pref("CT2504091.SearchProtectorToolbarDisabled", false);
Gelöscht : user_pref("CT2504091.ServiceMapLastCheckTime", "Fri Apr 26 2013 15:20:52 GMT+0200");
Gelöscht : user_pref("CT2504091.SettingsCheckIntervalMin", 120);
Gelöscht : user_pref("CT2504091.SettingsLastCheckTime", "Fri Apr 26 2013 15:20:49 GMT+0200");
Gelöscht : user_pref("CT2504091.SettingsLastUpdate", "1366964819");
Gelöscht : user_pref("CT2504091.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Fri Apr 26 2013 15:20:49 GMT+0200");
Gelöscht : user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1331805997");
Gelöscht : user_pref("CT2504091.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2504091");
Gelöscht : user_pref("CT2504091.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gelöscht : user_pref("CT2504091.UserID", "UN51959925549681837");
Gelöscht : user_pref("CT2504091.ValidationData_Toolbar", 2);
Gelöscht : user_pref("CT2504091.alertChannelId", "897164");
Gelöscht : user_pref("CT2504091.approveUntrustedApps", false);
Gelöscht : user_pref("CT2504091.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B474[...]
Gelöscht : user_pref("CT2504091.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Gelöscht : user_pref("CT2504091.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]
Gelöscht : user_pref("CT2504091.backendstorage./9b+7e.:2z527", "247E707273303C3833477B473C3F2C742E7E7D792022342[...]
Gelöscht : user_pref("CT2504091.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Gelöscht : user_pref("CT2504091.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Gelöscht : user_pref("CT2504091.backendstorage./9b+7e06cg5el8:", "6E6D6B6C6A6C73717672");
Gelöscht : user_pref("CT2504091.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737172707279777C78242F4B4947[...]
Gelöscht : user_pref("CT2504091.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Gelöscht : user_pref("CT2504091.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Gelöscht : user_pref("CT2504091.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Gelöscht : user_pref("CT2504091.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Gelöscht : user_pref("CT2504091.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Gelöscht : user_pref("CT2504091.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Gelöscht : user_pref("CT2504091.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Gelöscht : user_pref("CT2504091.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347513[...]
Gelöscht : user_pref("CT2504091.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]
Gelöscht : user_pref("CT2504091.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Gelöscht : user_pref("CT2504091.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Gelöscht : user_pref("CT2504091.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Gelöscht : user_pref("CT2504091.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Gelöscht : user_pref("CT2504091.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Gelöscht : user_pref("CT2504091.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Gelöscht : user_pref("CT2504091.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Gelöscht : user_pref("CT2504091.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Gelöscht : user_pref("CT2504091.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]
Gelöscht : user_pref("CT2504091.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Gelöscht : user_pref("CT2504091.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Gelöscht : user_pref("CT2504091.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Gelöscht : user_pref("CT2504091.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Gelöscht : user_pref("CT2504091.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934235[...]
Gelöscht : user_pref("CT2504091.backendstorage./9b-0?3g>d", "3C67716973416C767A6F46734A20744C4B4E25237C21262A24[...]
Gelöscht : user_pref("CT2504091.backendstorage./9b-0?3g@6:5;", "");
Gelöscht : user_pref("CT2504091.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Gelöscht : user_pref("CT2504091.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]
Gelöscht : user_pref("CT2504091.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Gelöscht : user_pref("CT2504091.backendstorage./9b3=>@44i48?", "372C2D32697576334236334148477B213F3E484F4E4D464[...]
Gelöscht : user_pref("CT2504091.backendstorage./9b5ba==9cjag", "6D3A3B70726F6F6E7A44784874744B7E777B507D4D");
Gelöscht : user_pref("CT2504091.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6B6C6A6C73726F72757174");
Gelöscht : user_pref("CT2504091.backendstorage./9b9643g3/9e", "6A");
Gelöscht : user_pref("CT2504091.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");
Gelöscht : user_pref("CT2504091.backendstorage./9b<:222h64<", "393F352F3E");
Gelöscht : user_pref("CT2504091.backendstorage./9b=+03eh8h8j?:", "4443");
Gelöscht : user_pref("CT2504091.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Gelöscht : user_pref("CT2504091.backendstorage./9b?b0d:8aj62<h", "6D");
Gelöscht : user_pref("CT2504091.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Gelöscht : user_pref("CT2504091.backendstorage._gpl_firstrun10100", "31333138303030373834");
Gelöscht : user_pref("CT2504091.backendstorage.cb_user_id_000", "43423436323839323934393436395F3133363639383235[...]
Gelöscht : user_pref("CT2504091.backendstorage.cbfirsttime", "546875204A616E20313020323031332032303A31373A32372[...]
Gelöscht : user_pref("CT2504091.backendstorage.for_aoi", "31333134313033373833");
Gelöscht : user_pref("CT2504091.backendstorage.for_ccid", "57757070657274616C");
Gelöscht : user_pref("CT2504091.backendstorage.for_cdtr5", "31333134313033373833");
Gelöscht : user_pref("CT2504091.backendstorage.for_cdtr6", "31333135393136333432");
Gelöscht : user_pref("CT2504091.backendstorage.for_cid", "4445");
Gelöscht : user_pref("CT2504091.backendstorage.for_ip", "37382E34392E3139352E313537");
Gelöscht : user_pref("CT2504091.backendstorage.for_lcut", "31333230303831353434");
Gelöscht : user_pref("CT2504091.backendstorage.for_pid", "31303231");
Gelöscht : user_pref("CT2504091.backendstorage.for_rid", "3037");
Gelöscht : user_pref("CT2504091.backendstorage.for_zoneid", "3130313537");
Gelöscht : user_pref("CT2504091.backendstorage.hxxp://dl_gameplaylabs_com/items/conduit/temp._gpl_firstrun10100[...]
Gelöscht : user_pref("CT2504091.backendstorage.mam_gk_appsdata", "7B2261707073223A5B7B226964223A225072696365476[...]
Gelöscht : user_pref("CT2504091.backendstorage.mam_gk_appsdefaultenabled", "74727565");
Gelöscht : user_pref("CT2504091.backendstorage.mam_gk_appstate_couponbuddy", "6F6E");
Gelöscht : user_pref("CT2504091.backendstorage.mam_gk_appstate_easytobook", "6F6E");
Gelöscht : user_pref("CT2504091.backendstorage.mam_gk_appstate_easytobook_targeted", "6F6E");
Gelöscht : user_pref("CT2504091.backendstorage.mam_gk_appstate_pricegong", "6F6E");
Gelöscht : user_pref("CT2504091.backendstorage.mam_gk_appstate_windowshopper", "6F6E");
Gelöscht : user_pref("CT2504091.backendstorage.mam_gk_appstatereporttime", "31333636393832343738383035");
Gelöscht : user_pref("CT2504091.backendstorage.mam_gk_configuration", "7B22636F6E66696775726174696F6E223A5B7B22[...]
Gelöscht : user_pref("CT2504091.backendstorage.mam_gk_currentversion", "312E342E342E36");
Gelöscht : user_pref("CT2504091.backendstorage.mam_gk_first_time", "31");
Gelöscht : user_pref("CT2504091.backendstorage.mam_gk_lastlogintime", "31333636393832343733393534");
Gelöscht : user_pref("CT2504091.backendstorage.mam_gk_localization", "7B22676164676574436F6E74656E74506F6C69637[...]
Gelöscht : user_pref("CT2504091.backendstorage.mam_gk_settings1.4.4.6", "7B22537461747573223A227375636365656465[...]
Gelöscht : user_pref("CT2504091.backendstorage.mam_gk_showclosebutton", "74727565");
Gelöscht : user_pref("CT2504091.backendstorage.mam_gk_showwelcomegadget", "66616C7365");
Gelöscht : user_pref("CT2504091.backendstorage.mam_gk_userid", "32393532653666332D623430312D343033612D616639382[...]
Gelöscht : user_pref("CT2504091.backendstorage.pg_enable", "74727565");
Gelöscht : user_pref("CT2504091.backendstorage.searchappstate", "31");
Gelöscht : user_pref("CT2504091.backendstorage.searchapptracking", "73656E74");
Gelöscht : user_pref("CT2504091.backendstorage.sf_just_installed", "46414C5345");
Gelöscht : user_pref("CT2504091.backendstorage.sf_status", "454E41424C4544");
Gelöscht : user_pref("CT2504091.backendstorage.sf_user_id", "6369645F3236343230313331353233313239383939343831")[...]
Gelöscht : user_pref("CT2504091.backendstorage.shoppingapp.gk.exipres", "5361742053657020323920323031322031343A[...]
Gelöscht : user_pref("CT2504091.backendstorage.shoppingapp.gk.geolocation", "6765726D616E79");
Gelöscht : user_pref("CT2504091.backendstorage.url_history0001", "687474703A2F2F7777772E66616365626F6F6B2E636F6[...]
Gelöscht : user_pref("CT2504091.clientLogIsEnabled", false);
Gelöscht : user_pref("CT2504091.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gelöscht : user_pref("CT2504091.components.1000034", false);
Gelöscht : user_pref("CT2504091.components.129079840422182852", false);
Gelöscht : user_pref("CT2504091.components.129079840422339107", false);
Gelöscht : user_pref("CT2504091.components.129079840422964131", false);
Gelöscht : user_pref("CT2504091.components.129079849636241789", false);
Gelöscht : user_pref("CT2504091.components.129974830244070075", false);
Gelöscht : user_pref("CT2504091.components.129975529526495326", false);
Gelöscht : user_pref("CT2504091.components.129990558296257215", false);
Gelöscht : user_pref("CT2504091.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gelöscht : user_pref("CT2504091.globalFirstTimeInfoLastCheckTime", "Fri Apr 26 2013 15:20:57 GMT+0200");
Gelöscht : user_pref("CT2504091.homepageProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2504091.initDone", true);
Gelöscht : user_pref("CT2504091.isAppTrackingManagerOn", false);
Gelöscht : user_pref("CT2504091.myStuffEnabled", true);
Gelöscht : user_pref("CT2504091.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2504091.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2504091.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2504091.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2504091.oldAppsList", "129079840421557838,129079840422026594,111,129079849636241789,129[...]
Gelöscht : user_pref("CT2504091.revertSettingsEnabled", true);
Gelöscht : user_pref("CT2504091.searchProtectorDialogDelayInSec", 10);
Gelöscht : user_pref("CT2504091.searchProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2504091.testingCtid", "");
Gelöscht : user_pref("CT2504091.toolbarAppMetaDataLastCheckTime", "Fri Apr 26 2013 15:20:57 GMT+0200");
Gelöscht : user_pref("CT2504091.toolbarContextMenuLastCheckTime", "Fri Apr 26 2013 15:20:57 GMT+0200");
Gelöscht : user_pref("CT2504091.undefined", "Tue Aug 23 2011 14:49:38 GMT+0200");
Gelöscht : user_pref("CT2504091.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gelöscht : user_pref("CT2504091.usagesFlag", 2);
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2504091/CT2504091[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/897164/892962/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2504091", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2504091",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2504091&octid=[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2504091/CT2504091[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Gelöscht : user_pref("CommunityToolbar.EngineOwner", "");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerGuid", "{ba14329e-9550-4989-b3f2-9732e92d17cc}");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerToolbarId", "vuze_remote");
Gelöscht : user_pref("CommunityToolbar.IsEngineShown", true);
Gelöscht : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Carolin\\AppData\\Roaming\\Mozilla\[...]
Gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0");
Gelöscht : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2504091");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{ba14329e-9550-4989-b3f2-9732e92d17cc}");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "vuze_remote");
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2504091");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2504091");
Gelöscht : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Mon Jun 13 2011 11:13:33 GMT+02[...]
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun Jul 17 2011 17:45:49 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon Jul 18 2011 00:20:09 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.alert.userId", "203bc777-9fc6-4e36-9137-421d1ab27c28");
Gelöscht : user_pref("CommunityToolbar.globalUserId", "9a7b1e30-daa5-435c-a785-345e74616306");
Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.killedEngine", true);
Gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Apr 26 2013 15:20:5[...]
Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Apr 26 2013 15:21:07 GMT+020[...]
Gelöscht : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true);
Gelöscht : user_pref("CommunityToolbar.notifications.locale", "en");
Gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Apr 26 2013 15:20:57 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.notifications.userId", "a55a44a4-1d8e-4751-8ba1-32ba31a06906");
Gelöscht : user_pref("CommunityToolbar.undefined", "");
Gelöscht : user_pref("extensions.asktb.cbid", "N9");
Gelöscht : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&[...]
Gelöscht : user_pref("extensions.asktb.fresh-install", false);
Gelöscht : user_pref("extensions.asktb.l", "dis");
Gelöscht : user_pref("extensions.asktb.last-config-req", "1289766892272");
Gelöscht : user_pref("extensions.asktb.locale", "de_DE");
Gelöscht : user_pref("extensions.asktb.nero.userName", "");
Gelöscht : user_pref("extensions.asktb.o", "15418");
Gelöscht : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Gelöscht : user_pref("extensions.asktb.qsrc", "2871");
Gelöscht : user_pref("extensions.asktb.r", "2");
Datei : C:\Users\Ted2011\AppData\Roaming\Mozilla\Firefox\Profiles\fnm7dgp8.default\prefs.js
Gelöscht : user_pref("extensions.BabylonToolbar.bbDpng", 8);
Gelöscht : user_pref("extensions.BabylonToolbar.cntry", "DE");
Gelöscht : user_pref("extensions.BabylonToolbar.firstRun", false);
Gelöscht : user_pref("extensions.BabylonToolbar.hdrMd5", "6A9F6ACDB3EAEC321D7576C0438695E9");
Gelöscht : user_pref("extensions.BabylonToolbar.lastActv", "8");
Gelöscht : user_pref("extensions.BabylonToolbar.lastDP", 8);
Gelöscht : user_pref("extensions.facemoods.aflt", "_#fsy");
Gelöscht : user_pref("extensions.facemoods.firstRun", false);
Gelöscht : user_pref("extensions.facemoods.lastActv", "30");
Gelöscht : user_pref("keyword.URL", "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=1a14b3710000000000004061867[...]
Gelöscht : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Gelöscht : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Gelöscht : user_pref("sweetim.toolbar.mode.debug", "false");
Gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "chrome://browser-region/locale/region.properties"[...]
Gelöscht : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Gelöscht : user_pref("sweetim.toolbar.search.history.capacity", "10");
Gelöscht : user_pref("sweetim.toolbar.simapp_id", "{2FD82BCD-3FC0-4E08-8564-D9725012C966}");
Gelöscht : user_pref("sweetim.toolbar.version", "1.1.0.0");
-\\ Google Chrome v27.0.1453.94
Datei : C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
Datei : C:\Users\Ted2011\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [34462 octets] - [04/06/2013 20:22:12]
########## EOF - C:\AdwCleaner[S1].txt - [34523 octets] ##########
|
|
05.06.2013, 12:24
| #14 |
| /// Malware-holic | gvu trojaner hi, HitmanPro - Download - Filepony hitmanpro laden, doppelklicken, Scan klicken. Nichts löschen, weiter klicken, Log speichern, bzw als xml exportieren, dann posten, bzw packen und anhängen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.06.2013, 21:02
| #15 |
| | gvu trojaner hi in dem srtess hier hab ich voll verpeilt nur zu scanen er hat auchbereinigt das log hab ich aber.... im mom alles ..... naja hoffe das Kind kommt endlich dann wird's wieder besser.... Code:
ATTFilter
|
|
| Themen zu gvu trojaner |
| autorun, babylontoolbar, bho, bingbar, black, bonjour, error, firefox, flash player, format, iexplore.exe, install.exe, kaspersky, mcafee firewall, plug-in, pup.downloader.zyl, pup.offerbundler.st, realtek, registry, richtlinie, rundll, security, software, svchost.exe, teamspeak, total commander, trojan.agent, trojaner, usenext, wildtangent games, windows |
Textbox. 
WARNUNG an die MITLESER: 
Linear-Darstellung
