|
Log-Analyse und Auswertung: Brower (Firefox & Chrome) haben Websearch.lookforitthere.info als StartseiteWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
09.06.2013, 19:47 | #1 |
| Brower (Firefox & Chrome) haben Websearch.lookforitthere.info als Startseite Hallo, es ist ein Segen, dass es solche Foren gibt! Dies ist der Computer meiner Mutter. Ein Problem hab ich im Titel ja schon genannt. Ich weiß nicht wie lange nun schon Websearch als Startseite der Browser installiert ist. Vorher gab es noch Babylon und Conduit. Desweiteren werden seit zwei Tagen auf allen besuchten Webseiten "unanständige" Werbebanner gezeigt. ^^ Toolbars von Websearch und Babylon habe ich deinstalliert, allerdings "nur" über Systemsteuerung->Programme->Deinstallieren. Ich weiß nicht, ob das nun tatsächlich deinstalliert ist. Die Probleme gibt es schon seit mehreren Wochen, wegen Abi habe ich mich nicht drum gekümmert und nun festgestellt, dass ich keinerlei Ahnung habe, wie das Problem behoben werden kann. Achso. In einem voreiligen Versuch das Problem zu lösen habe ich Spyhunter 4 installiert, der gleich über hundert Probleme aufzeigte, aber nicht bereit war diese ohne Bezahlung zu lösen. Ich habe auch dieses Programm wieder deinstalliert. Hier sind die gewünschten Logs. Der defogger hat keine Fehlermeldung ausgegeben. OTL Code:
ATTFilter OTL logfile created on: 09.06.2013 19:50:15 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\Benutzer\Ute.UTE-PC\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 5,57 Gb Available Physical Memory | 69,80% Memory free 15,97 Gb Paging File | 12,84 Gb Available in Paging File | 80,44% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 75,49 Gb Total Space | 21,08 Gb Free Space | 27,93% Space Free | Partition Type: NTFS Drive D: | 380,17 Gb Total Space | 332,56 Gb Free Space | 87,48% Space Free | Partition Type: NTFS Drive J: | 3,90 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: UTE-PC | User Name: Ute | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013.05.20 17:55:18 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013.05.16 20:04:47 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe PRC - [2013.05.16 10:59:00 | 003,830,224 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe PRC - [2013.05.16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2013.05.16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2013.05.15 13:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2013.01.16 12:18:33 | 001,650,128 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe PRC - [2013.01.10 15:35:48 | 000,257,512 | ---- | M] (G Data Software) -- C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe PRC - [2013.01.09 14:01:22 | 001,035,216 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe PRC - [2012.11.29 06:25:41 | 001,547,288 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\GUI\GDSC.exe PRC - [2012.11.29 06:20:10 | 001,475,096 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe PRC - [2012.11.29 05:49:49 | 001,548,312 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe PRC - [2012.11.29 05:47:08 | 000,469,016 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe PRC - [2012.10.05 22:57:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Benutzer\Ute.UTE-PC\Downloads\OTL.exe PRC - [2012.05.31 14:53:00 | 000,008,704 | ---- | M] (Microsoft) -- C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe PRC - [2012.05.31 14:52:40 | 000,096,768 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe PRC - [2012.04.10 16:05:18 | 000,334,840 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVK.exe PRC - [2012.03.29 04:42:27 | 000,470,008 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe PRC - [2012.03.09 00:19:30 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe PRC - [2012.02.01 16:29:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2012.02.01 16:29:56 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe ========== Modules (No Company Name) ========== MOD - [2013.05.20 17:55:18 | 003,128,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013.05.17 15:16:26 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll MOD - [2013.05.17 15:16:13 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll MOD - [2013.05.17 15:16:09 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll MOD - [2013.05.16 20:04:46 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll MOD - [2013.05.16 10:55:28 | 000,161,112 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl MOD - [2013.05.16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2013.05.16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\Dropbox\bin\libcef.dll MOD - [2013.01.24 13:25:02 | 001,044,480 | ---- | M] () -- c:\progra~2\websea~1\sprote~1.dll MOD - [2013.01.24 13:16:54 | 001,050,112 | ---- | M] () -- c:\progra~2\contin~1\sprote~1.dll MOD - [2013.01.13 17:42:21 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\1c402ca365b68a2616ea3a5194d38310\IAStorCommon.ni.dll MOD - [2013.01.13 17:42:20 | 000,489,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8c78244854f84b69701fcee19b543645\IAStorUtil.ni.dll MOD - [2013.01.10 04:20:56 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.01.10 04:20:23 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.10 04:20:09 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.10 04:20:06 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.10 04:19:57 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll MOD - [2011.04.12 09:43:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.12.19 21:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012.05.31 14:53:00 | 000,008,704 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2013.06.07 00:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.05.20 17:55:18 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.16 20:04:47 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.01.16 12:18:33 | 001,650,128 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe -- (GDBackupSvc) SRV - [2013.01.10 15:35:48 | 000,257,512 | ---- | M] (G Data Software) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe -- (TSNxGService) SRV - [2012.11.30 06:30:54 | 001,219,096 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe -- (GDTunerSvc) SRV - [2012.11.29 06:14:21 | 002,377,736 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe -- (GDFwSvc) SRV - [2012.11.29 06:08:54 | 002,012,592 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlX64.exe -- (AVKWCtl) SRV - [2012.11.29 05:49:49 | 001,548,312 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2012.11.29 05:47:08 | 000,469,016 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe -- (AVKService) SRV - [2012.07.13 14:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.31 14:52:40 | 000,096,768 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver) SRV - [2012.03.29 04:42:27 | 000,470,008 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan) SRV - [2012.02.01 16:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | On_Demand | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) DRV:64bit: - [2013.01.27 01:53:31 | 000,062,368 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt) DRV:64bit: - [2013.01.27 01:51:34 | 000,126,880 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV:64bit: - [2013.01.27 01:51:34 | 000,065,008 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd) DRV:64bit: - [2013.01.27 01:51:34 | 000,064,416 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre) DRV:64bit: - [2013.01.27 01:51:34 | 000,054,176 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave) DRV:64bit: - [2012.12.26 18:01:48 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.12.19 22:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.12.19 21:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.11.06 13:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.10.27 02:54:44 | 000,106,648 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.06.03 21:59:17 | 000,098,760 | ---- | M] (G Data Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TS4nt.sys -- (TS4NT) DRV:64bit: - [2012.06.03 21:59:04 | 000,031,608 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GdNetMon64.sys -- (GdNetMon) DRV:64bit: - [2012.03.02 06:13:58 | 000,029,184 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.19 23:49:22 | 000,637,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStorS.sys -- (iaStorS) DRV:64bit: - [2011.12.19 23:49:18 | 000,566,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA) DRV:64bit: - [2011.12.19 23:49:18 | 000,024,496 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF) DRV:64bit: - [2011.10.17 16:55:32 | 000,559,384 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.08.11 08:54:16 | 000,104,560 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2011.05.25 13:19:00 | 000,076,160 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI) DRV:64bit: - [2011.05.25 13:19:00 | 000,052,608 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3) DRV:64bit: - [2011.04.11 11:33:54 | 001,579,520 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.11 23:23:34 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.23 09:07:36 | 000,096,768 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciPPorts.sys -- (PciPPorts) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.12.19 04:25:34 | 000,122,880 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciSPorts.sys -- (PciSPorts) DRV:64bit: - [2008.12.19 04:23:30 | 000,068,608 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciIsaSerial.sys -- (PciIsaSerial) DRV - [2012.03.02 06:13:58 | 000,021,504 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {64A7E6C4-A64F-4DEB-A13E-5CB31FC7B92D} IE:64bit: - HKLM\..\SearchScopes\{64A7E6C4-A64F-4DEB-A13E-5CB31FC7B92D}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.lookforithere.info/?pid=377&r=2013/05/21&hid=2591007165&lg=EN&cc=DE&unqvl=14 IE - HKLM\..\SearchScopes,DefaultScope = {64A7E6C4-A64F-4DEB-A13E-5CB31FC7B92D} IE - HKLM\..\SearchScopes\{64A7E6C4-A64F-4DEB-A13E-5CB31FC7B92D}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = hxxp://websearch.lookforithere.info/?l=1&q={searchTerms}&pid=377&r=2013/05/21&hid=2591007165&lg=EN&cc=DE&unqvl=14 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.hyrican.de [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKCU\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {64A7E6C4-A64F-4DEB-A13E-5CB31FC7B92D} IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = hxxp://websearch.lookforithere.info/?l=1&q={searchTerms}&pid=377&r=2013/05/21&hid=2591007165&lg=EN&cc=DE&unqvl=14 IE - HKCU\..\SearchScopes\{CBE9CFC6-4714-448F-A35D-3CBD4827D344}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481020 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "WebSearch" FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "hxxp://websearch.lookforithere.info/?pid=377&r=2013/05/21&hid=2591007165&lg=EN&cc=DE&unqvl=14&l=1&q=" FF - prefs.js..browser.search.order.1: "WebSearch" FF - prefs.js..browser.search.order.1,S: S", "WebSearch" FF - prefs.js..browser.search.selectedEngine: "WebSearch" FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch" FF - prefs.js..browser.startup.homepage: "hxxp://websearch.lookforithere.info/?pid=377&r=2013/05/21&hid=2591007165&lg=EN&cc=DE&unqvl=14" FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..keyword.URL: "hxxp://websearch.lookforithere.info/?pid=377&r=2013/05/21&hid=2591007165&lg=EN&cc=DE&unqvl=14&l=1&q=" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Benutzer\Ute.UTE-PC\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Benutzer\Ute.UTE-PC\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmdownloader@gmail.com: C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ [2012.06.03 21:13:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.20 17:55:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.03.04 17:52:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.20 17:55:18 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.22 19:24:28 | 000,000,000 | ---D | M] (No name found) -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\mozilla\Extensions [2013.05.21 08:17:29 | 000,000,000 | ---D | M] (No name found) -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\mozilla\Firefox\Profiles\z5644nf8.default\extensions [2013.05.21 08:17:29 | 000,000,000 | ---D | M] (SearchNewTab) -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\mozilla\Firefox\Profiles\z5644nf8.default\extensions\bxhrd30f4b@rmtbtcamxg.net [2013.05.21 08:17:29 | 000,000,000 | ---D | M] (coontinueetosavee) -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\mozilla\Firefox\Profiles\z5644nf8.default\extensions\xm35ji@ldnihz.net [2013.04.08 21:58:25 | 000,714,654 | ---- | M] () (No name found) -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\mozilla\firefox\profiles\z5644nf8.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013.05.21 08:17:32 | 000,007,849 | ---- | M] () -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\mozilla\firefox\profiles\z5644nf8.default\searchplugins\WebSearch.xml [2013.05.20 17:55:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.20 17:55:18 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - homepage: hxxp://websearch.lookforithere.info/?pid=377&r=2013/05/21&hid=2591007165&lg=EN&cc=DE&unqvl=14 CHR - Extension: No name found = D:\Benutzer\Ute.UTE-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: No name found = D:\Benutzer\Ute.UTE-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf\1.0.0_0\ CHR - Extension: No name found = D:\Benutzer\Ute.UTE-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: No name found = D:\Benutzer\Ute.UTE-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkjoiggkbepedjmjjbhhecjiimlckcga\10.15.2.523_0\ CHR - Extension: No name found = D:\Benutzer\Ute.UTE-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\iiogoahdjhmpnidkfapapialgnfmoppf\1\ CHR - Extension: No name found = D:\Benutzer\Ute.UTE-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcpileggbeggldbgdnikalmifjfeldi\1\ CHR - Extension: No name found = D:\Benutzer\Ute.UTE-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (SearchNewTab) - {4FBC9915-89A7-FF85-80B0-6C8E0AB6F49F} - C:\ProgramData\SearchNewTab\519b1b8d6ca6a.dll () O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found. O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (coontinueetosavee) - {E4158A8A-BBCF-35C9-3261-8FE8CB943B95} - C:\ProgramData\coontinueetosavee\519b1b6e189e2.dll () O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5786D022-540E-4699-B350-B4BE0AE94B79} - No CLSID value found. O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe (G Data Software AG) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation) O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - Startup: D:\Benutzer\Ute.UTE-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = D:\Benutzer\Ute.UTE-PC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: D:\Benutzer\Ute.UTE-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IML.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83CA3965-B290-4655-8631-B8B691A38EE4}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~2\contin~1\sprote~1.dll) - c:\progra~2\contin~1\sprote~1.dll () O20 - AppInit_DLLs: (c:\progra~2\websea~1\sprote~1.dll) - c:\progra~2\websea~1\sprote~1.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (c:\program files (x86)\g data\totalprotection\avkkid\avkcks.exe) - c:\program files (x86)\g data\totalprotection\avkkid\avkcks.exe () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013.06.09 18:23:18 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2012.09.28 15:30:38 | 000,055,176 | R--- | M] (Electronic Arts) - J:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2012.09.28 11:48:28 | 000,000,049 | R--- | M] () - J:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{cbe2ae1d-4f73-11e2-a96b-50e549dfde29}\Shell - "" = AutoRun O33 - MountPoints2\{cbe2ae1d-4f73-11e2-a96b-50e549dfde29}\Shell\AutoRun\command - "" = J:\Autorun.exe -- [2012.09.28 15:30:38 | 000,055,176 | R--- | M] (Electronic Arts) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.09 19:05:18 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.06.09 18:23:05 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013.06.09 18:22:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2013.06.09 18:04:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2013.06.09 18:04:29 | 000,000,000 | ---D | C] -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2013.06.07 22:46:40 | 000,000,000 | ---D | C] -- D:\Benutzer\Ute.UTE-PC\Documents\RCT3 [2013.06.07 22:46:40 | 000,000,000 | ---D | C] -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\Atari [2013.06.07 21:52:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2013.06.07 21:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2013.06.07 21:52:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2013.06.07 21:34:03 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.06.07 21:33:52 | 000,000,000 | ---D | C] -- C:\JRT [2013.06.03 18:19:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013.06.03 18:19:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2013.06.03 18:19:09 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe [2013.06.03 18:19:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2013.05.21 08:17:02 | 000,000,000 | ---D | C] -- C:\ProgramData\StarApp [2013.05.21 08:17:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SearchNewTab [2013.05.21 08:16:57 | 000,000,000 | ---D | C] -- C:\ProgramData\SearchNewTab [2013.05.21 08:16:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WebSearch [2013.05.21 08:16:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ContinueToSave [2013.05.21 08:16:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\coontinueetosavee [2013.05.21 08:16:24 | 000,000,000 | ---D | C] -- C:\ProgramData\coontinueetosavee [2013.05.21 08:15:43 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate [2013.05.20 17:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.09 19:48:59 | 000,000,168 | ---- | M] () -- D:\Benutzer\Ute.UTE-PC\defogger_reenable [2013.06.09 19:04:05 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-802728691-1065208354-3821002551-1001UA.job [2013.06.09 19:04:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.09 18:25:01 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.09 18:25:01 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.09 18:23:18 | 000,000,000 | ---- | M] () -- C:\autoexec.bat [2013.06.09 18:17:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.09 18:17:07 | 2134,298,623 | -HS- | M] () -- C:\hiberfil.sys [2013.06.09 18:04:29 | 000,002,975 | ---- | M] () -- D:\Benutzer\Ute.UTE-PC\Desktop\HiJackThis.lnk [2013.06.09 17:49:06 | 000,001,063 | ---- | M] () -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.06.09 17:49:01 | 000,001,047 | ---- | M] () -- D:\Benutzer\Ute.UTE-PC\Desktop\Dropbox.lnk [2013.06.07 16:48:58 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-802728691-1065208354-3821002551-1001Core.job [2013.05.25 01:41:53 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.25 01:41:53 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.25 01:41:53 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.25 01:41:53 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.25 01:41:53 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.18 19:26:33 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.05.17 15:14:26 | 000,311,152 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.09 19:48:59 | 000,000,168 | ---- | C] () -- D:\Benutzer\Ute.UTE-PC\defogger_reenable [2013.06.09 18:23:18 | 000,000,000 | ---- | C] () -- C:\autoexec.bat [2013.06.09 18:04:29 | 000,002,975 | ---- | C] () -- D:\Benutzer\Ute.UTE-PC\Desktop\HiJackThis.lnk [2013.06.03 18:19:12 | 000,001,398 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013.05.18 19:26:33 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.12.23 01:05:24 | 000,001,638 | ---- | C] () -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\MyMicroBalanceConfig.ini [2012.12.22 23:14:10 | 000,000,218 | ---- | C] () -- D:\Benutzer\Ute.UTE-PC\AppData\Local\recently-used.xbel [2012.12.22 23:11:00 | 000,003,533 | ---- | C] () -- D:\Benutzer\Ute.UTE-PC\AppData\Local\Ute.gnucash [2012.12.20 18:22:44 | 000,000,368 | ---- | C] () -- D:\Benutzer\Ute.UTE-PC\.jhh [2012.06.05 10:45:05 | 001,016,973 | ---- | C] () -- C:\Windows\SysWow64\sig.bin [2012.06.03 16:57:00 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.04.12 16:37:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.04.12 16:35:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.04.12 16:35:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.04.12 16:35:49 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.06.03 17:34:27 | 000,000,000 | ---D | M] -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\.minecraft [2012.12.22 23:42:48 | 000,000,000 | ---D | M] -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\Aquamarin Haushaltsbuch [2012.12.20 18:04:07 | 000,000,000 | ---D | M] -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\Ashampoo [2013.06.07 22:46:40 | 000,000,000 | ---D | M] -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\Atari [2012.12.02 03:02:07 | 000,000,000 | ---D | M] -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\calibre [2013.06.09 19:14:33 | 000,000,000 | ---D | M] -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\DAEMON Tools Lite [2013.06.09 18:18:23 | 000,000,000 | ---D | M] -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\Dropbox [2012.12.02 21:51:45 | 000,000,000 | ---D | M] -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\elsterformular [2013.02.09 15:05:15 | 000,000,000 | ---D | M] -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\Origin [2012.12.22 21:28:51 | 000,000,000 | ---D | M] -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\SmartTools [2012.06.04 23:03:10 | 000,000,000 | ---D | M] -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\Thunderbird [2012.06.09 15:21:44 | 000,000,000 | ---D | M] -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\Zylom Games ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 09.06.2013 19:50:15 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\Benutzer\Ute.UTE-PC\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 5,57 Gb Available Physical Memory | 69,80% Memory free 15,97 Gb Paging File | 12,84 Gb Available in Paging File | 80,44% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 75,49 Gb Total Space | 21,08 Gb Free Space | 27,93% Space Free | Partition Type: NTFS Drive D: | 380,17 Gb Total Space | 332,56 Gb Free Space | 87,48% Space Free | Partition Type: NTFS Drive J: | 3,90 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: UTE-PC | User Name: Ute | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htafile [open] -- "%1" %* htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htafile [open] -- "%1" %* htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01B3F9B2-2490-4365-83B6-30924A5E0CDF}" = lport=445 | protocol=6 | dir=in | app=system | "{08D084B6-1B9B-45A2-8965-4C41D283DA0F}" = rport=138 | protocol=17 | dir=out | app=system | "{2829089F-216C-41E4-83D4-A5FA5FFCA48E}" = lport=10243 | protocol=6 | dir=in | app=system | "{3AA2D5DA-49CC-4D33-88DC-29D4EC41F7FB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{439BAE38-27CF-4B8B-8FBF-730D1CC93003}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4A132506-B4EE-475D-B1B3-E7488A4D40AF}" = lport=139 | protocol=6 | dir=in | app=system | "{56705FB5-0C8A-42A4-BB06-FA5EEBE3F900}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{58B476B6-BE80-4742-B7E9-D7806DDA4269}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5C50F9D1-CAC4-4457-8580-B823F52B3810}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7062386E-7895-441C-8FE7-43D33E1AC411}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{746FFD7B-E5C8-49CC-92FC-BD1E092FBC77}" = rport=10243 | protocol=6 | dir=out | app=system | "{7C410A89-35CA-4EE7-9150-A8991254375F}" = rport=139 | protocol=6 | dir=out | app=system | "{7C548611-B366-471E-A2C1-E3342476410F}" = rport=137 | protocol=17 | dir=out | app=system | "{99E19437-7EAD-4391-939E-06948BE2B82B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{A03C0370-0212-4858-8ACD-4D44F52D7BEA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A6678A25-0834-4C9F-8C58-DF9AB31BDFE0}" = rport=445 | protocol=6 | dir=out | app=system | "{AACBCE6D-3C38-4B73-AAEF-E981F8C13A71}" = lport=2869 | protocol=6 | dir=in | app=system | "{B8BF6793-9EE2-426D-AAD1-119B7EE6655B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CF0198EE-4B03-46C7-893F-6CCCDD63B8F6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D4D41C4A-0441-4F44-8349-5530045FA55F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{D863A721-5677-4F33-951B-060770A6EE5E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{DA63950F-8E93-4E41-88F7-CB7AA4C49828}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DEA9AE1E-03C8-46DC-BF28-2071D360571B}" = lport=138 | protocol=17 | dir=in | app=system | "{EDF50131-469A-4743-A5AD-BC06501ED42A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{EFBAC61F-023F-46B0-9B29-FD99BE2E7C15}" = lport=137 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{14BF653C-CDBA-4DBC-A710-19BB5279F92C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{15E6E411-83F9-4326-A413-461EC77892AA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{15F80F37-3092-4E96-B1B0-EE4801000C09}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{1C675264-905D-4197-B50E-415A319B6C2F}" = protocol=17 | dir=in | app=d:\benutzer\ute.ute-pc\appdata\roaming\dropbox\bin\dropbox.exe | "{20D3F2F9-343C-4D0E-955A-8FAF87C26A44}" = protocol=6 | dir=in | app=c:\program files (x86)\gnucash\bin\gnucash.exe | "{332C6D7E-BDCA-4BD1-850E-C68587F41D5B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{371F2827-61A2-48AB-A74D-9AE75F6382BC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{3A8845F2-99FC-4D03-8B12-A450695F9C9A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{3C85F81B-354F-4C57-B2E7-4F052A9FABBB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rollercoaster tycoon 3 gold\rct3plus.exe | "{472ADE33-BDEB-463E-9C33-FC1470DBC8E9}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{47F2651B-4425-4809-BFCD-F64CBF48BD4E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{4E075DB2-BDF3-4AE4-BEEE-3D9A08D52B6C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{54BDE5E0-5C2A-480A-BD44-DBB4DF9C052A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{55605FBE-226B-4428-BEC4-358A004D4DB6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{616254D2-E618-453F-9FCD-AFD8930F1660}" = protocol=17 | dir=in | app=c:\program files (x86)\gnucash\bin\gconfd-2.exe | "{6329F152-CC96-4B69-83F2-C7151D715EFE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{6FAF2395-4520-4A45-9612-2F20673D7C76}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{72D6E19B-448B-4541-BABA-E1B4DB105A9F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{73C5EF0A-34CC-4810-A8C3-DB61E6E5B512}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{7BAF3BD6-CFF6-4CCF-B106-BBFABDD2F295}" = protocol=6 | dir=in | app=c:\program files (x86)\gnucash\bin\gconfd-2.exe | "{8677D78A-1A18-4EAD-9825-E440B557C266}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{86D6E5A8-7777-4B5A-BB01-BADECCE1E04C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8E448B3D-25B4-4A5B-880A-240E3C085DA2}" = protocol=6 | dir=in | app=d:\benutzer\ute.ute-pc\appdata\roaming\dropbox\bin\dropbox.exe | "{902A606B-5904-4AB7-BB00-089A4D8AFB76}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{92AE9074-44E9-47ED-9162-5180C3999399}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{983706F7-24ED-4F41-93A7-825457E8BF03}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rollercoaster tycoon 3 gold\rct3plus.exe | "{9AF6BFCC-F2B0-49F9-A68F-82110C65FDAB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{A593034B-9365-4A8C-9135-1CCF1F3ED9E7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{C35DA94A-1F9A-4D65-BB09-723AEFCEF415}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{C5185473-95E2-41D3-831B-63E1D0D0753C}" = protocol=17 | dir=in | app=c:\program files (x86)\gnucash\bin\gnucash.exe | "{E6A98632-B700-4717-857C-5C3D47FFE2AB}" = protocol=6 | dir=out | app=system | "{FECF9DC0-3B5C-476B-98E0-BFF2FA2614FD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{FFC628E6-7519-42D2-BEAB-792899BE1C74}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "TCP Query User{21399D75-A16A-47BB-9723-EEE9F9578924}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "TCP Query User{AA96FAFD-7F51-4368-B0D7-A6490E4D890A}D:\benutzer\ute.ute-pc\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=d:\benutzer\ute.ute-pc\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{6FECBB16-6A5E-427F-80C4-DD0CF9AA0F5D}D:\benutzer\ute.ute-pc\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=d:\benutzer\ute.ute-pc\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{8A1B2F2F-FF33-4AB4-9979-3E88BF54CE2D}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{06DB2C4C-DC29-DA42-3B00-5581CBF545BB}" = AMD Drag and Drop Transcoding "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10 "{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64 "{A1A084D5-B714-442F-B7B6-C3A24AE8C130}" = calibre 64bit "{C8149A2F-CBAA-A60A-1F13-162126D54D77}" = AMD AVIVO64 Codecs "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech "{08A25478-C5DD-4EA7-B168-3D687CA987FF}" = Die Sims™ 3 Traumsuite-Accessoires "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{10909818-3951-4C58-801F-76077939856D}" = HydraVision "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21 "{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese "{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3BBFD444-5FAB-49F6-98B1-A1954E831399}" = Die Sims™ 3 Showtime "{3DE92282-CB49-434F-81BF-94E5B380E889}" = Die Sims™ 3 Jahreszeiten "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English "{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian "{552442BD-8398-46F0-ACF1-02F8E1843458}" = G Data TotalProtection 2012 "{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian "{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai "{63326924-3CAF-C858-3A8F-8598C87019D7}" = Catalyst Control Center "{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek "{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires "{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7B11296A-F894-449C-8DF6-6AAAA7D4D118}" = Die Sims™ 3 Stadt-Accessoires "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian "{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91B33C97-0FBA-74AE-E802-D782F5C8AA89}_is1" = Ashampoo Burning Studio 2013 v.11.0.5 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.0.1) MUI "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}" = Die Sims™ 3 Supernatural "{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy "{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3 "{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean "{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch "{C1C6816E-CBB3-A748-85F9-A8B47B68985B}" = coontinueetosavee "{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}" = SearchNewTab "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common "{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional "{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = Die Sims™ 3 Lebensfreude "{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All "{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish "{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support "{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "7-Zip" = 7-Zip 9.22beta "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Big City Adventure: London Classic" = Big City Adventure: London Classic "DAEMON Tools Lite" = DAEMON Tools Lite "DSGPlayer" = RTL GAME CENTER "ElsterFormular" = ElsterFormular "Exzellent, Eure Majestät!" = Exzellent, Eure Majestät! "FarmFrenzy" = FarmFrenzy "Freemake Video Downloader_is1" = Freemake Video Downloader "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller "Kobo" = Kobo "Magnus2" = Die Suche nach dem Goldschatz "Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de) "Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Origin" = Origin "Roads Of Rome_is1" = Roads Of Rome "SmartToolsFinanzplan 2013v4.00" = SmartTools Publishing • Excel Finanzplan 2013 "SP_4e24eecb" = Search Assistant WebSearch 1.74 "SP_e14dcdfa" = ContinueToSave 1.74 "Steam App 2700" = RollerCoaster Tycoon 3: Platinum! "The Next BIG Thing (de)" = The Next BIG Thing (Deutsch) "VLC media player" = VLC media player 1.1.11 "WinPcapInst" = WinPcap 4.1.2 "Zylom Games Player Plugin" = Zylom Games Player Plugin ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Amazon Kindle" = Amazon Kindle "Dropbox" = Dropbox "Google Chrome" = Google Chrome "Zylom Games Player Plugin" = Zylom Games Player Plugin ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 04.05.2013 14:52:46 | Computer Name = UTE-PC | Source = WinMgmt | ID = 10 Description = Error - 05.05.2013 05:12:50 | Computer Name = UTE-PC | Source = WinMgmt | ID = 10 Description = Error - 03.12.2012 06:20:37 | Computer Name = UTE-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 03.12.2012 06:20:37 | Computer Name = UTE-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 03.12.2012 06:20:37 | Computer Name = UTE-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 03.12.2012 06:20:37 | Computer Name = UTE-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 03.12.2012 06:21:04 | Computer Name = UTE-PC | Source = WinMgmt | ID = 10 Description = Error - 03.12.2012 06:21:34 | Computer Name = UTE-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 05.05.2013 17:46:09 | Computer Name = UTE-PC | Source = WinMgmt | ID = 10 Description = Error - 05.05.2013 17:54:29 | Computer Name = UTE-PC | Source = Windows Backup | ID = 4103 Description = Error - 06.05.2013 16:48:59 | Computer Name = UTE-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 22.12.2012 16:55:07 | Computer Name = UTE-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 23.12.2012 18:08:27 | Computer Name = UTE-PC | Source = NetBT | ID = 4319 Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT -n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen. Error - 23.12.2012 18:56:30 | Computer Name = UTE-PC | Source = NetBT | ID = 4319 Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT -n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen. Error - 25.12.2012 07:51:43 | Computer Name = UTE-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Windows-Zeitgeber" wurde mit folgendem Fehler beendet: %%1115 Error - 25.12.2012 09:47:22 | Computer Name = UTE-PC | Source = NetBT | ID = 4319 Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT -n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen. Error - 25.12.2012 12:03:01 | Computer Name = UTE-PC | Source = BROWSER | ID = 8032 Description = Error - 27.12.2012 11:54:35 | Computer Name = UTE-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden. Error - 29.12.2012 17:46:54 | Computer Name = UTE-PC | Source = bowser | ID = 8003 Description = Error - 31.12.2012 10:36:34 | Computer Name = UTE-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Freemake Improver erreicht. Error - 31.12.2012 10:36:34 | Computer Name = UTE-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Freemake Improver" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 < End of report > Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-06-09 20:20:26 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 rev. 0,00MB Running: gmer_2.1.19163.exe; Driver: D:\Benutzer\UTE~1.UTE\AppData\Local\Temp\ufldapow.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff80002fae000 63 bytes [00, 00, 0D, 02, 4D, 49, 63, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 624 fffff80002fae040 72 bytes [C0, 75, B0, 11, 80, FA, FF, ...] ---- User code sections - GMER 2.1 ---- .text C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe[1764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076951465 2 bytes [95, 76] .text C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe[1764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769514bb 2 bytes [95, 76] .text ... * 2 .text D:\Benutzer\Ute.UTE-PC\AppData\Roaming\Dropbox\bin\Dropbox.exe[2668] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000076951465 2 bytes [95, 76] .text D:\Benutzer\Ute.UTE-PC\AppData\Roaming\Dropbox\bin\Dropbox.exe[2668] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000769514bb 2 bytes [95, 76] .text ... * 2 .text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[2876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076951465 2 bytes [95, 76] .text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[2876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769514bb 2 bytes [95, 76] .text ... * 2 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2960] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076951465 2 bytes [95, 76] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2960] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000769514bb 2 bytes [95, 76] .text ... * 2 .text C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe[1036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076951465 2 bytes [95, 76] .text C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe[1036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769514bb 2 bytes [95, 76] .text ... * 2 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3256] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076951465 2 bytes [95, 76] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3256] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000769514bb 2 bytes [95, 76] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread [6992:4112] 00000000775f2e25 Thread [6992:2176] 000000007659d864 Thread [6992:2040] 00000000775f3e45 ---- Processes - GMER 2.1 ---- Library C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe (*** suspicious ***) @ C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [6804] 0000000140000000 Library C:\Program Files\Enigma Software Group\SpyHunter\ExecutionGuard.dll (*** suspicious ***) @ C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [6804] 0000000180000000 Library C:\Program Files\Enigma Software Group\SpyHunter\ShScanner.dll (*** suspicious ***) @ C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [6804] 000007fee2380000 Library C:\Program Files\Enigma Software Group\SpyHunter\Defman.dll (*** suspicious ***) @ C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [6804] 000007fee2860000 Library C:\Program Files\Enigma Software Group\SpyHunter\Common.dll (*** suspicious ***) @ C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [6804] 00000000001e0000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{AA6AD888-DBB6-41BD-8DA6-247FEAAE1B2D}\Connection@Name isatap.{7AB5735D-CA25-4028-BFA4-1D24DB643FC1} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{FF41DD72-5E02-458C-AAD3-14C09B6E5111}?\Device\{AA6AD888-DBB6-41BD-8DA6-247FEAAE1B2D}?\Device\{C682B3CB-8791-48BA-BC35-3858EA5B08CC}?\Device\{5991695B-4452-4BF1-9997-B415FF249D47}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{FF41DD72-5E02-458C-AAD3-14C09B6E5111}"?"{AA6AD888-DBB6-41BD-8DA6-247FEAAE1B2D}"?"{C682B3CB-8791-48BA-BC35-3858EA5B08CC}"?"{5991695B-4452-4BF1-9997-B415FF249D47}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{FF41DD72-5E02-458C-AAD3-14C09B6E5111}?\Device\TCPIP6TUNNEL_{AA6AD888-DBB6-41BD-8DA6-247FEAAE1B2D}?\Device\TCPIP6TUNNEL_{C682B3CB-8791-48BA-BC35-3858EA5B08CC}?\Device\TCPIP6TUNNEL_{5991695B-4452-4BF1-9997-B415FF249D47}? Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{AA6AD888-DBB6-41BD-8DA6-247FEAAE1B2D}@InterfaceName isatap.{7AB5735D-CA25-4028-BFA4-1D24DB643FC1} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{AA6AD888-DBB6-41BD-8DA6-247FEAAE1B2D}@ReusableType 0 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 sector 0: rootkit-like behavior ---- EOF - GMER 2.1 ---- Ich bedanke mich jetzt schon für zukünftige Hilfe! LG Paulinchen |
09.06.2013, 19:52 | #2 |
/// Malware-holic | Brower (Firefox & Chrome) haben Websearch.lookforitthere.info als Startseite hi,
__________________Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
09.06.2013, 20:15 | #3 |
| Brower (Firefox & Chrome) haben Websearch.lookforitthere.info als Startseite Danke für die schnelle Hilfe
__________________Hier der Log Code:
ATTFilter 21:07:57.0187 9252 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 21:07:59.0187 9252 ============================================================ 21:07:59.0187 9252 Current date / time: 2013/06/09 21:07:59.0187 21:07:59.0187 9252 SystemInfo: 21:07:59.0187 9252 21:07:59.0187 9252 OS Version: 6.1.7601 ServicePack: 1.0 21:07:59.0187 9252 Product type: Workstation 21:07:59.0187 9252 ComputerName: UTE-PC 21:07:59.0187 9252 UserName: Ute 21:07:59.0187 9252 Windows directory: C:\Windows 21:07:59.0187 9252 System windows directory: C:\Windows 21:07:59.0187 9252 Running under WOW64 21:07:59.0187 9252 Processor architecture: Intel x64 21:07:59.0187 9252 Number of processors: 4 21:07:59.0187 9252 Page size: 0x1000 21:07:59.0187 9252 Boot type: Normal boot 21:07:59.0187 9252 ============================================================ 21:07:59.0557 9252 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0x14B355, SectorsPerTrack: 0xC, TracksPerCylinder: 0x3C, Type 'K0', Flags 0x00000040 21:07:59.0657 9252 ============================================================ 21:07:59.0657 9252 \Device\Harddisk0\DR0: 21:07:59.0657 9252 MBR partitions: 21:07:59.0657 9252 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 21:07:59.0657 9252 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x96FCF8C 21:07:59.0657 9252 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x972F79A, BlocksNum 0x2F85600A 21:07:59.0657 9252 ============================================================ 21:07:59.0727 9252 C: <-> \Device\Harddisk0\DR0\Partition2 21:07:59.0787 9252 D: <-> \Device\Harddisk0\DR0\Partition3 21:07:59.0797 9252 ============================================================ 21:07:59.0797 9252 Initialize success 21:07:59.0797 9252 ============================================================ 21:09:13.0600 9172 ============================================================ 21:09:13.0600 9172 Scan started 21:09:13.0600 9172 Mode: Manual; SigCheck; TDLFS; 21:09:13.0600 9172 ============================================================ 21:09:15.0534 9172 ================ Scan system memory ======================== 21:09:15.0534 9172 System memory - ok 21:09:15.0534 9172 ================ Scan services ============================= 21:09:15.0659 9172 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 21:09:15.0753 9172 1394ohci - ok 21:09:15.0784 9172 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 21:09:15.0815 9172 ACPI - ok 21:09:15.0846 9172 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 21:09:15.0878 9172 AcpiPmi - ok 21:09:16.0018 9172 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 21:09:16.0034 9172 AdobeFlashPlayerUpdateSvc - ok 21:09:16.0096 9172 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 21:09:16.0127 9172 adp94xx - ok 21:09:16.0127 9172 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 21:09:16.0143 9172 adpahci - ok 21:09:16.0143 9172 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 21:09:16.0158 9172 adpu320 - ok 21:09:16.0205 9172 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 21:09:16.0236 9172 AeLookupSvc - ok 21:09:16.0330 9172 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 21:09:16.0392 9172 AFD - ok 21:09:16.0408 9172 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 21:09:16.0424 9172 agp440 - ok 21:09:16.0424 9172 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 21:09:16.0439 9172 ALG - ok 21:09:16.0502 9172 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 21:09:16.0517 9172 aliide - ok 21:09:16.0548 9172 [ 4EAAAAB8759644D572522FBCDD196A13 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 21:09:16.0564 9172 AMD External Events Utility - ok 21:09:16.0580 9172 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 21:09:16.0595 9172 amdide - ok 21:09:16.0595 9172 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 21:09:16.0611 9172 AmdK8 - ok 21:09:16.0798 9172 [ 22A14DF59FB8D0BE918C597988AF4296 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 21:09:17.0032 9172 amdkmdag - ok 21:09:17.0063 9172 [ EE22D3ED6D55A855E709F811CCCA97ED ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 21:09:17.0079 9172 amdkmdap - ok 21:09:17.0079 9172 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 21:09:17.0094 9172 AmdPPM - ok 21:09:17.0110 9172 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 21:09:17.0126 9172 amdsata - ok 21:09:17.0126 9172 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 21:09:17.0126 9172 amdsbs - ok 21:09:17.0141 9172 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 21:09:17.0141 9172 amdxata - ok 21:09:17.0141 9172 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 21:09:17.0172 9172 AppID - ok 21:09:17.0204 9172 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 21:09:17.0219 9172 AppIDSvc - ok 21:09:17.0250 9172 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll 21:09:17.0266 9172 Appinfo - ok 21:09:17.0282 9172 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 21:09:17.0297 9172 arc - ok 21:09:17.0328 9172 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 21:09:17.0344 9172 arcsas - ok 21:09:17.0375 9172 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 21:09:17.0406 9172 AsyncMac - ok 21:09:17.0406 9172 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 21:09:17.0422 9172 atapi - ok 21:09:17.0469 9172 [ 7D89B0C443F6068E5B27AA3B972069FF ] athr C:\Windows\system32\DRIVERS\athrx.sys 21:09:17.0516 9172 athr - ok 21:09:17.0547 9172 [ 437F55435623D4D54D36197F5AD8B435 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys 21:09:17.0578 9172 AtiHDAudioService - ok 21:09:17.0594 9172 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 21:09:17.0625 9172 AudioEndpointBuilder - ok 21:09:17.0640 9172 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 21:09:17.0672 9172 AudioSrv - ok 21:09:17.0812 9172 [ A1ADE0E06E057E3E7C3C931413AD9665 ] AVKProxy C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe 21:09:17.0859 9172 AVKProxy - ok 21:09:17.0921 9172 [ 68F93849B4197243E8454E704B063F9B ] AVKService C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe 21:09:17.0937 9172 AVKService - ok 21:09:17.0968 9172 [ B278D782732166A55AB270406E89F7A0 ] AVKWCtl C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlX64.exe 21:09:18.0030 9172 AVKWCtl - ok 21:09:18.0077 9172 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 21:09:18.0093 9172 AxInstSV - ok 21:09:18.0124 9172 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 21:09:18.0155 9172 b06bdrv - ok 21:09:18.0171 9172 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 21:09:18.0186 9172 b57nd60a - ok 21:09:18.0202 9172 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 21:09:18.0218 9172 BDESVC - ok 21:09:18.0233 9172 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 21:09:18.0280 9172 Beep - ok 21:09:18.0311 9172 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 21:09:18.0374 9172 BFE - ok 21:09:18.0389 9172 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 21:09:18.0436 9172 BITS - ok 21:09:18.0452 9172 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 21:09:18.0467 9172 blbdrive - ok 21:09:18.0483 9172 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 21:09:18.0498 9172 bowser - ok 21:09:18.0514 9172 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 21:09:18.0514 9172 BrFiltLo - ok 21:09:18.0530 9172 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 21:09:18.0545 9172 BrFiltUp - ok 21:09:18.0576 9172 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 21:09:18.0608 9172 Browser - ok 21:09:18.0608 9172 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 21:09:18.0670 9172 Brserid - ok 21:09:18.0670 9172 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 21:09:18.0701 9172 BrSerWdm - ok 21:09:18.0717 9172 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 21:09:18.0732 9172 BrUsbMdm - ok 21:09:18.0795 9172 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 21:09:18.0810 9172 BrUsbSer - ok 21:09:18.0826 9172 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 21:09:18.0842 9172 BTHMODEM - ok 21:09:18.0857 9172 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 21:09:18.0904 9172 bthserv - ok 21:09:18.0920 9172 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 21:09:18.0951 9172 cdfs - ok 21:09:18.0951 9172 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 21:09:18.0966 9172 cdrom - ok 21:09:18.0982 9172 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 21:09:19.0013 9172 CertPropSvc - ok 21:09:19.0029 9172 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 21:09:19.0029 9172 circlass - ok 21:09:19.0044 9172 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 21:09:19.0060 9172 CLFS - ok 21:09:19.0138 9172 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 21:09:19.0154 9172 clr_optimization_v2.0.50727_32 - ok 21:09:19.0200 9172 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 21:09:19.0216 9172 clr_optimization_v2.0.50727_64 - ok 21:09:19.0278 9172 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 21:09:19.0294 9172 clr_optimization_v4.0.30319_32 - ok 21:09:19.0341 9172 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 21:09:19.0356 9172 clr_optimization_v4.0.30319_64 - ok 21:09:19.0356 9172 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 21:09:19.0356 9172 CmBatt - ok 21:09:19.0372 9172 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 21:09:19.0372 9172 cmdide - ok 21:09:19.0403 9172 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys 21:09:19.0419 9172 CNG - ok 21:09:19.0419 9172 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 21:09:19.0434 9172 Compbatt - ok 21:09:19.0434 9172 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 21:09:19.0450 9172 CompositeBus - ok 21:09:19.0450 9172 COMSysApp - ok 21:09:19.0481 9172 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 21:09:19.0481 9172 crcdisk - ok 21:09:19.0528 9172 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 21:09:19.0559 9172 CryptSvc - ok 21:09:19.0590 9172 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 21:09:19.0622 9172 DcomLaunch - ok 21:09:19.0653 9172 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 21:09:19.0668 9172 defragsvc - ok 21:09:19.0684 9172 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 21:09:19.0715 9172 DfsC - ok 21:09:19.0715 9172 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 21:09:19.0746 9172 Dhcp - ok 21:09:19.0762 9172 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 21:09:19.0793 9172 discache - ok 21:09:19.0809 9172 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 21:09:19.0809 9172 Disk - ok 21:09:19.0824 9172 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 21:09:19.0840 9172 Dnscache - ok 21:09:19.0856 9172 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 21:09:19.0887 9172 dot3svc - ok 21:09:19.0902 9172 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 21:09:19.0918 9172 DPS - ok 21:09:19.0949 9172 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 21:09:19.0965 9172 drmkaud - ok 21:09:20.0012 9172 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys 21:09:20.0027 9172 dtsoftbus01 - ok 21:09:20.0058 9172 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 21:09:20.0090 9172 DXGKrnl - ok 21:09:20.0105 9172 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 21:09:20.0121 9172 EapHost - ok 21:09:20.0183 9172 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 21:09:20.0277 9172 ebdrv - ok 21:09:20.0292 9172 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 21:09:20.0308 9172 EFS - ok 21:09:20.0355 9172 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 21:09:20.0386 9172 ehRecvr - ok 21:09:20.0402 9172 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 21:09:20.0417 9172 ehSched - ok 21:09:20.0433 9172 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 21:09:20.0448 9172 elxstor - ok 21:09:20.0464 9172 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 21:09:20.0480 9172 ErrDev - ok 21:09:20.0558 9172 esgiguard - ok 21:09:20.0589 9172 [ 72ECCB2F5C9CFC32A9B2A60933832501 ] EtronHub3 C:\Windows\System32\Drivers\EtronHub3.sys 21:09:20.0604 9172 EtronHub3 - ok 21:09:20.0636 9172 [ 7BB310F6FB9E1B9D21DD2CE7EB0D5464 ] EtronXHCI C:\Windows\System32\Drivers\EtronXHCI.sys 21:09:20.0651 9172 EtronXHCI - ok 21:09:20.0698 9172 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 21:09:20.0745 9172 EventSystem - ok 21:09:20.0776 9172 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 21:09:20.0792 9172 exfat - ok 21:09:20.0807 9172 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 21:09:20.0854 9172 fastfat - ok 21:09:20.0870 9172 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 21:09:20.0901 9172 Fax - ok 21:09:20.0916 9172 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 21:09:20.0932 9172 fdc - ok 21:09:20.0948 9172 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 21:09:20.0963 9172 fdPHost - ok 21:09:20.0979 9172 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 21:09:21.0010 9172 FDResPub - ok 21:09:21.0026 9172 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 21:09:21.0026 9172 FileInfo - ok 21:09:21.0041 9172 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 21:09:21.0072 9172 Filetrace - ok 21:09:21.0088 9172 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 21:09:21.0088 9172 flpydisk - ok 21:09:21.0104 9172 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 21:09:21.0119 9172 FltMgr - ok 21:09:21.0166 9172 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll 21:09:21.0213 9172 FontCache - ok 21:09:21.0275 9172 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 21:09:21.0291 9172 FontCache3.0.0.0 - ok 21:09:21.0338 9172 [ 565619F1B6DA86E3C7BA75A1E60ECFCD ] Freemake Improver C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe 21:09:21.0353 9172 Freemake Improver ( UnsignedFile.Multi.Generic ) - warning 21:09:21.0353 9172 Freemake Improver - detected UnsignedFile.Multi.Generic (1) 21:09:21.0384 9172 [ 93B5CD0AC126BE95F65B28AF3D9542DC ] FreemakeVideoCapture C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe 21:09:21.0400 9172 FreemakeVideoCapture ( UnsignedFile.Multi.Generic ) - warning 21:09:21.0400 9172 FreemakeVideoCapture - detected UnsignedFile.Multi.Generic (1) 21:09:21.0416 9172 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 21:09:21.0431 9172 FsDepends - ok 21:09:21.0447 9172 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 21:09:21.0462 9172 Fs_Rec - ok 21:09:21.0509 9172 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 21:09:21.0540 9172 fvevol - ok 21:09:21.0556 9172 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 21:09:21.0572 9172 gagp30kx - ok 21:09:21.0650 9172 [ E97ECF327AF2648DC7F3F29200B8C490 ] GDBackupSvc C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe 21:09:21.0712 9172 GDBackupSvc - ok 21:09:21.0743 9172 [ DEC2DEB0025548EE434C2DBA68B771BC ] GDBehave C:\Windows\system32\drivers\GDBehave.sys 21:09:21.0743 9172 GDBehave - ok 21:09:21.0852 9172 [ 98024F808C6A12FA9160AEF9C8344FAB ] GDFwSvc C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe 21:09:21.0930 9172 GDFwSvc - ok 21:09:21.0946 9172 [ C91D9D7338AD7E6D0CC707828E90203F ] GDMnIcpt C:\Windows\system32\drivers\MiniIcpt.sys 21:09:21.0946 9172 GDMnIcpt - ok 21:09:21.0962 9172 [ D826B9C59DE0B310C9E560763560D8F9 ] GdNetMon C:\Windows\system32\drivers\GdNetMon64.sys 21:09:21.0977 9172 GdNetMon - ok 21:09:21.0993 9172 [ B6F4C60CF97E823F2874FF9FEF4CC89B ] GDPkIcpt C:\Windows\system32\drivers\PktIcpt.sys 21:09:22.0008 9172 GDPkIcpt - ok 21:09:22.0024 9172 gdrv - ok 21:09:22.0055 9172 [ 110C6DC36EA9F5DA664A584756B1B297 ] GDScan C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe 21:09:22.0086 9172 GDScan - ok 21:09:22.0149 9172 [ 1526ACA44D95361D1D75E4354A39FC0A ] GDTunerSvc C:\Program Files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe 21:09:22.0180 9172 GDTunerSvc - ok 21:09:22.0196 9172 [ 080B1C7B27BD44877DA04F6EC3D16CF3 ] gdwfpcd C:\Windows\system32\drivers\gdwfpcd64.sys 21:09:22.0196 9172 gdwfpcd - ok 21:09:22.0227 9172 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 21:09:22.0258 9172 gpsvc - ok 21:09:22.0305 9172 [ 9580CBF03D2EE08BD1C0D701AAE4092A ] GRD C:\Windows\system32\drivers\GRD.sys 21:09:22.0320 9172 GRD - ok 21:09:22.0336 9172 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 21:09:22.0367 9172 hcw85cir - ok 21:09:22.0383 9172 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 21:09:22.0414 9172 HdAudAddService - ok 21:09:22.0430 9172 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 21:09:22.0445 9172 HDAudBus - ok 21:09:22.0445 9172 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 21:09:22.0461 9172 HidBatt - ok 21:09:22.0461 9172 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 21:09:22.0476 9172 HidBth - ok 21:09:22.0508 9172 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 21:09:22.0523 9172 HidIr - ok 21:09:22.0523 9172 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 21:09:22.0554 9172 hidserv - ok 21:09:22.0554 9172 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 21:09:22.0570 9172 HidUsb - ok 21:09:22.0601 9172 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 21:09:22.0632 9172 hkmsvc - ok 21:09:22.0664 9172 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 21:09:22.0679 9172 HomeGroupListener - ok 21:09:22.0710 9172 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 21:09:22.0710 9172 HomeGroupProvider - ok 21:09:22.0726 9172 [ 907C238D9F85BE868817740C0FD8D315 ] HookCentre C:\Windows\system32\drivers\HookCentre.sys 21:09:22.0742 9172 HookCentre - ok 21:09:22.0757 9172 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 21:09:22.0757 9172 HpSAMD - ok 21:09:22.0788 9172 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 21:09:22.0820 9172 HTTP - ok 21:09:22.0820 9172 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 21:09:22.0835 9172 hwpolicy - ok 21:09:22.0835 9172 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 21:09:22.0851 9172 i8042prt - ok 21:09:22.0882 9172 [ 8180A2392E732E8871589B54FAB6991F ] iaStor C:\Windows\system32\drivers\iaStor.sys 21:09:22.0882 9172 iaStor - ok 21:09:22.0898 9172 [ 3A2C1EBCC6E5A7540AF36C36208F87D2 ] iaStorA C:\Windows\system32\drivers\iaStorA.sys 21:09:22.0913 9172 iaStorA - ok 21:09:22.0976 9172 [ 545462D0DBE24AF379BA869B7C185CCD ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 21:09:22.0991 9172 IAStorDataMgrSvc - ok 21:09:23.0007 9172 [ 1200D69DA2328EA64CDC448F08D5E57B ] iaStorF C:\Windows\system32\drivers\iaStorF.sys 21:09:23.0022 9172 iaStorF - ok 21:09:23.0038 9172 [ E6A6A5462E693D63F7C6729945C48E9E ] iaStorS C:\Windows\system32\drivers\iaStorS.sys 21:09:23.0054 9172 iaStorS - ok 21:09:23.0069 9172 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 21:09:23.0085 9172 iaStorV - ok 21:09:23.0116 9172 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 21:09:23.0147 9172 idsvc - ok 21:09:23.0147 9172 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 21:09:23.0163 9172 iirsp - ok 21:09:23.0194 9172 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 21:09:23.0225 9172 IKEEXT - ok 21:09:23.0350 9172 [ 150AC23F21DBDBF8488408BA944B0D65 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 21:09:23.0490 9172 IntcAzAudAddService - ok 21:09:23.0522 9172 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 21:09:23.0522 9172 intelide - ok 21:09:23.0537 9172 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 21:09:23.0553 9172 intelppm - ok 21:09:23.0553 9172 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 21:09:23.0584 9172 IPBusEnum - ok 21:09:23.0584 9172 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 21:09:23.0615 9172 IpFilterDriver - ok 21:09:23.0646 9172 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 21:09:23.0678 9172 iphlpsvc - ok 21:09:23.0678 9172 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 21:09:23.0693 9172 IPMIDRV - ok 21:09:23.0693 9172 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 21:09:23.0724 9172 IPNAT - ok 21:09:23.0740 9172 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 21:09:23.0756 9172 IRENUM - ok 21:09:23.0756 9172 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 21:09:23.0771 9172 isapnp - ok 21:09:23.0787 9172 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 21:09:23.0802 9172 iScsiPrt - ok 21:09:23.0818 9172 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 21:09:23.0818 9172 kbdclass - ok 21:09:23.0818 9172 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 21:09:23.0834 9172 kbdhid - ok 21:09:23.0849 9172 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 21:09:23.0849 9172 KeyIso - ok 21:09:23.0880 9172 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 21:09:23.0880 9172 KSecDD - ok 21:09:23.0912 9172 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 21:09:23.0912 9172 KSecPkg - ok 21:09:23.0927 9172 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 21:09:23.0943 9172 ksthunk - ok 21:09:23.0958 9172 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 21:09:23.0990 9172 KtmRm - ok 21:09:24.0021 9172 [ B8040D3B97B16B89701E31A17353856C ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys 21:09:24.0036 9172 L1C - ok 21:09:24.0068 9172 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 21:09:24.0099 9172 LanmanServer - ok 21:09:24.0130 9172 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 21:09:24.0146 9172 LanmanWorkstation - ok 21:09:24.0177 9172 [ ACEC35F181075B20A5EF4A71958B13DF ] libusb0 C:\Windows\system32\drivers\libusb0.sys 21:09:24.0208 9172 libusb0 - ok 21:09:24.0239 9172 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 21:09:24.0286 9172 lltdio - ok 21:09:24.0286 9172 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 21:09:24.0317 9172 lltdsvc - ok 21:09:24.0317 9172 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 21:09:24.0348 9172 lmhosts - ok 21:09:24.0364 9172 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 21:09:24.0364 9172 LSI_FC - ok 21:09:24.0395 9172 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 21:09:24.0411 9172 LSI_SAS - ok 21:09:24.0426 9172 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 21:09:24.0426 9172 LSI_SAS2 - ok 21:09:24.0442 9172 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 21:09:24.0458 9172 LSI_SCSI - ok 21:09:24.0458 9172 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 21:09:24.0489 9172 luafv - ok 21:09:24.0489 9172 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 21:09:24.0504 9172 Mcx2Svc - ok 21:09:24.0520 9172 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 21:09:24.0520 9172 megasas - ok 21:09:24.0536 9172 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 21:09:24.0536 9172 MegaSR - ok 21:09:24.0567 9172 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 21:09:24.0582 9172 MMCSS - ok 21:09:24.0582 9172 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 21:09:24.0614 9172 Modem - ok 21:09:24.0629 9172 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 21:09:24.0645 9172 monitor - ok 21:09:24.0660 9172 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 21:09:24.0660 9172 mouclass - ok 21:09:24.0676 9172 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 21:09:24.0692 9172 mouhid - ok 21:09:24.0692 9172 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 21:09:24.0707 9172 mountmgr - ok 21:09:24.0738 9172 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 21:09:24.0754 9172 MozillaMaintenance - ok 21:09:24.0770 9172 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 21:09:24.0770 9172 mpio - ok 21:09:24.0785 9172 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 21:09:24.0816 9172 mpsdrv - ok 21:09:24.0832 9172 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 21:09:24.0863 9172 MpsSvc - ok 21:09:24.0879 9172 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 21:09:24.0894 9172 MRxDAV - ok 21:09:24.0910 9172 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 21:09:24.0926 9172 mrxsmb - ok 21:09:24.0957 9172 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 21:09:24.0957 9172 mrxsmb10 - ok 21:09:24.0972 9172 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 21:09:24.0988 9172 mrxsmb20 - ok 21:09:24.0988 9172 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 21:09:24.0988 9172 msahci - ok 21:09:25.0004 9172 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 21:09:25.0004 9172 msdsm - ok 21:09:25.0019 9172 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 21:09:25.0035 9172 MSDTC - ok 21:09:25.0066 9172 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 21:09:25.0082 9172 Msfs - ok 21:09:25.0097 9172 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 21:09:25.0128 9172 mshidkmdf - ok 21:09:25.0144 9172 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 21:09:25.0144 9172 msisadrv - ok 21:09:25.0175 9172 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 21:09:25.0206 9172 MSiSCSI - ok 21:09:25.0206 9172 msiserver - ok 21:09:25.0222 9172 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 21:09:25.0269 9172 MSKSSRV - ok 21:09:25.0284 9172 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 21:09:25.0316 9172 MSPCLOCK - ok 21:09:25.0316 9172 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 21:09:25.0347 9172 MSPQM - ok 21:09:25.0347 9172 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 21:09:25.0362 9172 MsRPC - ok 21:09:25.0378 9172 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 21:09:25.0378 9172 mssmbios - ok 21:09:25.0394 9172 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 21:09:25.0425 9172 MSTEE - ok 21:09:25.0425 9172 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 21:09:25.0425 9172 MTConfig - ok 21:09:25.0440 9172 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 21:09:25.0456 9172 Mup - ok 21:09:25.0472 9172 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 21:09:25.0503 9172 napagent - ok 21:09:25.0581 9172 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 21:09:25.0612 9172 NativeWifiP - ok 21:09:25.0643 9172 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 21:09:25.0690 9172 NDIS - ok 21:09:25.0690 9172 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 21:09:25.0706 9172 NdisCap - ok 21:09:25.0721 9172 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 21:09:25.0737 9172 NdisTapi - ok 21:09:25.0737 9172 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 21:09:25.0768 9172 Ndisuio - ok 21:09:25.0784 9172 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 21:09:25.0799 9172 NdisWan - ok 21:09:25.0815 9172 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 21:09:25.0846 9172 NDProxy - ok 21:09:25.0846 9172 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 21:09:25.0877 9172 NetBIOS - ok 21:09:25.0893 9172 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 21:09:25.0924 9172 NetBT - ok 21:09:25.0940 9172 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 21:09:25.0940 9172 Netlogon - ok 21:09:25.0971 9172 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 21:09:26.0002 9172 Netman - ok 21:09:26.0018 9172 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 21:09:26.0049 9172 netprofm - ok 21:09:26.0064 9172 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 21:09:26.0064 9172 NetTcpPortSharing - ok 21:09:26.0080 9172 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 21:09:26.0096 9172 nfrd960 - ok 21:09:26.0111 9172 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 21:09:26.0127 9172 NlaSvc - ok 21:09:26.0158 9172 [ 351533ACC2A069B94E80BBFC177E8FDF ] npf C:\Windows\system32\drivers\npf.sys 21:09:26.0174 9172 npf - ok 21:09:26.0189 9172 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 21:09:26.0220 9172 Npfs - ok 21:09:26.0236 9172 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 21:09:26.0267 9172 nsi - ok 21:09:26.0267 9172 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 21:09:26.0298 9172 nsiproxy - ok 21:09:26.0330 9172 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 21:09:26.0361 9172 Ntfs - ok 21:09:26.0361 9172 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 21:09:26.0392 9172 Null - ok 21:09:26.0408 9172 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 21:09:26.0423 9172 nvraid - ok 21:09:26.0423 9172 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 21:09:26.0439 9172 nvstor - ok 21:09:26.0454 9172 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 21:09:26.0454 9172 nv_agp - ok 21:09:26.0548 9172 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 21:09:26.0564 9172 odserv - ok 21:09:26.0579 9172 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 21:09:26.0595 9172 ohci1394 - ok 21:09:26.0642 9172 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 21:09:26.0657 9172 ose - ok 21:09:26.0688 9172 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 21:09:26.0704 9172 p2pimsvc - ok 21:09:26.0720 9172 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 21:09:26.0735 9172 p2psvc - ok 21:09:26.0751 9172 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys 21:09:26.0751 9172 Parport - ok 21:09:26.0782 9172 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 21:09:26.0782 9172 partmgr - ok 21:09:26.0798 9172 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 21:09:26.0813 9172 PcaSvc - ok 21:09:26.0829 9172 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 21:09:26.0829 9172 pci - ok 21:09:26.0844 9172 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 21:09:26.0844 9172 pciide - ok 21:09:26.0860 9172 [ 4EDB8D7DC85AD76C434D3037DA7631EC ] PciIsaSerial C:\Windows\system32\drivers\PciIsaSerial.sys 21:09:26.0876 9172 PciIsaSerial - ok 21:09:26.0891 9172 [ 28C9AF2398DA99BCCD647A44F838949B ] PciPPorts C:\Windows\system32\drivers\PciPPorts.sys 21:09:26.0907 9172 PciPPorts - ok 21:09:26.0938 9172 [ 443BCB6D87ACE6F3FCDC65B299DD3EB7 ] PciSPorts C:\Windows\system32\drivers\PciSPorts.sys 21:09:26.0954 9172 PciSPorts - ok 21:09:26.0969 9172 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 21:09:26.0985 9172 pcmcia - ok 21:09:27.0000 9172 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 21:09:27.0016 9172 pcw - ok 21:09:27.0032 9172 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 21:09:27.0063 9172 PEAUTH - ok 21:09:27.0110 9172 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 21:09:27.0141 9172 PerfHost - ok 21:09:27.0172 9172 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 21:09:27.0219 9172 pla - ok 21:09:27.0250 9172 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 21:09:27.0297 9172 PlugPlay - ok 21:09:27.0312 9172 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 21:09:27.0328 9172 PNRPAutoReg - ok 21:09:27.0344 9172 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 21:09:27.0359 9172 PNRPsvc - ok 21:09:27.0390 9172 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 21:09:27.0422 9172 PolicyAgent - ok 21:09:27.0437 9172 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 21:09:27.0468 9172 Power - ok 21:09:27.0468 9172 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 21:09:27.0500 9172 PptpMiniport - ok 21:09:27.0515 9172 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 21:09:27.0515 9172 Processor - ok 21:09:27.0546 9172 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 21:09:27.0578 9172 ProfSvc - ok 21:09:27.0593 9172 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 21:09:27.0609 9172 ProtectedStorage - ok 21:09:27.0609 9172 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 21:09:27.0640 9172 Psched - ok 21:09:27.0671 9172 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 21:09:27.0702 9172 ql2300 - ok 21:09:27.0718 9172 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 21:09:27.0718 9172 ql40xx - ok 21:09:27.0734 9172 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 21:09:27.0749 9172 QWAVE - ok 21:09:27.0749 9172 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 21:09:27.0765 9172 QWAVEdrv - ok 21:09:27.0765 9172 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 21:09:27.0796 9172 RasAcd - ok 21:09:27.0812 9172 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 21:09:27.0858 9172 RasAgileVpn - ok 21:09:27.0874 9172 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 21:09:27.0905 9172 RasAuto - ok 21:09:27.0905 9172 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 21:09:27.0936 9172 Rasl2tp - ok 21:09:27.0952 9172 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 21:09:27.0983 9172 RasMan - ok 21:09:27.0983 9172 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 21:09:28.0014 9172 RasPppoe - ok 21:09:28.0014 9172 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 21:09:28.0046 9172 RasSstp - ok 21:09:28.0061 9172 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 21:09:28.0077 9172 rdbss - ok 21:09:28.0092 9172 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys 21:09:28.0108 9172 rdpbus - ok 21:09:28.0124 9172 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 21:09:28.0139 9172 RDPCDD - ok 21:09:28.0155 9172 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 21:09:28.0186 9172 RDPENCDD - ok 21:09:28.0186 9172 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 21:09:28.0217 9172 RDPREFMP - ok 21:09:28.0280 9172 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 21:09:28.0295 9172 RdpVideoMiniport - ok 21:09:28.0326 9172 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 21:09:28.0373 9172 RDPWD - ok 21:09:28.0389 9172 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 21:09:28.0404 9172 rdyboost - ok 21:09:28.0436 9172 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 21:09:28.0482 9172 RemoteAccess - ok 21:09:28.0482 9172 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 21:09:28.0514 9172 RemoteRegistry - ok 21:09:28.0514 9172 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 21:09:28.0545 9172 RpcEptMapper - ok 21:09:28.0560 9172 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 21:09:28.0576 9172 RpcLocator - ok 21:09:28.0592 9172 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 21:09:28.0623 9172 RpcSs - ok 21:09:28.0670 9172 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 21:09:28.0716 9172 rspndr - ok 21:09:28.0763 9172 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 21:09:28.0779 9172 SamSs - ok 21:09:28.0826 9172 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 21:09:28.0841 9172 sbp2port - ok 21:09:28.0857 9172 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 21:09:28.0904 9172 SCardSvr - ok 21:09:28.0919 9172 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 21:09:28.0950 9172 scfilter - ok 21:09:28.0982 9172 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 21:09:29.0044 9172 Schedule - ok 21:09:29.0060 9172 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 21:09:29.0091 9172 SCPolicySvc - ok 21:09:29.0106 9172 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 21:09:29.0122 9172 SDRSVC - ok 21:09:29.0200 9172 [ 95AA9E165C7DE1B64A11E8B18E91E499 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe 21:09:29.0262 9172 SDScannerService - ok 21:09:29.0294 9172 [ D31398D4BB4907B517B6E784C2100C4A ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe 21:09:29.0325 9172 SDUpdateService - ok 21:09:29.0340 9172 [ 6AE8E702D1027A9627DDE2B77BB9992B ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe 21:09:29.0340 9172 SDWSCService - ok 21:09:29.0340 9172 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 21:09:29.0372 9172 secdrv - ok 21:09:29.0387 9172 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 21:09:29.0403 9172 seclogon - ok 21:09:29.0418 9172 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 21:09:29.0450 9172 SENS - ok 21:09:29.0450 9172 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 21:09:29.0465 9172 SensrSvc - ok 21:09:29.0481 9172 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys 21:09:29.0496 9172 Serenum - ok 21:09:29.0512 9172 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys 21:09:29.0512 9172 Serial - ok 21:09:29.0528 9172 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 21:09:29.0528 9172 sermouse - ok 21:09:29.0543 9172 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 21:09:29.0574 9172 SessionEnv - ok 21:09:29.0574 9172 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 21:09:29.0590 9172 sffdisk - ok 21:09:29.0590 9172 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 21:09:29.0590 9172 sffp_mmc - ok 21:09:29.0606 9172 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 21:09:29.0606 9172 sffp_sd - ok 21:09:29.0621 9172 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 21:09:29.0637 9172 sfloppy - ok 21:09:29.0668 9172 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 21:09:29.0699 9172 SharedAccess - ok 21:09:29.0715 9172 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 21:09:29.0746 9172 ShellHWDetection - ok 21:09:29.0762 9172 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 21:09:29.0762 9172 SiSRaid2 - ok 21:09:29.0777 9172 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 21:09:29.0793 9172 SiSRaid4 - ok 21:09:29.0871 9172 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 21:09:29.0886 9172 SkypeUpdate - ok 21:09:29.0902 9172 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 21:09:29.0949 9172 Smb - ok 21:09:29.0964 9172 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 21:09:29.0980 9172 SNMPTRAP - ok 21:09:29.0980 9172 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 21:09:29.0980 9172 spldr - ok 21:09:30.0011 9172 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 21:09:30.0042 9172 Spooler - ok 21:09:30.0105 9172 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 21:09:30.0198 9172 sppsvc - ok 21:09:30.0214 9172 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 21:09:30.0230 9172 sppuinotify - ok 21:09:30.0261 9172 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 21:09:30.0276 9172 srv - ok 21:09:30.0292 9172 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 21:09:30.0308 9172 srv2 - ok 21:09:30.0308 9172 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 21:09:30.0323 9172 srvnet - ok 21:09:30.0339 9172 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 21:09:30.0370 9172 SSDPSRV - ok 21:09:30.0386 9172 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 21:09:30.0417 9172 SstpSvc - ok 21:09:30.0432 9172 Steam Client Service - ok 21:09:30.0448 9172 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 21:09:30.0464 9172 stexstor - ok 21:09:30.0495 9172 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 21:09:30.0526 9172 stisvc - ok 21:09:30.0526 9172 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 21:09:30.0542 9172 swenum - ok 21:09:30.0557 9172 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 21:09:30.0588 9172 swprv - ok 21:09:30.0635 9172 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 21:09:30.0666 9172 SysMain - ok 21:09:30.0682 9172 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 21:09:30.0682 9172 TabletInputService - ok 21:09:30.0698 9172 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 21:09:30.0729 9172 TapiSrv - ok 21:09:30.0760 9172 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 21:09:30.0791 9172 TBS - ok 21:09:30.0838 9172 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 21:09:30.0869 9172 Tcpip - ok 21:09:30.0900 9172 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 21:09:30.0932 9172 TCPIP6 - ok 21:09:30.0963 9172 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 21:09:30.0963 9172 tcpipreg - ok 21:09:30.0963 9172 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 21:09:30.0994 9172 TDPIPE - ok 21:09:30.0994 9172 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 21:09:30.0994 9172 TDTCP - ok 21:09:31.0010 9172 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 21:09:31.0041 9172 tdx - ok 21:09:31.0041 9172 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 21:09:31.0056 9172 TermDD - ok 21:09:31.0072 9172 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 21:09:31.0103 9172 TermService - ok 21:09:31.0103 9172 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 21:09:31.0119 9172 Themes - ok 21:09:31.0134 9172 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 21:09:31.0150 9172 THREADORDER - ok 21:09:31.0150 9172 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 21:09:31.0181 9172 TrkWks - ok 21:09:31.0212 9172 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 21:09:31.0244 9172 TrustedInstaller - ok 21:09:31.0275 9172 [ 59BD43714E1034A913F019413905D387 ] TS4NT C:\Windows\system32\Drivers\TS4nt.sys 21:09:31.0290 9172 TS4NT - ok 21:09:31.0353 9172 [ 025D02D851EBDDA5B59B6ECD3EF558F6 ] TSNxGService C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe 21:09:31.0368 9172 TSNxGService - ok 21:09:31.0384 9172 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 21:09:31.0431 9172 tssecsrv - ok 21:09:31.0446 9172 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 21:09:31.0462 9172 TsUsbFlt - ok 21:09:31.0493 9172 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 21:09:31.0509 9172 TsUsbGD - ok 21:09:31.0540 9172 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 21:09:31.0556 9172 tunnel - ok 21:09:31.0571 9172 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 21:09:31.0571 9172 uagp35 - ok 21:09:31.0587 9172 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 21:09:31.0618 9172 udfs - ok 21:09:31.0634 9172 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 21:09:31.0634 9172 UI0Detect - ok 21:09:31.0665 9172 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 21:09:31.0665 9172 uliagpkx - ok 21:09:31.0680 9172 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 21:09:31.0680 9172 umbus - ok 21:09:31.0712 9172 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 21:09:31.0712 9172 UmPass - ok 21:09:31.0727 9172 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 21:09:31.0758 9172 upnphost - ok 21:09:31.0758 9172 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 21:09:31.0774 9172 usbccgp - ok 21:09:31.0790 9172 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 21:09:31.0790 9172 usbcir - ok 21:09:31.0805 9172 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys 21:09:31.0821 9172 usbehci - ok 21:09:31.0836 9172 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\drivers\usbhub.sys 21:09:31.0836 9172 usbhub - ok 21:09:31.0852 9172 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 21:09:31.0868 9172 usbohci - ok 21:09:31.0883 9172 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 21:09:31.0883 9172 usbprint - ok 21:09:31.0914 9172 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 21:09:31.0946 9172 usbscan - ok 21:09:31.0946 9172 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 21:09:31.0977 9172 USBSTOR - ok 21:09:31.0977 9172 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 21:09:31.0977 9172 usbuhci - ok 21:09:31.0992 9172 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 21:09:32.0024 9172 UxSms - ok 21:09:32.0024 9172 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 21:09:32.0024 9172 VaultSvc - ok 21:09:32.0039 9172 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 21:09:32.0055 9172 vdrvroot - ok 21:09:32.0070 9172 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 21:09:32.0086 9172 vds - ok 21:09:32.0102 9172 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 21:09:32.0117 9172 vga - ok 21:09:32.0117 9172 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 21:09:32.0148 9172 VgaSave - ok 21:09:32.0180 9172 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 21:09:32.0180 9172 vhdmp - ok 21:09:32.0180 9172 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 21:09:32.0195 9172 viaide - ok 21:09:32.0195 9172 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 21:09:32.0211 9172 volmgr - ok 21:09:32.0211 9172 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 21:09:32.0226 9172 volmgrx - ok 21:09:32.0242 9172 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 21:09:32.0258 9172 volsnap - ok 21:09:32.0273 9172 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 21:09:32.0273 9172 vsmraid - ok 21:09:32.0304 9172 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 21:09:32.0351 9172 VSS - ok 21:09:32.0367 9172 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 21:09:32.0367 9172 vwifibus - ok 21:09:32.0398 9172 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 21:09:32.0414 9172 vwififlt - ok 21:09:32.0414 9172 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 21:09:32.0429 9172 vwifimp - ok 21:09:32.0445 9172 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 21:09:32.0476 9172 W32Time - ok 21:09:32.0476 9172 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 21:09:32.0492 9172 WacomPen - ok 21:09:32.0507 9172 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 21:09:32.0523 9172 WANARP - ok 21:09:32.0538 9172 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 21:09:32.0554 9172 Wanarpv6 - ok 21:09:32.0585 9172 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 21:09:32.0601 9172 wbengine - ok 21:09:32.0632 9172 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 21:09:32.0663 9172 WbioSrvc - ok 21:09:32.0679 9172 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 21:09:32.0694 9172 wcncsvc - ok 21:09:32.0710 9172 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 21:09:32.0726 9172 WcsPlugInService - ok 21:09:32.0741 9172 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 21:09:32.0757 9172 Wd - ok 21:09:32.0788 9172 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 21:09:32.0819 9172 Wdf01000 - ok 21:09:32.0819 9172 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 21:09:32.0835 9172 WdiServiceHost - ok 21:09:32.0835 9172 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 21:09:32.0850 9172 WdiSystemHost - ok 21:09:32.0882 9172 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 21:09:32.0897 9172 WebClient - ok 21:09:32.0913 9172 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 21:09:32.0928 9172 Wecsvc - ok 21:09:32.0944 9172 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 21:09:32.0975 9172 wercplsupport - ok 21:09:33.0006 9172 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 21:09:33.0022 9172 WerSvc - ok 21:09:33.0022 9172 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 21:09:33.0053 9172 WfpLwf - ok 21:09:33.0053 9172 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 21:09:33.0069 9172 WIMMount - ok 21:09:33.0084 9172 WinDefend - ok 21:09:33.0100 9172 WinHttpAutoProxySvc - ok 21:09:33.0147 9172 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 21:09:33.0194 9172 Winmgmt - ok 21:09:33.0240 9172 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 21:09:33.0287 9172 WinRM - ok 21:09:33.0334 9172 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 21:09:33.0350 9172 WinUsb - ok 21:09:33.0381 9172 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 21:09:33.0428 9172 Wlansvc - ok 21:09:33.0568 9172 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 21:09:33.0646 9172 wlidsvc - ok 21:09:33.0646 9172 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 21:09:33.0662 9172 WmiAcpi - ok 21:09:33.0662 9172 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 21:09:33.0677 9172 wmiApSrv - ok 21:09:33.0693 9172 WMPNetworkSvc - ok 21:09:33.0708 9172 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 21:09:33.0724 9172 WPCSvc - ok 21:09:33.0724 9172 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 21:09:33.0740 9172 WPDBusEnum - ok 21:09:33.0755 9172 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 21:09:33.0771 9172 ws2ifsl - ok 21:09:33.0786 9172 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 21:09:33.0802 9172 wscsvc - ok 21:09:33.0802 9172 WSearch - ok 21:09:33.0849 9172 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 21:09:33.0927 9172 wuauserv - ok 21:09:33.0958 9172 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 21:09:33.0958 9172 WudfPf - ok 21:09:33.0989 9172 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 21:09:33.0989 9172 WUDFRd - ok 21:09:34.0005 9172 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 21:09:34.0020 9172 wudfsvc - ok 21:09:34.0036 9172 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll 21:09:34.0083 9172 WwanSvc - ok 21:09:34.0114 9172 ================ Scan global =============================== 21:09:34.0130 9172 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 21:09:34.0161 9172 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 21:09:34.0176 9172 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 21:09:34.0192 9172 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 21:09:34.0192 9172 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 21:09:34.0208 9172 [Global] - ok 21:09:34.0208 9172 ================ Scan MBR ================================== 21:09:34.0208 9172 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 21:09:34.0442 9172 \Device\Harddisk0\DR0 - ok 21:09:34.0442 9172 ================ Scan VBR ================================== 21:09:34.0442 9172 [ 2C8D2B004C5D2C1D4CBD76172D6A3B3A ] \Device\Harddisk0\DR0\Partition1 21:09:34.0442 9172 \Device\Harddisk0\DR0\Partition1 - ok 21:09:34.0457 9172 [ D2161D0873AF8C73EE8FBE6F9B0C3644 ] \Device\Harddisk0\DR0\Partition2 21:09:34.0473 9172 \Device\Harddisk0\DR0\Partition2 - ok 21:09:34.0473 9172 [ 421781F5EB31D5D2E9A9DDD76C68112C ] \Device\Harddisk0\DR0\Partition3 21:09:34.0473 9172 \Device\Harddisk0\DR0\Partition3 - ok 21:09:34.0473 9172 ============================================================ 21:09:34.0473 9172 Scan finished 21:09:34.0473 9172 ============================================================ 21:09:34.0488 10476 Detected object count: 2 21:09:34.0488 10476 Actual detected object count: 2 21:10:44.0767 10476 Freemake Improver ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:44.0767 10476 Freemake Improver ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:10:44.0767 10476 FreemakeVideoCapture ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:44.0767 10476 FreemakeVideoCapture ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:11:57.0706 5156 Deinitialize success |
09.06.2013, 20:17 | #4 |
/// Malware-holic | Brower (Firefox & Chrome) haben Websearch.lookforitthere.info als Startseite hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
10.06.2013, 11:28 | #5 |
| Brower (Firefox & Chrome) haben Websearch.lookforitthere.info als Startseite Hallo, ich konnte GData nicht komplett ausstellen. Ich habe Funktionen wie den Wächter deaktiviert, das Programm hat trotzdem bei jeder Aktion von Combofix gemeckert. Mein eigentliches Problem (Vielleicht hängt es auch mit GData zusammen) ist, dass Combofix schon seit über einer Stunde nichts mehr macht. Er zeigt an, dass Stufe 4 fertig gestellt wurde und mehr ist in der letzten Stunde nicht passiert. Was soll ich jetzt machen? LG |
10.06.2013, 11:31 | #6 |
/// Malware-holic | Brower (Firefox & Chrome) haben Websearch.lookforitthere.info als Startseite kannst du in gdata, nutze es nicht selbst, die verhaltensanalyse und selbstschutz funktionen beenden? combofix abbrechen, evtl. via pc neustart
__________________ --> Brower (Firefox & Chrome) haben Websearch.lookforitthere.info als Startseite |
10.06.2013, 12:28 | #7 |
| Brower (Firefox & Chrome) haben Websearch.lookforitthere.info als Startseite Okay jetzt hat es geklappt. Code:
ATTFilter ComboFix 13-06-08.02 - Ute 10.06.2013 13:11:26.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8175.6162 [GMT 2:00] ausgeführt von:: d:\benutzer\Ute.UTE-PC\Desktop\ComboFix.exe AV: G Data TotalProtection 2013 *Disabled/Outdated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496} FW: G Data Personal Firewall *Disabled* {018C0191-29AD-04E8-101F-264FDF37B3ED} SP: G Data TotalProtection 2013 *Disabled/Outdated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\coontinueetosavee c:\programdata\coontinueetosavee\519b1b6e189e2.dll c:\programdata\coontinueetosavee\519b1b6e189e2.tlb c:\programdata\coontinueetosavee\data\coontinueetosavee.dat c:\programdata\coontinueetosavee\settings.ini c:\programdata\coontinueetosavee\uninstall.exe c:\programdata\Microsoft\Windows\Start Menu\Programs\coontinueetosavee c:\programdata\Microsoft\Windows\Start Menu\Programs\coontinueetosavee\coontinueetosavee.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\coontinueetosavee\Uninstall.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\SearchNewTab c:\programdata\Microsoft\Windows\Start Menu\Programs\SearchNewTab\SearchNewTab.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\SearchNewTab\Uninstall.lnk c:\programdata\SearchNewTab c:\programdata\SearchNewTab\519b1b8d6ca6a.dll c:\programdata\SearchNewTab\519b1b8d6ca6a.tlb c:\programdata\SearchNewTab\data\SearchNewTab.dat c:\programdata\SearchNewTab\settings.ini c:\programdata\SearchNewTab\uninstall.exe c:\windows\SysWow64\ChilkatMail_v7_9.dll c:\windows\SysWow64\Packet.dll c:\windows\SysWow64\pthreadVC.dll c:\windows\SysWow64\wpcap.dll c:\windows\tmp c:\windows\tmp\dd_vcredistMSI38FB.txt c:\windows\tmp\dd_vcredistUI38FB.txt c:\windows\tmp\qtsingleapp-koboex-7d5-1-lockfile c:\windows\wininit.ini . . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF -------\Service_npf . . ((((((((((((((((((((((( Dateien erstellt von 2013-05-10 bis 2013-06-10 )))))))))))))))))))))))))))))) . . 2013-06-09 16:23 . 2013-06-09 16:23 -------- d-----w- c:\program files\Enigma Software Group 2013-06-09 16:22 . 2013-06-09 17:05 -------- d-----w- c:\windows\BCD5545077AC4347B24F654B1189F8D4.TMP 2013-06-09 16:22 . 2013-06-09 16:22 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard 2013-06-09 16:04 . 2013-06-09 16:04 388096 ----a-r- d:\benutzer\Ute.UTE-PC\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2013-06-09 16:04 . 2013-06-09 16:04 -------- d-----w- c:\program files (x86)\Trend Micro 2013-06-07 20:46 . 2013-06-07 20:46 -------- d-----w- d:\benutzer\Ute.UTE-PC\AppData\Roaming\Atari 2013-06-07 19:52 . 2013-06-09 10:30 -------- d-----w- c:\program files (x86)\Common Files\Steam 2013-06-07 19:52 . 2013-06-10 11:01 -------- d-----w- c:\program files (x86)\Steam 2013-06-07 19:34 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EB9DD5F7-94BC-4A4D-90D0-AEF50D128E97}\mpengine.dll 2013-06-07 19:34 . 2013-06-07 19:34 -------- d-----w- c:\windows\ERUNT 2013-06-07 19:33 . 2013-06-09 16:00 -------- d-----w- C:\JRT 2013-06-03 16:19 . 2013-06-03 16:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2013-05-21 06:17 . 2013-05-21 06:17 -------- d-----w- c:\programdata\StarApp 2013-05-21 06:16 . 2013-05-21 06:16 -------- d-----w- c:\program files (x86)\WebSearch 2013-05-21 06:16 . 2013-05-21 06:16 -------- d-----w- c:\program files (x86)\ContinueToSave 2013-05-21 06:15 . 2013-05-21 06:17 -------- d-----w- c:\programdata\InstallMate 2013-05-16 17:05 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-16 22:06 . 2012-04-13 06:12 75016696 ----a-w- c:\windows\system32\MRT.exe 2013-05-16 18:04 . 2012-12-27 13:07 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-16 18:04 . 2012-12-27 13:07 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-05-16 16:54 . 2010-06-24 09:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-02 00:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-04-13 05:49 . 2013-05-16 17:05 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49 . 2013-05-16 17:05 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49 . 2013-05-16 17:05 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49 . 2013-05-16 17:05 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45 . 2013-05-16 17:05 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45 . 2013-05-16 17:05 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-04-12 14:45 . 2013-04-24 14:10 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-05 13:47 . 2013-04-05 13:47 97280 ----a-w- c:\windows\system32\mshtmled.dll 2013-04-05 13:47 . 2013-04-05 13:47 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-04-05 13:47 . 2013-04-05 13:47 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-04-05 13:47 . 2013-04-05 13:47 81408 ----a-w- c:\windows\system32\icardie.dll 2013-04-05 13:47 . 2013-04-05 13:47 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-04-05 13:47 . 2013-04-05 13:47 762368 ----a-w- c:\windows\system32\ieapfltr.dll 2013-04-05 13:47 . 2013-04-05 13:47 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-04-05 13:47 . 2013-04-05 13:47 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-04-05 13:47 . 2013-04-05 13:47 62976 ----a-w- c:\windows\system32\pngfilt.dll 2013-04-05 13:47 . 2013-04-05 13:47 61952 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-04-05 13:47 . 2013-04-05 13:47 599552 ----a-w- c:\windows\system32\vbscript.dll 2013-04-05 13:47 . 2013-04-05 13:47 523264 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-04-05 13:47 . 2013-04-05 13:47 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-04-05 13:47 . 2013-04-05 13:47 51200 ----a-w- c:\windows\system32\imgutil.dll 2013-04-05 13:47 . 2013-04-05 13:47 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-04-05 13:47 . 2013-04-05 13:47 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-04-05 13:47 . 2013-04-05 13:47 452096 ----a-w- c:\windows\system32\dxtmsft.dll 2013-04-05 13:47 . 2013-04-05 13:47 441856 ----a-w- c:\windows\system32\html.iec 2013-04-05 13:47 . 2013-04-05 13:47 38400 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-04-05 13:47 . 2013-04-05 13:47 361984 ----a-w- c:\windows\SysWow64\html.iec 2013-04-05 13:47 . 2013-04-05 13:47 281600 ----a-w- c:\windows\system32\dxtrans.dll 2013-04-05 13:47 . 2013-04-05 13:47 27648 ----a-w- c:\windows\system32\licmgr10.dll 2013-04-05 13:47 . 2013-04-05 13:47 270848 ----a-w- c:\windows\system32\iedkcs32.dll 2013-04-05 13:47 . 2013-04-05 13:47 247296 ----a-w- c:\windows\system32\webcheck.dll 2013-04-05 13:47 . 2013-04-05 13:47 235008 ----a-w- c:\windows\system32\url.dll 2013-04-05 13:47 . 2013-04-05 13:47 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-04-05 13:47 . 2013-04-05 13:47 226304 ----a-w- c:\windows\system32\elshyph.dll 2013-04-05 13:47 . 2013-04-05 13:47 216064 ----a-w- c:\windows\system32\msls31.dll 2013-04-05 13:47 . 2013-04-05 13:47 197120 ----a-w- c:\windows\system32\msrating.dll 2013-04-05 13:47 . 2013-04-05 13:47 185344 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-04-05 13:47 . 2013-04-05 13:47 173568 ----a-w- c:\windows\system32\ieUnatt.exe 2013-04-05 13:47 . 2013-04-05 13:47 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-04-05 13:47 . 2013-04-05 13:47 158720 ----a-w- c:\windows\SysWow64\msls31.dll 2013-04-05 13:47 . 2013-04-05 13:47 1509376 ----a-w- c:\windows\system32\inetcpl.cpl 2013-04-05 13:47 . 2013-04-05 13:47 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-04-05 13:47 . 2013-04-05 13:47 149504 ----a-w- c:\windows\system32\occache.dll 2013-04-05 13:47 . 2013-04-05 13:47 144896 ----a-w- c:\windows\system32\wextract.exe 2013-04-05 13:47 . 2013-04-05 13:47 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-04-05 13:47 . 2013-04-05 13:47 1400416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-04-05 13:47 . 2013-04-05 13:47 138752 ----a-w- c:\windows\SysWow64\wextract.exe 2013-04-05 13:47 . 2013-04-05 13:47 13824 ----a-w- c:\windows\system32\mshta.exe 2013-04-05 13:47 . 2013-04-05 13:47 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-04-05 13:47 . 2013-04-05 13:47 136192 ----a-w- c:\windows\system32\iepeers.dll 2013-04-05 13:47 . 2013-04-05 13:47 135680 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-04-05 13:47 . 2013-04-05 13:47 12800 ----a-w- c:\windows\SysWow64\mshta.exe 2013-04-05 13:47 . 2013-04-05 13:47 12800 ----a-w- c:\windows\system32\msfeedssync.exe 2013-04-05 13:47 . 2013-04-05 13:47 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-04-05 13:47 . 2013-04-05 13:47 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-04-05 13:47 . 2013-04-05 13:47 102912 ----a-w- c:\windows\system32\inseng.dll 2013-04-05 13:47 . 2013-04-05 13:47 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-04-05 13:47 . 2013-04-05 13:47 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-04-05 13:47 . 2013-04-05 13:47 648192 ----a-w- c:\windows\system32\d3d10level9.dll 2013-04-05 13:47 . 2013-04-05 13:47 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2013-04-05 13:47 . 2013-04-05 13:47 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-04-05 13:47 . 2013-04-05 13:47 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-04-05 13:47 . 2013-04-05 13:47 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-04-05 13:47 . 2013-04-05 13:47 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-04-05 13:47 . 2013-04-05 13:47 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2013-04-05 13:47 . 2013-04-05 13:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll 2013-04-05 13:47 . 2013-04-05 13:47 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll 2013-04-05 13:47 . 2013-04-05 13:47 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-04-05 13:47 . 2013-04-05 13:47 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-04-05 13:47 . 2013-04-05 13:47 3928064 ----a-w- c:\windows\system32\d2d1.dll 2013-04-05 13:47 . 2013-04-05 13:47 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll 2013-04-05 13:47 . 2013-04-05 13:47 363008 ----a-w- c:\windows\system32\dxgi.dll 2013-04-05 13:47 . 2013-04-05 13:47 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-04-05 13:47 . 2013-04-05 13:47 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-04-05 13:47 . 2013-04-05 13:47 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll 2013-04-05 13:47 . 2013-04-05 13:47 333312 ----a-w- c:\windows\system32\d3d10_1core.dll 2013-04-05 13:47 . 2013-04-05 13:47 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll 2013-04-05 13:47 . 2013-04-05 13:47 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-04-05 13:47 . 2013-04-05 13:47 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll 2013-04-05 13:47 . 2013-04-05 13:47 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-04-05 13:47 . 2013-04-05 13:47 296960 ----a-w- c:\windows\system32\d3d10core.dll 2013-04-05 13:47 . 2013-04-05 13:47 293376 ----a-w- c:\windows\SysWow64\dxgi.dll 2013-04-05 13:47 . 2013-04-05 13:47 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll 2013-04-05 13:47 . 2013-04-05 13:47 2565120 ----a-w- c:\windows\system32\d3d10warp.dll 2013-04-05 13:47 . 2013-04-05 13:47 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-04-05 13:47 . 2013-04-05 13:47 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-04-05 13:47 . 2013-04-05 13:47 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll 2013-04-05 13:47 . 2013-04-05 13:47 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2013-04-05 13:47 . 2013-04-05 13:47 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll 2013-04-05 13:47 . 2013-04-05 13:47 221184 ----a-w- c:\windows\system32\UIAnimation.dll 2013-04-05 13:47 . 2013-04-05 13:47 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll 2013-04-05 13:47 . 2013-04-05 13:47 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll 2013-04-05 13:47 . 2013-04-05 13:47 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2013-04-05 13:47 . 2013-04-05 13:47 194560 ----a-w- c:\windows\system32\d3d10_1.dll 2013-04-05 13:47 . 2013-04-05 13:47 1887232 ----a-w- c:\windows\system32\d3d11.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-24 17:59 130736 ----a-w- d:\benutzer\Ute.UTE-PC\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-24 17:59 130736 ----a-w- d:\benutzer\Ute.UTE-PC\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-24 17:59 130736 ----a-w- d:\benutzer\Ute.UTE-PC\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] "HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2012-03-08 393216] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-06-06 1641896] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088] "G Data AntiVirus Tray Application"="c:\program files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe" [2013-01-09 1035216] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280] "GDFirewallTray"="c:\program files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe" [2012-11-29 1475096] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . d:\benutzer\Ute.UTE-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - d:\benutzer\Ute.UTE-PC\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-5-25 27776968] IML.lnk - [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe . 2;2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 GdNetMon;G Data Network Monitor;c:\windows\system32\drivers\GdNetMon64.sys;c:\windows\SYSNATIVE\drivers\GdNetMon64.sys [x] R3 GDTunerSvc;G Data Tuner Service;c:\program files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe;c:\program files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe [x] R3 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x] R3 iaStorS;iaStorS;c:\windows\system32\drivers\iaStorS.sys;c:\windows\SYSNATIVE\drivers\iaStorS.sys [x] R3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys;c:\windows\SYSNATIVE\drivers\libusb0.sys [x] R3 PciIsaSerial;PCI-ISA Communication Port;c:\windows\system32\drivers\PciIsaSerial.sys;c:\windows\SYSNATIVE\drivers\PciIsaSerial.sys [x] R3 PciPPorts;PCI ECP Parallel Port;c:\windows\system32\drivers\PciPPorts.sys;c:\windows\SYSNATIVE\drivers\PciPPorts.sys [x] R3 PciSPorts;High-Speed PCI Serial Port;c:\windows\system32\drivers\PciSPorts.sys;c:\windows\SYSNATIVE\drivers\PciSPorts.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys;c:\windows\SYSNATIVE\drivers\GDBehave.sys [x] S0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys;c:\windows\SYSNATIVE\drivers\iaStorF.sys [x] S0 TS4NT;TS4nt driver;c:\windows\System32\Drivers\TS4nt.sys;c:\windows\SYSNATIVE\Drivers\TS4nt.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x] S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys;c:\windows\SYSNATIVE\drivers\MiniIcpt.sys [x] S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys;c:\windows\SYSNATIVE\drivers\gdwfpcd64.sys [x] S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys;c:\windows\SYSNATIVE\drivers\GRD.sys [x] S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys;c:\windows\SYSNATIVE\drivers\HookCentre.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [x] S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\TotalProtection\AVK\AVKService.exe;c:\program files (x86)\G Data\TotalProtection\AVK\AVKService.exe [x] S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G Data\TotalProtection\AVK\AVKWCtlX64.exe;c:\program files (x86)\G Data\TotalProtection\AVK\AVKWCtlX64.exe [x] S2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x] S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files\Freemake\CaptureLib\CaptureLibService.exe;c:\program files\Freemake\CaptureLib\CaptureLibService.exe [x] S2 GDBackupSvc;G Data Backup Service;c:\program files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe;c:\program files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe [x] S2 TSNxGService;G Data Datensafe Service;c:\program files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe;c:\program files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\System32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x] S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\System32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x] S3 GDFwSvc;G Data Personal Firewall;c:\program files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe;c:\program files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe [x] S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys;c:\windows\SYSNATIVE\drivers\PktIcpt.sys [x] S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x] . . Inhalt des "geplante Tasks" Ordners . 2013-06-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-27 18:04] . 2013-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-802728691-1065208354-3821002551-1001Core.job - d:\benutzer\Ute.UTE-PC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-01 22:47] . 2013-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-802728691-1065208354-3821002551-1001UA.job - d:\benutzer\Ute.UTE-PC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-01 22:47] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-24 17:59 164016 ----a-w- d:\benutzer\Ute.UTE-PC\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-24 17:59 164016 ----a-w- d:\benutzer\Ute.UTE-PC\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-24 17:59 164016 ----a-w- d:\benutzer\Ute.UTE-PC\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-24 17:59 164016 ----a-w- d:\benutzer\Ute.UTE-PC\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mStart Page = hxxp://websearch.lookforithere.info/?pid=377&r=2013/05/21&hid=2591007165&lg=EN&cc=DE&unqvl=14 mLocal Page = c:\windows\SysWOW64\blank.htm IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - d:\benutzer\Ute.UTE-PC\AppData\Roaming\Mozilla\Firefox\Profiles\z5644nf8.default\ FF - prefs.js: browser.search.defaulturl - hxxp://websearch.lookforithere.info/?pid=377&r=2013/05/21&hid=2591007165&lg=EN&cc=DE&unqvl=14&l=1&q= FF - prefs.js: browser.search.selectedEngine - WebSearch FF - prefs.js: browser.startup.homepage - hxxp://websearch.lookforithere.info/?pid=377&r=2013/05/21&hid=2591007165&lg=EN&cc=DE&unqvl=14 FF - prefs.js: keyword.URL - hxxp://websearch.lookforithere.info/?pid=377&r=2013/05/21&hid=2591007165&lg=EN&cc=DE&unqvl=14&l=1&q= FF - ExtSQL: 2013-05-21 08:59; xm35ji@ldnihz.net; d:\benutzer\Ute.UTE-PC\AppData\Roaming\Mozilla\Firefox\Profiles\z5644nf8.default\extensions\xm35ji@ldnihz.net FF - ExtSQL: 2013-05-21 09:00; bxhrd30f4b@rmtbtcamxg.net; d:\benutzer\Ute.UTE-PC\AppData\Roaming\Mozilla\Firefox\Profiles\z5644nf8.default\extensions\bxhrd30f4b@rmtbtcamxg.net . - - - - Entfernte verwaiste Registrierungseinträge - - - - . URLSearchHooks-{5786d022-540e-4699-b350-b4be0ae94b79} - (no file) BHO-{4FBC9915-89A7-FF85-80B0-6C8E0AB6F49F} - c:\programdata\SearchNewTab\519b1b8d6ca6a.dll BHO-{E4158A8A-BBCF-35C9-3261-8FE8CB943B95} - c:\programdata\coontinueetosavee\519b1b6e189e2.dll Toolbar-Locked - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) WebBrowser-{5786D022-540E-4699-B350-B4BE0AE94B79} - (no file) AddRemove-{C1C6816E-CBB3-A748-85F9-A8B47B68985B} - c:\programdata\coontinueetosavee\uninstall.exe AddRemove-{C670DCAE-E392-AA32-6F42-143C7FC4BDFD} - c:\programdata\SearchNewTab\uninstall.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-06-10 13:21:37 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2013-06-10 11:21 . Vor Suchlauf: 10 Verzeichnis(se), 22.173.896.704 Bytes frei Nach Suchlauf: 16 Verzeichnis(se), 21.622.185.984 Bytes frei . - - End Of File - - EEADBC97190961A8F9A74A0F7D0A6532 D41D8CD98F00B204E9800998ECF8427E |
10.06.2013, 12:37 | #8 |
/// Malware-holic | Brower (Firefox & Chrome) haben Websearch.lookforitthere.info als Startseite für Malwarebytes auch wieder GDATA aus bitte malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
10.06.2013, 15:25 | #9 |
| Brower (Firefox & Chrome) haben Websearch.lookforitthere.info als Startseite Hallo, das Programm ist durchgelaufen, hat aber nichts gefunden. Hier der log: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.06.10.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16576 Ute :: UTE-PC [Administrator] Schutz: Aktiviert 10.06.2013 15:41:54 mbam-log-2013-06-10 (15-41-54).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 431400 Laufzeit: 40 Minute(n), 18 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
10.06.2013, 18:10 | #10 |
/// Malware-holic | Brower (Firefox & Chrome) haben Websearch.lookforitthere.info als Startseite Hi, lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
13.06.2013, 15:24 | #11 |
| Brower (Firefox & Chrome) haben Websearch.lookforitthere.info als Startseite Hier die Liste: Code:
ATTFilter 7-Zip 9.22beta 23.09.2012 nötig Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 10.06.2013 6,00MB 11.7.700.224 nötig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 10.06.2013 6,00MB 11.7.700.224 nötig Adobe Reader X (10.0.1) MUI Adobe Systems Incorporated 11.04.2012 472MB 10.0.1 nötig Amazon Kindle Amazon 09.08.2012 nötig AMD Catalyst Install Manager Advanced Micro Devices, Inc. 02.03.2013 26,4MB 8.0.903.0 nötig Apple Application Support Apple Inc. 03.03.2013 65,1MB 2.3 unbekannt Apple Software Update Apple Inc. 22.09.2012 2,38MB 2.1.3.127 unbekannt Ashampoo Burning Studio 2013 v.11.0.5 Ashampoo GmbH & Co. KG 19.12.2012 206MB 11.0.5 nötig Big City Adventure: London Classic INTENIUM GmbH 19.10.2012 1.0.0.0 unbekannt calibre 64bit Kovid Goyal 20.05.2013 163,9MB 0.9.31 nötig CCleaner Piriform 02.06.2012 3.14 nötig CDBurnerXP CDBurnerXP 02.06.2012 17,9MB 4.4.0.2838 nötig ContinueToSave 1.74 20.05.2012 unbekannt coontinueetosavee continue to save 20.05.2012 unbekannt DAEMON Tools Lite DT Soft Ltd 25.12.2012 4.46.1.0327 nötig Die Sims™ 3 Electronic Arts 14.03.2013 1.50.56 nötig Die Sims™ 3 Einfach tierisch Electronic Arts 08.02.2013 10.0.96 nötig Die Sims™ 3 Jahreszeiten Electronic Arts 08.02.2013 16.0.136 nötig Die Sims™ 3 Late Night Electronic Arts 08.02.2013 6.0.81 nötig Die Sims™ 3 Lebensfreude Electronic Arts 08.02.2013 8.0.152 nötig Die Sims™ 3 Luxus-Accessoires Electronic Arts 08.02.2013 3.0.38 nötig Die Sims™ 3 Reiseabenteuer Electronic Arts 08.02.2013 2.0.86 nötig Die Sims™ 3 Showtime Electronic Arts 08.02.2013 12.0.273 nötig Die Sims™ 3 Stadt-Accessoires Electronic Arts 08.02.2013 9.0.73 nötig Die Sims™ 3 Supernatural Electronic Arts 08.02.2013 15.0.135 nötig Die Sims™ 3 Traumkarrieren Electronic Arts 08.02.2013 4.0.87 nötig Die Sims™ 3 Traumsuite-Accessoires Electronic Arts 08.02.2013 11.0.84 nötig Die Suche nach dem Goldschatz 25.06.2012 unbekannt Dropbox Dropbox, Inc. 08.06.2013 2.0.22 nötig ElsterFormular Landesfinanzdirektion Thüringen 01.12.2012 163,9MB 13.4.1.10296 nötig Etron USB3.0 Host Controller Etron Technology 11.04.2012 5,23MB 0.101 unbekannt Exzellent, Eure Majestät! INTENIUM GmbH 09.11.2012 1.0.0.0 unbekannt FarmFrenzy 30.07.2012 unbekannt Freemake Video Downloader Ellora Assets Corporation 02.06.2012 32,5MB 3.0.1 unbekannt G Data TotalProtection 2012 G Data Software AG 02.06.2012 130,9MB 22.0.0.0 nötig Google Chrome Google Inc. 02.06.2012 27.0.1453.110 nötig HiJackThis Trend Micro 08.06.2013 0,36MB 1.0.0 unnötig? Intel(R) Rapid Storage Technology Intel Corporation 12.04.2012 11.1.0.1006 nötig Java 7 Update 21 Oracle 18.03.2013 129,1MB 7.0.210 nötig Kobo Kobo Inc. 18.11.2012 3.0.4 nötig Malwarebytes Anti-Malware Version 1.75.0.1300 Malwarebytes Corporation 09.06.2013 19,3MB 1.75.0.1300 nötig? Microsoft .NET Framework 4 Client Profile Microsoft Corporation 12.04.2012 38,8MB 4.0.30319 nötig Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 12.04.2012 2,94MB 4.0.30319 nötig Microsoft Office File Validation Add-In Microsoft Corporation 31.01.2013 7,95MB 14.0.5130.5003 nötig Microsoft Office Home and Student 2007 Microsoft Corporation 21.12.2012 12.0.6612.1000 nötig Microsoft Silverlight Microsoft Corporation 12.03.2013 50,2MB 5.1.20125.0 nötig Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 11.04.2012 1,70MB 3.1.0000 nötig Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 10.02.2013 0,29MB 8.0.61001 unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 11.04.2012 0,77MB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 21.12.2012 0,76MB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 07.06.2012 0,58MB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 11.04.2012 0,58MB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 21.12.2012 0,58MB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 22.12.2012 13,7MB 10.0.30319 unbekannt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Corporation 22.12.2012 11,0MB 10.0.30319 unbekannt Microsoft WSE 3.0 Runtime Microsoft Corp. 08.02.2013 0,92MB 3.0.5305.0 unbekannt Mozilla Firefox 21.0 (x86 de) Mozilla 20.05.2013 44,6MB 21.0 nötig Mozilla Maintenance Service Mozilla 20.05.2013 0,33MB 21.0 nötig Mozilla Thunderbird 12.0.1 (x86 de) Mozilla 03.06.2012 38,1MB 12.0.1 nötig Origin Electronic Arts, Inc. 08.02.2013 9.1.12.73 unnötig Paint.NET v3.5.10 dotPDN LLC 02.06.2012 10,7MB 3.60.0 nötig PDF-XChange Viewer 03.06.2012 nötig QuickTime Apple Inc. 03.03.2013 73,2MB 7.73.80.64 nötig Realtek High Definition Audio Driver Realtek Semiconductor Corp. 11.04.2012 6.0.1.6526 nötig Roads Of Rome Realore Studios 22.06.2012 nötig RollerCoaster Tycoon 3: Platinum! Frontier 06.06.2013 nötig RTL GAME CENTER INTENIUM GmbH 19.10.2012 1.0.0.46 unbekannt Search Assistant WebSearch 1.74 20.05.2012 unbekannt SearchNewTab SearchNewTab 20.05.2012 unbekannt Skype™ 5.10 Skype Technologies S.A. 22.12.2012 19,4MB 5.10.116 nötig SmartTools Publishing • Excel Finanzplan 2013 SmartTools Publishing 21.12.2012 v4.00 unbekannt Steam Valve Corporation 06.06.2013 35,5MB 1.0.0.0 nötig The Next BIG Thing (Deutsch) CRIMSON COW 07.06.2012 1.00 nötig VLC media player 1.1.11 VideoLAN 02.06.2012 1.1.11 nötig Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 11.04.2012 5,58MB 15.4.5722.2 wahrscheinlich nötig WinPcap 4.1.2 CACE Technologies 02.06.2012 4.1.0.2001 unbekannt Zylom Games Player Plugin Zylom Games 08.06.2012 unbekannt Zylom Games Player Plugin Zylom Games 09.06.2012 unbekannt |
13.06.2013, 18:21 | #12 |
/// Malware-holic | Brower (Firefox & Chrome) haben Websearch.lookforitthere.info als Startseite deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Big City ContinueToSave coontinueetosavee Die Suche Exzellent, FarmFrenzy Freemake G Data G Data TotalProtection - G Data Software AG bitte auf 2014 upgraden, sollte kostenlos sein. deinstaliere: HiJackThis auch nicht mehr verwenden bitte Origin Search Assistant SearchNewTab Zylom : beide Öffne CCleaner, analysieren, starten, pcneustarten Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu Brower (Firefox & Chrome) haben Websearch.lookforitthere.info als Startseite |
4d36e972-e325-11ce-bfc1-08002be10318, 7-zip, antivirus, application/pdf:, autorun, bereit, bho, browser, computer, continue, error, firefox, flash player, helper, hijack, home, iexplore.exe, install.exe, installation, logfile, mozilla, plug-in, problem, realtek, registry, safer networking, scan, security, senden, software, super, svchost.exe, totalprotection, tracker, tunnel, windows |