| |
| |||||||
Log-Analyse und Auswertung: Mehrere Funde durch MalwarebytesWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
12.06.2013, 10:41
| #1 |
 |  Mehrere Funde durch Malwarebytes Hallo, ich habe auf unserem 2. Laptop durch Malwarebytes folgendes log erhalten: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Version de la base de données: v2013.06.12.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 [administrateur] 12.06.2013 09:06:10 mbam-log-2013-06-12 (09-06-10).txt Type d'examen: Examen complet (C:\|D:\|E:\|F:\|) Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM Options d'examen désactivées: P2P Elément(s) analysé(s): 648184 Temps écoulé: 2 heure(s), 29 minute(s), 27 seconde(s) Processus mémoire détecté(s): 0 (Aucun élément nuisible détecté) Module(s) mémoire détecté(s): 0 (Aucun élément nuisible détecté) Clé(s) du Registre détectée(s): 3 HKCU\SOFTWARE\Funmoods (PUP.FunMoods) -> Aucune action effectuée. HKCU\SOFTWARE\InstallCore\funmoods (PUP.FunMoods) -> Aucune action effectuée. HKLM\SOFTWARE\InstallCore\funmoods (PUP.FunMoods) -> Aucune action effectuée. Valeur(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Elément(s) de données du Registre détecté(s): 0 (Aucun élément nuisible détecté) Dossier(s) détecté(s): 1 C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Aucune action effectuée. Fichier(s) détecté(s): 3 C:\Users\Tankeu Tokoto\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Aucune action effectuée. C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Aucune action effectuée. C:\Users\Tankeu Tokoto\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Aucune action effectuée. (fin) |
|
12.06.2013, 10:45
| #2 |
| /// Malware-holic   | Mehrere Funde durch Malwarebytes hi,
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
12.06.2013, 11:52
| #3 |
| | Mehrere Funde durch Malwarebytes So, hier OTL
__________________Code:
ATTFilter OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tankeu Tokoto\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 49,78% Memory free 7,99 Gb Paging File | 6,15 Gb Available in Paging File | 76,95% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 237,94 Gb Total Space | 83,01 Gb Free Space | 34,89% Space Free | Partition Type: NTFS Drive E: | 19,77 Gb Total Space | 5,69 Gb Free Space | 28,76% Space Free | Partition Type: NTFS Drive F: | 193,36 Gb Total Space | 190,72 Gb Free Space | 98,64% Space Free | Partition Type: NTFS Drive I: | 7,59 Gb Total Space | 4,52 Gb Free Space | 59,55% Space Free | Partition Type: FAT32 Computer Name: TANKEUTOKOTO-PC | User Name: Tankeu Tokoto | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2013.06.12 11:48:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tankeu Tokoto\Desktop\OTL.exe PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.05.09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2013.02.13 04:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2013.01.09 18:36:06 | 000,795,208 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe PRC - [2013.01.09 18:34:26 | 001,324,104 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\HelperService.exe PRC - [2012.02.23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe PRC - [2011.09.06 19:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe PRC - [2011.08.18 17:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe PRC - [2011.08.18 17:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe PRC - [2011.08.01 19:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe PRC - [2009.06.25 04:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe PRC - [2009.06.19 05:46:24 | 000,494,064 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe PRC - [2009.06.09 18:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe PRC - [2009.06.05 03:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2009.05.21 16:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe ========== Modules (No Company Name) ========== MOD - [2013.05.16 08:49:00 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\3c2ed368e1f3889997dfb42a5ca77284\System.Core.ni.dll MOD - [2013.05.16 08:09:58 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll MOD - [2013.05.16 08:09:33 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll MOD - [2013.05.16 08:09:22 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll MOD - [2013.05.16 08:09:06 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll MOD - [2013.05.16 08:08:57 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll MOD - [2013.02.13 04:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2013.02.13 04:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2013.01.09 14:37:08 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll MOD - [2013.01.09 14:36:02 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.09 14:35:38 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.09 14:35:32 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.09 14:35:25 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2011.09.27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.08.18 17:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe MOD - [2009.06.19 05:46:24 | 000,494,064 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ========== Services (SafeList) ========== SRV:64bit: - [2009.07.17 03:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc) SRV:64bit: - [2009.06.29 06:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV) SRV:64bit: - [2009.06.25 12:48:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2007.02.12 10:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH) SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2013.01.09 18:36:06 | 000,795,208 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\ConversionService.exe -- (PDF Architect Service) SRV - [2013.01.09 18:34:26 | 001,324,104 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\HelperService.exe -- (PDF Architect Helper Service) SRV - [2011.10.27 11:34:30 | 000,718,384 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2011.08.18 17:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService) SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.10.12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010.06.06 18:32:00 | 003,819,912 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.29 06:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe -- (STacSV) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.09 18:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService) SRV - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2009.05.21 16:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SRV - [2008.04.10 22:52:38 | 001,642,760 | ---- | M] (Acresso Software Inc.) [Auto | Running] -- C:\SIMULIA\License\lmgrd.exe -- (Flexlm Service 1) SRV - [2007.05.31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.05.09 10:59:07 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2013.05.09 10:59:07 | 000,378,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2013.05.09 10:59:07 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm) DRV:64bit: - [2013.05.09 10:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2013.05.09 10:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt) DRV:64bit: - [2013.05.09 10:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2013.05.09 10:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2013.05.09 10:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2013.03.07 01:33:20 | 000,022,600 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.08.02 18:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:64bit: - [2011.06.15 10:10:14 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2010.12.24 18:37:16 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.09.17 10:37:07 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\seehcri.sys -- (seehcri) DRV:64bit: - [2010.09.02 09:18:46 | 000,021,504 | ---- | M] (Shrew Soft Inc) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\vfilter.sys -- (vflt) DRV:64bit: - [2010.09.02 09:18:46 | 000,017,408 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\virtualnet.sys -- (vnet) DRV:64bit: - [2010.08.12 06:07:46 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009.10.08 10:54:42 | 000,151,016 | ---- | M] (NCP Engineering GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ncplelhp.sys -- (ncplelhp) DRV:64bit: - [2009.07.17 03:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY) DRV:64bit: - [2009.07.17 03:06:16 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.07.07 07:18:28 | 000,023,912 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Acceler.sys -- (Acceler) DRV:64bit: - [2009.06.29 06:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2009.06.26 06:23:30 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.06.25 13:24:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.06.15 21:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.22 11:18:20 | 000,069,152 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2mdgx64.sys -- (O2MDGRDR) DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008.08.28 13:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2008.05.16 11:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdm.sys -- (s0016mdm) DRV:64bit: - [2008.05.16 11:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016unic.sys -- (s0016unic) DRV:64bit: - [2008.05.16 11:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mgmt.sys -- (s0016mgmt) DRV:64bit: - [2008.05.16 11:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016obex.sys -- (s0016obex) DRV:64bit: - [2008.05.16 11:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016nd5.sys -- (s0016nd5) DRV:64bit: - [2008.05.16 11:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdfl.sys -- (s0016mdfl) DRV:64bit: - [2008.05.16 11:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016bus.sys -- (s0016bus) DRV:64bit: - [2006.11.01 20:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2005.01.04 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {F2794E0A-6303-4BF5-8BB3-5E7FF67C3DCB} IE:64bit: - HKLM\..\SearchScopes\{F2794E0A-6303-4BF5-8BB3-5E7FF67C3DCB}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{2C868C15-8DF1-4DAD-AC10-9FB26E51E1BC}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={D6ABC9B4-5FE2-11E2-88CB-0024E8F820D8} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.holasearch.com/?affID=1 [Binary data over 200 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.holasearch.com/?affID=121962&tt=gc_&babsrc=HP_ss&mntrId=B2C60CEEE6946449 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.holasearch.com/?q={searchTerms}&affID=121962&tt=gc_&babsrc=SP_ss&mntrId=B2C60CEEE6946449 IE - HKCU\..\SearchScopes\{5AC56FC1-B90F-4E77-A445-10EF4D30EDF8}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={sear IE - HKCU\..\SearchScopes\{83A49F5A-C843-4933-83EB-7E4156A08562}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms} IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms} IE - HKCU\..\SearchScopes\{BEBE0494-D071-4478-B8B3-A8CB1ED19567}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=PF&o=15180&src=kw&q={searchTerms}&locale=&apn_ptnrs=RX&apn_dtid=YYYYYYYYDE&apn_uid=64cafec3-af50-4641-ac33-c748605bceb7&apn_sauid=D9465218-E505-406F-8458-F62F8A17FA61 IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={D6ABC9B4-5FE2-11E2-88CB-0024E8F820D8} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentBar_DE Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: gutegutscheine%40gutegutscheine.com:3.1.5 FF - prefs.js..extensions.enabledAddons: %7Bc840e246-6b95-475e-9bd7-caa1c7eca9f2%7D:3.18.0.7 FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=2&CUI=SB_CUI&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_45: C:\Windows\system32\npdeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\Users\TANKEU~1\AppData\Roaming\Flatcast\NpFv522.dll (1 mal 1 Software GmbH) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011.05.24 21:18:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.05.29 11:14:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013.02.19 18:22:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.03.17 00:22:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.21 11:12:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.21 11:12:40 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.21 11:12:51 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.21 11:12:40 | 000,000,000 | ---D | M] [2010.01.02 20:16:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tankeu Tokoto\AppData\Roaming\mozilla\Extensions [2013.05.22 09:59:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tankeu Tokoto\AppData\Roaming\mozilla\Firefox\Profiles\euqplq9m.default\extensions [2013.02.13 10:07:34 | 000,000,000 | ---D | M] (uTorrentBar_DE Community Toolbar) -- C:\Users\Tankeu Tokoto\AppData\Roaming\mozilla\Firefox\Profiles\euqplq9m.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} [2011.05.14 20:59:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tankeu Tokoto\AppData\Roaming\mozilla\Firefox\Profiles\euqplq9m.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}-trash [2013.01.16 15:44:57 | 000,000,000 | ---D | M] (SweetPacks Toolbar for Firefox) -- C:\Users\Tankeu Tokoto\AppData\Roaming\mozilla\Firefox\Profiles\euqplq9m.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} [2013.04.30 20:48:21 | 000,000,000 | ---D | M] (HDvid Codec) -- C:\Users\Tankeu Tokoto\AppData\Roaming\mozilla\Firefox\Profiles\euqplq9m.default\extensions\hdvc@hdvc.com [2013.01.16 15:41:05 | 000,000,000 | ---D | M] (Torntv) -- C:\Users\Tankeu Tokoto\AppData\Roaming\mozilla\Firefox\Profiles\euqplq9m.default\extensions\torntv@torntv.com [2012.09.28 22:19:42 | 000,020,579 | ---- | M] () (No name found) -- C:\Users\Tankeu Tokoto\AppData\Roaming\mozilla\firefox\profiles\euqplq9m.default\extensions\gutegutscheine@gutegutscheine.com.xpi [2013.04.17 15:50:46 | 000,201,930 | ---- | M] () (No name found) -- C:\Users\Tankeu Tokoto\AppData\Roaming\mozilla\firefox\profiles\euqplq9m.default\extensions\hdvc@hdvc.com.xpi [2013.01.16 15:41:04 | 000,213,444 | ---- | M] () (No name found) -- C:\Users\Tankeu Tokoto\AppData\Roaming\mozilla\firefox\profiles\euqplq9m.default\extensions\torntv@torntv.com.xpi [2013.05.22 09:59:46 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Tankeu Tokoto\AppData\Roaming\mozilla\firefox\profiles\euqplq9m.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.01.16 15:44:56 | 000,190,000 | ---- | M] () (No name found) -- C:\Users\Tankeu Tokoto\AppData\Roaming\mozilla\firefox\profiles\euqplq9m.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2012.05.07 22:58:53 | 000,002,399 | ---- | M] () -- C:\Users\Tankeu Tokoto\AppData\Roaming\mozilla\firefox\profiles\euqplq9m.default\searchplugins\askcom.xml [2013.05.17 13:38:14 | 000,006,498 | ---- | M] () -- C:\Users\Tankeu Tokoto\AppData\Roaming\mozilla\firefox\profiles\euqplq9m.default\searchplugins\babylon.xml [2012.11.22 12:51:52 | 000,002,444 | ---- | M] () -- C:\Users\Tankeu Tokoto\AppData\Roaming\mozilla\firefox\profiles\euqplq9m.default\searchplugins\babylon1.xml [2012.11.22 12:51:30 | 000,002,361 | ---- | M] () -- C:\Users\Tankeu Tokoto\AppData\Roaming\mozilla\firefox\profiles\euqplq9m.default\searchplugins\BrowserProtect.xml [2013.02.10 16:20:34 | 000,000,931 | ---- | M] () -- C:\Users\Tankeu Tokoto\AppData\Roaming\mozilla\firefox\profiles\euqplq9m.default\searchplugins\conduit.xml [2010.07.12 08:49:24 | 000,002,055 | ---- | M] () -- C:\Users\Tankeu Tokoto\AppData\Roaming\mozilla\firefox\profiles\euqplq9m.default\searchplugins\daemon-search.xml [2013.05.17 13:38:34 | 000,001,304 | ---- | M] () -- C:\Users\Tankeu Tokoto\AppData\Roaming\mozilla\firefox\profiles\euqplq9m.default\searchplugins\holasearch.xml [2012.11.22 12:51:52 | 000,002,444 | ---- | M] () -- C:\Users\Tankeu Tokoto\AppData\Roaming\mozilla\firefox\profiles\euqplq9m.default\searchplugins\mngr.xml [2013.01.16 15:46:26 | 000,003,998 | ---- | M] () -- C:\Users\Tankeu Tokoto\AppData\Roaming\mozilla\firefox\profiles\euqplq9m.default\searchplugins\sweetim.xml [2013.05.21 11:12:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013.05.21 11:12:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.05.21 11:12:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2013.05.21 11:12:51 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.05.29 11:14:08 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2009.09.21 12:00:44 | 001,447,328 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\NpFv522.dll [2012.11.22 12:51:30 | 000,002,361 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2011.03.25 17:30:51 | 000,002,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml ========== Chrome ========== CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://www.holasearch.com/?affID=121962&tt=gc_&babsrc=HP_ss&mntrId=B2C60CEEE6946449 CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll CHR - plugin: Flatcast Viewer Plugin 5.2.2.454 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NpFv522.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll CHR - Extension: SiteAdvisor = C:\Users\Tankeu Tokoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0\ CHR - Extension: Torntv = C:\Users\Tankeu Tokoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbpkiefagocgkmemidfngdkamloieekf\1.1_0\ CHR - Extension: uTorrentBar_DE = C:\Users\Tankeu Tokoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\2.3.7.1_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Tankeu Tokoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR) O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found. O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - No CLSID value found. O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe () O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe (Acresso Corporation) O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Java Plug-in 1.6.0_45) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Java Plug-in 1.6.0_45) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Java Plug-in 1.6.0_45) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.21.2) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.21.2) O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.202 193.189.244.194 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CE7FF70-436E-4533-934E-2774F8443864}: DhcpNameServer = 193.189.244.206 193.189.244.225 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF864E03-C797-48D1-AD55-83116CBA6467}: DhcpNameServer = 192.168.1.1 193.189.244.202 193.189.244.194 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{bd998601-0f7b-11e0-a2fb-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{bd998601-0f7b-11e0-a2fb-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{d728eacf-4bdd-11e1-9e2b-0024e8f820d8}\Shell - "" = AutoRun O33 - MountPoints2\{d728eacf-4bdd-11e1-9e2b-0024e8f820d8}\Shell\AutoRun\command - "" = G:\Installer.exe O33 - MountPoints2\{e116498f-e589-11de-a7fb-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{e116498f-e589-11de-a7fb-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Autorun.exe .\common\startupGUI\AbaqusStartup.hta O33 - MountPoints2\I\Shell - "" = AutoRun O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\system32\ieudinit.exe ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.06.12 11:48:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tankeu Tokoto\Desktop\OTL.exe [2013.06.12 09:05:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.06.12 09:05:15 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.06.08 22:27:04 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.05.29 11:14:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2013.05.21 11:12:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.05.20 17:30:54 | 000,000,000 | ---D | C] -- C:\Users\Tankeu Tokoto\Desktop\AC [2013.05.18 12:46:45 | 000,000,000 | ---D | C] -- C:\Intel [2013.05.17 12:47:33 | 000,000,000 | ---D | C] -- C:\Users\Tankeu Tokoto\AppData\Roaming\PerformerSoft [2013.05.17 12:47:33 | 000,000,000 | ---D | C] -- C:\ProgramData\IBUpdaterService [2013.05.17 12:47:31 | 000,019,632 | ---- | C] (PerformerSoft LLC) -- C:\Windows\SysNative\roboot64.exe [2010.01.10 10:48:03 | 008,656,832 | ---- | C] (Dell, Inc. ) -- C:\Users\Tankeu Tokoto\AppData\Roaming\DataSafeDotNet.exe ========== Files - Modified Within 30 Days ========== [2013.06.12 11:48:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tankeu Tokoto\Desktop\OTL.exe [2013.06.12 11:29:05 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.12 09:05:18 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.12 01:29:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.11 21:30:47 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.11 21:30:47 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.11 21:30:47 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.11 21:30:47 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.11 21:30:47 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.11 19:23:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.07 07:51:04 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.07 07:51:04 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.29 11:14:16 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2013.05.20 21:09:36 | 000,000,292 | ---- | M] () -- C:\Users\Tankeu Tokoto\AppData\Local\HamsterBookConverter.cfg [2013.05.16 08:06:21 | 000,429,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013.06.12 09:05:18 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.20 21:09:35 | 000,000,292 | ---- | C] () -- C:\Users\Tankeu Tokoto\AppData\Local\HamsterBookConverter.cfg [2013.05.17 14:28:57 | 000,001,426 | ---- | C] () -- C:\Users\Tankeu Tokoto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2012.03.14 12:37:19 | 000,000,862 | ---- | C] () -- C:\Users\Tankeu Tokoto\.recently-used.xbel [2012.01.31 12:07:23 | 001,590,378 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.12.11 20:41:42 | 000,695,578 | ---- | C] () -- C:\Windows\unins000.exe [2011.12.11 20:41:42 | 000,000,884 | ---- | C] () -- C:\Windows\unins000.dat [2011.10.02 10:49:44 | 000,000,000 | ---- | C] () -- C:\Users\Tankeu Tokoto\AppData\Local\{29DBE6BB-8B47-4922-98D6-F03D04894966} [2011.10.01 10:08:50 | 000,005,457 | ---- | C] () -- C:\Users\Tankeu Tokoto\abaqus_v6.10.gpr [2011.07.23 21:58:35 | 000,000,000 | ---- | C] () -- C:\Users\Tankeu Tokoto\AppData\Local\{2517D35B-3C97-4C3C-9D51-206AE1B8B333} [2011.05.12 15:58:03 | 000,000,000 | ---- | C] () -- C:\Users\Tankeu Tokoto\AppData\Local\{D0DCD2F1-50FB-4596-ACA4-C1233391EEC8} [2011.05.12 15:56:06 | 000,000,000 | ---- | C] () -- C:\Users\Tankeu Tokoto\AppData\Local\{4A09CC80-AF91-497F-A4AE-810B237E1145} [2011.05.12 13:53:04 | 000,000,000 | ---- | C] () -- C:\Users\Tankeu Tokoto\AppData\Local\{C4B65E9C-3E7B-4BAF-B0F9-26C783BD9C50} [2011.05.12 13:51:13 | 000,000,000 | ---- | C] () -- C:\Users\Tankeu Tokoto\AppData\Local\{41E24E6D-CD42-4B31-9BC2-7DCAAAC265CC} [2010.01.02 19:59:22 | 000,000,252 | ---- | C] () -- C:\Users\Tankeu Tokoto\AppData\Roaming\wklnhst.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.11.22 12:51:16 | 000,000,000 | ---D | M] -- C:\Users\Tankeu Tokoto\AppData\Roaming\Babylon [2012.01.03 21:24:58 | 000,000,000 | ---D | M] -- C:\Users\Tankeu Tokoto\AppData\Roaming\becker [2012.12.30 17:25:25 | 000,000,000 | ---D | M] -- C:\Users\Tankeu Tokoto\AppData\Roaming\BSD Concept [2010.03.06 21:20:48 | 000,000,000 | ---D | M] -- C:\Users\Tankeu Tokoto\AppData\Roaming\Canon [2010.07.11 12:13:02 | 000,000,000 | ---D | M] -- C:\Users\Tankeu Tokoto\AppData\Roaming\DAEMON Tools Pro [2010.07.12 09:32:40 | 000,000,000 | ---D | M] -- C:\Users\Tankeu Tokoto\AppData\Roaming\DassaultSystemes [2011.12.11 20:41:42 | 000,000,000 | ---D | M] -- C:\Users\Tankeu Tokoto\AppData\Roaming\Flatcast [2013.04.30 20:48:58 | 000,000,000 | ---D | M] -- C:\Users\Tankeu Tokoto\AppData\Roaming\Funmoods [2012.03.14 12:37:19 | 000,000,000 | ---D | M] -- C:\Users\Tankeu Tokoto\AppData\Roaming\gtk-2.0 [2011.03.18 11:40:42 | 000,000,000 | ---D | M] -- C:\Users\Tankeu Tokoto\AppData\Roaming\LaunchPad [2010.02.07 15:04:57 | 000,000,000 | ---D | M] -- C:\Users\Tankeu Tokoto\AppData\Roaming\MobMapUpdater [2010.01.10 19:52:24 | 000,000,000 | ---D | M] -- C:\Users\Tankeu Tokoto\AppData\Roaming\NewSoft [2012.06.20 21:11:43 | 000,000,000 | ---D | M] -- C:\Users\Tankeu Tokoto\AppData\Roaming\Nokia [2012.06.20 21:11:44 | 000,000,000 | ---D | M] -- C:\Users\Tankeu Tokoto\AppData\Roaming\Nokia Suite [2012.02.27 14:09:13 | 000,000,000 | ---D | M] -- C:\Users\Tankeu Tokoto\AppData\Roaming\Nonoh [2013.02.19 18:21:38 | 000,000,000 | ---D | M] -- C:\Users\Tankeu Tokoto\AppData\Roaming\OpenCandy [2011.11.05 16:39:16 | 000,000,000 | ---D | M] -- C:\Users\Tankeu Tokoto\AppData\Roaming\PC Suite [2010.11.20 17:12:03 | 000,000,000 | ---D | M] -- C:\Users\Tankeu Tokoto\AppData\Roaming\PCDr [2013.02.19 18:25:46 | 000,000,000 | ---D | M] -- C:\Users\Tankeu Tokoto\AppData\Roaming\PDF Architect [2013.05.01 10:25:01 | 000,000,000 | ---D | M] -- C:\Users\Tankeu Tokoto\AppData\Roaming\pdfforge [2013.05.17 13:40:31 | 000,000,000 | ---D | M] -- C:\Users\Tankeu Tokoto\AppData\Roaming\PerformerSoft [2010.10.31 09:50:10 | 000,000,000 | ---D | M] -- C:\Users\Tankeu Tokoto\AppData\Roaming\SAP [2010.01.10 19:38:16 | 000,000,000 | ---D | M] -- C:\Users\Tankeu Tokoto\AppData\Roaming\ScanSoft [2011.11.20 18:01:28 | 000,000,000 | ---D | M] -- C:\Users\Tankeu Tokoto\AppData\Roaming\Telefónica [2010.01.19 14:59:35 | 000,000,000 | ---D | M] -- C:\Users\Tankeu Tokoto\AppData\Roaming\Template [2011.11.20 18:01:28 | 000,000,000 | ---D | M] -- C:\Users\Tankeu Tokoto\AppData\Roaming\TGCMLog [2013.02.19 18:23:13 | 000,000,000 | ---D | M] -- C:\Users\Tankeu Tokoto\AppData\Roaming\TuneUp Software [2013.05.20 21:10:53 | 000,000,000 | ---D | M] -- C:\Users\Tankeu Tokoto\AppData\Roaming\uTorrent ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.07.09 18:04:42 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2009.12.10 21:58:40 | 000,000,000 | ---D | M] -- C:\1033 [2013.01.14 22:16:57 | 000,000,000 | ---D | M] -- C:\Abaqus_WD [2010.12.12 06:03:52 | 000,000,000 | ---D | M] -- C:\BigFishGamesCache [2009.12.26 10:43:00 | 000,000,000 | ---D | M] -- C:\dell [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.12.24 18:33:15 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2009.12.10 23:31:26 | 000,000,000 | ---D | M] -- C:\Drivers [2013.05.18 12:46:45 | 000,000,000 | ---D | M] -- C:\Intel [2010.01.19 15:15:30 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.06.08 22:27:04 | 000,000,000 | R--D | M] -- C:\Program Files [2013.05.28 14:58:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86) [2013.05.28 09:36:18 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009.12.24 18:33:15 | 000,000,000 | -HSD | M] -- C:\Programme [2011.10.01 09:24:11 | 000,000,000 | ---D | M] -- C:\SIMULIA [2009.12.24 18:36:43 | 000,000,000 | -HSD | M] -- C:\System Recovery [2013.06.12 12:07:39 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.10.17 16:23:41 | 000,000,000 | ---D | M] -- C:\Temp [2012.05.10 14:10:19 | 000,000,000 | R--D | M] -- C:\Users [2013.05.29 11:14:01 | 000,000,000 | ---D | M] -- C:\Windows [2012.12.18 12:11:01 | 000,000,000 | ---D | M] -- C:\ZZZZZZZZZZZZZZZZZ < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 07:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2013.04.24 21:13:21 | 000,001,120 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2013.04.24 21:13:21 | 000,001,124 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007.11.21 13:19:50 | 000,020,992 | ---- | M] () MD5=19E3F3E13819FC3960340AE97550D7B2 -- C:\Program Files\ANSYS Inc\v121\aisol\CFXMeshApplet\tools\perl-5.9.5\site\lib\MSWin32-x64-perlio\auto\Win32\EventLog\EventLog.dll [2007.11.21 13:19:49 | 000,020,992 | ---- | M] () MD5=19E3F3E13819FC3960340AE97550D7B2 -- C:\Program Files\ANSYS Inc\v121\CFX\tools\perl-5.9.5\site\lib\MSWin32-x64-perlio\auto\Win32\EventLog\EventLog.dll [2007.11.21 13:19:49 | 000,020,992 | ---- | M] () MD5=19E3F3E13819FC3960340AE97550D7B2 -- C:\Program Files\ANSYS Inc\v121\TurboGrid\tools\perl-5.9.5\site\lib\MSWin32-x64-perlio\auto\Win32\EventLog\EventLog.dll [2007.11.21 17:52:32 | 000,029,696 | ---- | M] () MD5=F9DE699B6639B4CB50F0BE4E62176771 -- C:\Program Files\ANSYS Inc\v121\aisol\CFXMeshApplet\tools\perl-5.9.5\site\lib\MSWin32-x86-perlio\auto\Win32\EventLog\EventLog.dll [2007.11.21 17:52:31 | 000,029,696 | ---- | M] () MD5=F9DE699B6639B4CB50F0BE4E62176771 -- C:\Program Files\ANSYS Inc\v121\CFX\tools\perl-5.9.5\site\lib\MSWin32-x86-perlio\auto\Win32\EventLog\EventLog.dll [2007.11.21 17:52:31 | 000,029,696 | ---- | M] () MD5=F9DE699B6639B4CB50F0BE4E62176771 -- C:\Program Files\ANSYS Inc\v121\TurboGrid\tools\perl-5.9.5\site\lib\MSWin32-x86-perlio\auto\Win32\EventLog\EventLog.dll < MD5 for: EXPLORER.EXE > [2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: IASTOR.SYS > [2009.06.04 12:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Drivers\storage\R228385\IaStor.sys [2009.06.05 02:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2009.06.05 02:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys [2009.06.04 12:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_c065a1006c648409\iaStor.sys [2011.06.15 10:10:14 | 000,557,848 | ---- | M] (Intel Corporation) MD5=4F6FB2CDBDEEFC47E7D2066E78254580 -- C:\Windows\SysNative\drivers\iaStor.sys [2011.06.15 10:10:14 | 000,557,848 | ---- | M] (Intel Corporation) MD5=4F6FB2CDBDEEFC47E7D2066E78254580 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_e752014ccfa80474\iaStor.sys [2009.06.05 02:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2012.03.14 12:37:19 | 000,000,862 | ---- | M] () -- C:\Users\Tankeu Tokoto\.recently-used.xbel [2012.12.19 10:23:18 | 000,005,457 | ---- | M] () -- C:\Users\Tankeu Tokoto\abaqus_v6.10.gpr [2013.06.12 12:30:05 | 004,456,448 | -HS- | M] () -- C:\Users\Tankeu Tokoto\NTUSER.DAT [2013.06.12 12:30:05 | 000,262,144 | -HS- | M] () -- C:\Users\Tankeu Tokoto\ntuser.dat.LOG1 [2009.12.24 18:33:38 | 000,000,000 | -HS- | M] () -- C:\Users\Tankeu Tokoto\ntuser.dat.LOG2 [2009.12.24 19:37:33 | 000,065,536 | -HS- | M] () -- C:\Users\Tankeu Tokoto\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2009.12.24 19:37:33 | 000,524,288 | -HS- | M] () -- C:\Users\Tankeu Tokoto\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2009.12.24 19:37:33 | 000,524,288 | -HS- | M] () -- C:\Users\Tankeu Tokoto\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2009.12.24 18:33:38 | 000,000,020 | -HS- | M] () -- C:\Users\Tankeu Tokoto\ntuser.ini [2010.01.10 20:02:37 | 000,000,000 | ---- | M] () -- C:\Users\Tankeu Tokoto\Sti_Trace.log < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < End of report > |
|
12.06.2013, 11:53
| #4 |
| | Mehrere Funde durch Malwarebytes und Extra.txt Code:
ATTFilter OTL Extras logfile created on: 12.06.2013 12:04:56 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tankeu Tokoto\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 49,78% Memory free
7,99 Gb Paging File | 6,15 Gb Available in Paging File | 76,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 237,94 Gb Total Space | 83,01 Gb Free Space | 34,89% Space Free | Partition Type: NTFS
Drive E: | 19,77 Gb Total Space | 5,69 Gb Free Space | 28,76% Space Free | Partition Type: NTFS
Drive F: | 193,36 Gb Total Space | 190,72 Gb Free Space | 98,64% Space Free | Partition Type: NTFS
Drive I: | 7,59 Gb Total Space | 4,52 Gb Free Space | 59,55% Space Free | Partition Type: FAT32
Computer Name: TANKEUTOKOTO-PC | User Name: Tankeu Tokoto | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15306DD2-863E-456E-8CFE-D9CDCCD09B93}" = lport=137 | protocol=17 | dir=in | app=system |
"{232DAD4D-B59B-4A7E-84E1-8A9B8ED30404}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{37663DC9-D6D0-4E8A-9B8C-DF5AC01BBF94}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3E9AD083-6EDC-40D3-BF70-443EB3780393}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{40AB9337-68F8-4E55-A97F-EB0FBEEFDB1F}" = rport=139 | protocol=6 | dir=out | app=system |
"{41F49716-8C77-4BE6-83E2-065EBF195F88}" = rport=137 | protocol=17 | dir=out | app=system |
"{4636FF69-84AA-405F-AFCF-2DA71F6F371D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4714D330-0E97-4F25-800D-5CEC7B4846D2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{490EAC57-D5F2-401A-898D-AE006772CA03}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5F7C9AAB-EEEE-418A-B538-44DD0760A5E2}" = lport=139 | protocol=6 | dir=in | app=system |
"{6D41FCBE-1EB1-485E-A61D-D1228FA93ADB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{72DDE9FE-F964-4BCF-BDC0-321B70E7B20E}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{73FF0C55-7D83-49B4-881E-FF2D24D8B02C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{748BF127-3FC4-4375-A619-B50C59D1DFDB}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7AB2CAB8-7B6A-4A2C-9D46-7A5AB31BFC0C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{82F81968-B8FF-4758-A69C-418838174605}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{851AB228-91A1-45D5-8AB3-8DE6A76BDF86}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{852EDB9D-C739-4D6F-A420-6C8A61B032BD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8672AC2E-E51C-4CC8-83F8-63458D0A8A19}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{867F6461-1350-492A-86E5-86C150868B84}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{891F6520-08C5-4D9C-A7DB-11599AB815A1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8DB70788-97EE-44ED-90DC-48A72870716D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9BC8C3BF-C15D-456A-9847-B20C027FD613}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9D03C988-2E64-406D-ADD3-8EB0D8721871}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{9D54A71E-B5E3-4B70-8A68-446EC3EB650C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A0F0141B-E863-47C5-B4BF-173F4DA50703}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A703E135-27A1-48EA-BBDA-34F3AE8BB5ED}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A7879D4C-E6F4-40E9-9C78-1E60DF8DF8B9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B9B64E36-15FE-4523-B39E-2E69543F32FD}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{BA530DD0-2023-4427-A269-A1447EF4467D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C20975FE-D85E-43BE-ACE4-8CB798058ECA}" = rport=138 | protocol=17 | dir=out | app=system |
"{D54304AF-7C27-4C59-9A0E-0CD32CEDCD2F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{D8EB8BD9-1ED8-40E9-8CEE-E13FCAEB74BF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E050EF11-4218-402E-81AA-CEDABFBDF5AB}" = rport=445 | protocol=6 | dir=out | app=system |
"{ED521986-7D22-4D0C-B087-E35AC12B57A8}" = lport=445 | protocol=6 | dir=in | app=system |
"{FFCD7941-D489-4A62-8806-E2AF8EBFA1FB}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01BE3177-A063-4552-BB62-D160FBF44766}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{025505D4-6077-411A-9478-BB8769F51F4A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{05AC40D9-BFFF-4EC1-BA77-0C683A4887FE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{08BD850C-8D43-4324-BBAC-816C116DC8CC}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{09CAD963-0B39-423F-A621-AC4150A739A6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0B32239B-1F0D-4FA2-A80F-A05DB37F7A09}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{1054EDAE-AA62-48D3-99FA-983141785897}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{20CFE884-28C7-47E9-9B2E-492D5C4CFABA}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{25D133BF-299A-4B02-8AF9-8D96B30244C1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2731C922-EA0A-4564-97F8-D6733E36EAEF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{2DD05FED-D33C-4175-B0A2-570B35707ACE}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{390A24FC-4790-429A-A959-A6012D2C022E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3A699A7B-5819-4FDE-BA94-6912FDC0FA0B}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-dede-downloader.exe |
"{3C559552-E485-4D03-AEF9-0F310A535437}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3CF0EAE0-9970-4C4B-8E98-D3FA298D10C4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3FDE0320-A106-4400-B3E4-76E824113E0A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{48CDBCB4-F852-46F7-B7CD-25C6FECD7D90}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{53170D1E-6A68-49EA-888B-F0F3FFF8695E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{535A559A-BB41-49D0-A4A6-98D41D7B9C81}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5B9F90E4-026A-4404-B9E4-AD8D69A32B71}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{66AF0E70-DE9A-45A7-9CA1-54D34A8C3857}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6B2DDB93-2868-4AFF-91A5-1607B9552A2B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7B8E1AF0-9C77-4B4A-ABC4-4F4882359845}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{8726942A-C972-43B6-ACD7-0732E231A0C4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{872D91D0-44E0-4DA3-B8A9-3AB4740072B4}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{899BAE5D-2193-4346-9FB6-E7B9E851E37C}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{8BED1863-CFB5-40DC-AF02-520CAE5DB75E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8E1F4C90-D21A-44F7-A038-B2F2EC22091A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{8EE74EBE-2917-4D24-BB23-E90BE09526CF}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{98E785B4-C3A2-4AE7-8EDF-43790DB6A7D5}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9AF0EEFA-51DB-4524-A65C-2E726A5C5FDC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A2AB05B6-C6D4-4CCB-AE50-5FB65A1081A8}" = protocol=6 | dir=out | app=system |
"{A30A80FF-53A2-4F92-BA3A-CB3BFF05170A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A6055329-5E01-4F6D-A3A8-39F386BF4788}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A6AFA928-F903-4F63-9B74-53047CFEC4EF}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-dede-downloader.exe |
"{A8093A72-305A-44E3-A65C-9629E45C2960}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{ACE14D80-D99E-465A-96EC-7A15E41A4F73}" = protocol=17 | dir=in | app=c:\program files (x86)\nonoh.net\nonoh\nonoh.exe |
"{ADF0DAE0-46F9-466E-9563-10C690B28A14}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe |
"{BB974A0A-F596-48F0-87D9-207C18B5FF4D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{CB70062C-8074-4810-A24E-0EF995D4EB4B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D2D9919B-26EC-40A2-9477-CE090B2498B6}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{D34185B4-EAC1-4004-8C1C-7B5CCD4E1EC7}" = protocol=6 | dir=in | app=c:\program files (x86)\nonoh.net\nonoh\nonoh.exe |
"{D4159C93-F4BC-49DA-B258-9B6D8F9EB0F5}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{D52E1F65-6FD3-4A77-9D41-7DE44B6CD5FD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D5626877-4B66-4492-8B30-25B5385C884A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E33D0182-7CC3-452E-B56F-05025CE3E2B1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F0343B7A-9F35-4D5F-A17C-E99055328B57}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F34C68E2-C242-4476-A704-D266F553BEFE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FAC6B312-05CF-4E62-997C-F2EE80376EF0}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{FBA372C9-863C-4144-9A0C-FE00B0A96EAE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{0C32EBDC-BC05-41CA-A927-55621FC960FE}C:\simulia\abaqus\6.10-1\exec\abqcaek.exe" = protocol=6 | dir=in | app=c:\simulia\abaqus\6.10-1\exec\abqcaek.exe |
"TCP Query User{0EB8EBE3-C268-44B1-AB74-CF8F6BE1FA02}C:\users\tankeu tokoto\downloads\wow-languagepack-3.x.x-esmx-downloader.exe" = protocol=6 | dir=in | app=c:\users\tankeu tokoto\downloads\wow-languagepack-3.x.x-esmx-downloader.exe |
"TCP Query User{1F91980B-7504-4C7C-B553-894CDC0D506C}C:\users\tankeu tokoto\appdata\roaming\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\tankeu tokoto\appdata\roaming\utorrent\utorrent.exe |
"TCP Query User{56F5E2C5-9B10-4A6D-941B-55D8DE1ED8E1}C:\program files (x86)\nonoh.net\nonoh\nonoh.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nonoh.net\nonoh\nonoh.exe |
"TCP Query User{6B520F8A-3F99-4FA3-81D9-6A654AF22EF2}C:\simulia\abaqus\6.10-1\exec\abqcaek.exe" = protocol=6 | dir=in | app=c:\simulia\abaqus\6.10-1\exec\abqcaek.exe |
"TCP Query User{9815A37B-12C7-4369-B7F9-1D56AE2DA2C9}C:\users\tankeu tokoto\downloads\wow-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\tankeu tokoto\downloads\wow-dede-installer-downloader.exe |
"TCP Query User{B062C3A8-6657-4B36-BCF1-0214D7B9A6E7}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{08020E70-A5B8-4DC7-9711-96B9BF0608F5}C:\simulia\abaqus\6.10-1\exec\abqcaek.exe" = protocol=17 | dir=in | app=c:\simulia\abaqus\6.10-1\exec\abqcaek.exe |
"UDP Query User{0AD3C332-18D8-4F79-9F8E-2B37EC316DE0}C:\users\tankeu tokoto\downloads\wow-languagepack-3.x.x-esmx-downloader.exe" = protocol=17 | dir=in | app=c:\users\tankeu tokoto\downloads\wow-languagepack-3.x.x-esmx-downloader.exe |
"UDP Query User{49CFC99F-F014-4848-AC28-E1477F2E729C}C:\program files (x86)\nonoh.net\nonoh\nonoh.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nonoh.net\nonoh\nonoh.exe |
"UDP Query User{5BA0A795-69C5-40BE-A689-E591D7798383}C:\simulia\abaqus\6.10-1\exec\abqcaek.exe" = protocol=17 | dir=in | app=c:\simulia\abaqus\6.10-1\exec\abqcaek.exe |
"UDP Query User{60874C3A-2447-4650-BF71-6E8858330B99}C:\users\tankeu tokoto\appdata\roaming\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\tankeu tokoto\appdata\roaming\utorrent\utorrent.exe |
"UDP Query User{C8074478-AC4E-419A-BB2B-D5F98C769878}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{FDBB82CF-932A-40CE-B185-79E9AD3C3415}C:\users\tankeu tokoto\downloads\wow-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\tankeu tokoto\downloads\wow-dede-installer-downloader.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX700_series" = Canon MX700 series
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416045FF}" = Java(TM) 6 Update 45 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D3299935-57F7-403A-9D7B-0B8F9F56F44B}" = Microsoft HPC MPI Redistributable Pack
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E461C0B2-523B-2940-C5DF-D174284CE609}" = ccc-utility64
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CanonMyPrinter" = Canon My Printer
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CFDC67-5B03-EE5C-4176-F545B0D2F485}" = CCC Help Korean
"{04F3038E-4120-44CC-B330-E05F737246A5}" = Roxio Update Manager
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0A2AC888-61DC-CD55-5969-8602A7E9716D}" = CCC Help Italian
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CF884B6-C6D8-EB7B-D2BF-2877C6F49EBC}" = CCC Help Swedish
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{185CC275-907C-0D83-B0C2-7B065C5108D8}" = CCC Help Chinese Traditional
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MySQL Connector/ODBC 5.1
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2ED967AD-FBB0-5355-F5F2-E7A03AAD4F71}" = Catalyst Control Center Localization All
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{30FA0F5C-B1A9-39EB-8148-3D574C0C8332}" = Catalyst Control Center Graphics Previews Common
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{35852FDE-7263-23EA-435F-44E4B61996D0}" = CCC Help Japanese
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A07247E-0645-8BCF-8419-FD857790108D}" = Skins
"{445F6C1F-C48F-0CC9-A030-040D3EA42C93}" = Catalyst Control Center Graphics Full New
"{46E08E5F-02B4-E854-CD4F-ED3E4FEBE122}" = CCC Help French
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}" = PC Connectivity Solution
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A841BCF-1C5B-E3DA-9475-892CA6576425}" = CCC Help Finnish
"{5B8741B6-4BEA-47D3-DB77-959C7FF35B39}" = Catalyst Control Center Graphics Full Existing
"{5FA16D15-FA5B-7F0F-7CBB-369E1E2937C9}" = CCC Help Spanish
"{61F27C5E-5274-0DB8-67CC-5253C6CF2B93}" = CCC Help Dutch
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6625CE8F-6E89-561F-D828-1B8535DEEBB6}" = Catalyst Control Center Core Implementation
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}" = Catalyst Control Center - Branding
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D2CCC4B-007D-EEE7-3E69-578B178A7B91}" = Catalyst Control Center Graphics Previews Vista
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell" = WildTangent Games App (Dell Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E3D92F-2C51-B4E9-F2B6-EAF89C33E580}" = CCC Help Portuguese
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F218D6-EAF4-402C-36B1-C3F0EC62598D}" = ccc-core-static
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80A07844-CA64-4DE4-AB61-D37DDBE8074F}" = PDF Architect
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86C527CC-4AF2-903C-7BFF-5975272CC645}" = Catalyst Control Center InstallProxy
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DDFDDE9-C206-F32E-66AD-D17558D7677E}" = CCC Help German
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96E2E493-C484-43E3-9B95-D62EE7D40D3A}" = Toolbar 4.7 by SweetPacks
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2A4AC67-DC60-A92B-DD50-65BEE8FA8D71}" = CCC Help Russian
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B9C5005C-56CA-38E4-A093-79F22ECA0427}" = CCC Help Norwegian
"{BF33E75D-5C02-47F2-9F4E-65D17978A806}" = FileCards
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.16
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DC93F14E-D2C9-D6D1-31B6-D31AC2AD3BB0}" = Catalyst Control Center Graphics Light
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6E0F53B-B7B8-E052-5C32-76C885536A3E}" = CCC Help Danish
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F7FE3C6E-ECB8-0853-584F-BE19BA05B1B8}" = CCC Help Chinese Standard
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCC49808-C684-FEFA-3C02-46A04A7C9EBD}" = CCC Help English
"Abaqus 6.10-1" = Abaqus 6.10-1
"Abaqus FLEXnet License Server" = Abaqus FLEXnet License Server
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Dell Webcam Central" = Dell Webcam Central
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Flatcast_is1" = Flatcast Viewer Plugin 5.2.2.454
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"Nonoh_is1" = Nonoh
"Picasa 3" = Picasa 3
"Power Tab Editor 1.7" = Power Tab Editor 1.7
"SweetIM Bundle by SweetPacks" = SweetIM Bundle by SweetPacks
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.2
"WildTangent dell Master Uninstall" = WildTangent-Spiele
"WinGimp-2.0_is1" = GIMP 2.6.12
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 05.02.2012 15:27:06 | Computer Name = TankeuTokoto-PC | Source = DataSafe.exe | ID = 0
Description = Recovery Environment incorrect, file 'F:\dell\Image\Factory.wim' missing
Error - 08.02.2012 04:18:40 | Computer Name = TankeuTokoto-PC | Source = Bonjour Service | ID = 100
Description =
Error - 08.02.2012 04:18:40 | Computer Name = TankeuTokoto-PC | Source = Bonjour Service | ID = 100
Description =
Error - 08.02.2012 04:18:40 | Computer Name = TankeuTokoto-PC | Source = Bonjour Service | ID = 100
Description =
Error - 09.02.2012 14:14:28 | Computer Name = TankeuTokoto-PC | Source = Bonjour Service | ID = 100
Description =
Error - 09.02.2012 14:14:28 | Computer Name = TankeuTokoto-PC | Source = Bonjour Service | ID = 100
Description =
Error - 09.02.2012 14:14:28 | Computer Name = TankeuTokoto-PC | Source = Bonjour Service | ID = 100
Description =
Error - 11.02.2012 07:33:04 | Computer Name = TankeuTokoto-PC | Source = Bonjour Service | ID = 100
Description =
Error - 11.02.2012 07:33:04 | Computer Name = TankeuTokoto-PC | Source = Bonjour Service | ID = 100
Description =
Error - 11.02.2012 07:33:04 | Computer Name = TankeuTokoto-PC | Source = Bonjour Service | ID = 100
Description =
[ Cisco AnyConnect VPN Client Events ]
Error - 15.07.2011 04:17:48 | Computer Name = TankeuTokoto-PC | Source = vpnagent | ID = 67108866
Description = Function: CExceptionHandlerEx::GenerateMiniDump File: .\Utility\Win\Minidump.cpp
Line:
427 Invoked Function: UNHANDLED EXCEPTION Return Code: -1073741819 (0xC0000005) Description:
WINDOWS_ERROR_CODE ACCESS_VIOLATION. A mindump file is located at: C:\Windows\TEMP\vpnagent.exe_2.4.0202_20110715101748.mdmp
Error - 15.07.2011 04:18:10 | Computer Name = TankeuTokoto-PC | Source = vpnagent | ID = 67108866
Description = Function: CExceptionHandlerEx::GenerateMiniDump File: .\Utility\Win\Minidump.cpp
Line:
427 Invoked Function: UNHANDLED EXCEPTION Return Code: -1073741819 (0xC0000005) Description:
WINDOWS_ERROR_CODE ACCESS_VIOLATION. A mindump file is located at: C:\Windows\TEMP\vpnagent.exe_2.4.0202_20110715101808.mdmp
[ Dell Events ]
Error - 24.04.2011 12:24:16 | Computer Name = TankeuTokoto-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 25.07.2011 17:08:24 | Computer Name = TankeuTokoto-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 25.07.2011 17:08:24 | Computer Name = TankeuTokoto-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 25.07.2011 17:08:40 | Computer Name = TankeuTokoto-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 25.07.2011 17:08:40 | Computer Name = TankeuTokoto-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 03.08.2011 03:54:54 | Computer Name = TankeuTokoto-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 03.08.2011 03:54:54 | Computer Name = TankeuTokoto-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 03.08.2011 04:05:43 | Computer Name = TankeuTokoto-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 03.08.2011 04:05:43 | Computer Name = TankeuTokoto-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 03.08.2011 04:06:15 | Computer Name = TankeuTokoto-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
[ Media Center Events ]
Error - 14.06.2012 06:30:07 | Computer Name = TankeuTokoto-PC | Source = MCUpdate | ID = 0
Description = 12:30:07 - Fehler beim Herstellen der Internetverbindung. 12:30:07
- Serververbindung konnte nicht hergestellt werden..
Error - 14.06.2012 06:30:14 | Computer Name = TankeuTokoto-PC | Source = MCUpdate | ID = 0
Description = 12:30:12 - Fehler beim Herstellen der Internetverbindung. 12:30:12
- Serververbindung konnte nicht hergestellt werden..
Error - 15.06.2012 02:28:27 | Computer Name = TankeuTokoto-PC | Source = MCUpdate | ID = 0
Description = 08:28:27 - Fehler beim Herstellen der Internetverbindung. 08:28:27
- Serververbindung konnte nicht hergestellt werden..
Error - 15.06.2012 02:28:36 | Computer Name = TankeuTokoto-PC | Source = MCUpdate | ID = 0
Description = 08:28:32 - Fehler beim Herstellen der Internetverbindung. 08:28:32
- Serververbindung konnte nicht hergestellt werden..
Error - 15.06.2012 03:28:41 | Computer Name = TankeuTokoto-PC | Source = MCUpdate | ID = 0
Description = 09:28:41 - Fehler beim Herstellen der Internetverbindung. 09:28:41
- Serververbindung konnte nicht hergestellt werden..
Error - 15.06.2012 03:28:47 | Computer Name = TankeuTokoto-PC | Source = MCUpdate | ID = 0
Description = 09:28:46 - Fehler beim Herstellen der Internetverbindung. 09:28:46
- Serververbindung konnte nicht hergestellt werden..
Error - 15.06.2012 04:28:52 | Computer Name = TankeuTokoto-PC | Source = MCUpdate | ID = 0
Description = 10:28:52 - Fehler beim Herstellen der Internetverbindung. 10:28:52
- Serververbindung konnte nicht hergestellt werden..
Error - 15.06.2012 04:28:58 | Computer Name = TankeuTokoto-PC | Source = MCUpdate | ID = 0
Description = 10:28:57 - Fehler beim Herstellen der Internetverbindung. 10:28:57
- Serververbindung konnte nicht hergestellt werden..
Error - 15.06.2012 05:30:06 | Computer Name = TankeuTokoto-PC | Source = MCUpdate | ID = 0
Description = 11:30:06 - Fehler beim Herstellen der Internetverbindung. 11:30:06
- Serververbindung konnte nicht hergestellt werden..
Error - 15.06.2012 05:30:13 | Computer Name = TankeuTokoto-PC | Source = MCUpdate | ID = 0
Description = 11:30:11 - Fehler beim Herstellen der Internetverbindung. 11:30:11
- Serververbindung konnte nicht hergestellt werden..
[ OSession Events ]
Error - 30.07.2012 15:34:36 | Computer Name = TankeuTokoto-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 112
seconds with 60 seconds of active time. This session ended with a crash.
Error - 12.02.2013 05:42:20 | Computer Name = TankeuTokoto-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 754
seconds with 660 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 28.05.2013 03:37:27 | Computer Name = TankeuTokoto-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 28.05.2013 03:37:57 | Computer Name = TankeuTokoto-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 28.05.2013 08:12:55 | Computer Name = TankeuTokoto-PC | Source = DCOM | ID = 10016
Description =
Error - 28.05.2013 08:12:55 | Computer Name = TankeuTokoto-PC | Source = DCOM | ID = 10016
Description =
Error - 28.05.2013 09:02:23 | Computer Name = TankeuTokoto-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
vflt
Error - 29.05.2013 05:16:43 | Computer Name = TankeuTokoto-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Audio Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 29.05.2013 05:16:43 | Computer Name = TankeuTokoto-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
vflt
Error - 06.06.2013 12:31:49 | Computer Name = TankeuTokoto-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?06.?06.?2013 um 15:45:54 unerwartet heruntergefahren.
Error - 06.06.2013 12:32:29 | Computer Name = TankeuTokoto-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
vflt
Error - 07.06.2013 01:43:41 | Computer Name = TankeuTokoto-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
vflt
< End of report >
|
|
12.06.2013, 17:25
| #5 |
| /// Malware-holic | Mehrere Funde durch Malwarebytes hi, Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.06.2013, 18:02
| #6 |
| | Mehrere Funde durch Malwarebytes Hi, hier das file: Code:
ATTFilter 18:58:21.0728 6804 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:58:23.0755 6804 ============================================================
18:58:23.0755 6804 Current date / time: 2013/06/12 18:58:23.0755
18:58:23.0755 6804 SystemInfo:
18:58:23.0755 6804
18:58:23.0755 6804 OS Version: 6.1.7601 ServicePack: 1.0
18:58:23.0755 6804 Product type: Workstation
18:58:23.0755 6804 ComputerName: TANKEUTOKOTO-PC
18:58:23.0755 6804 UserName: Tankeu Tokoto
18:58:23.0755 6804 Windows directory: C:\Windows
18:58:23.0755 6804 System windows directory: C:\Windows
18:58:23.0755 6804 Running under WOW64
18:58:23.0755 6804 Processor architecture: Intel x64
18:58:23.0755 6804 Number of processors: 2
18:58:23.0755 6804 Page size: 0x1000
18:58:23.0755 6804 Boot type: Normal boot
18:58:23.0755 6804 ============================================================
18:58:24.0577 6804 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:58:24.0597 6804 Drive \Device\Harddisk1\DR6 - Size: 0x1E6C60000 (7.61 Gb), SectorSize: 0x200, Cylinders: 0x3E0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:58:24.0597 6804 ============================================================
18:58:24.0597 6804 \Device\Harddisk0\DR0:
18:58:24.0597 6804 MBR partitions:
18:58:24.0597 6804 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
18:58:24.0597 6804 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x1DBE0830
18:58:24.0637 6804 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1F941800, BlocksNum 0x278C800
18:58:24.0647 6804 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x220CE800, BlocksNum 0x182B7000
18:58:24.0647 6804 \Device\Harddisk1\DR6:
18:58:24.0647 6804 MBR partitions:
18:58:24.0647 6804 \Device\Harddisk1\DR6\Partition1: MBR, Type 0xC, StartLBA 0x29B8, BlocksNum 0xF33948
18:58:24.0647 6804 ============================================================
18:58:24.0697 6804 C: <-> \Device\Harddisk0\DR0\Partition2
18:58:24.0778 6804 E: <-> \Device\Harddisk0\DR0\Partition3
18:58:24.0799 6804 F: <-> \Device\Harddisk0\DR0\Partition4
18:58:24.0799 6804 ============================================================
18:58:24.0799 6804 Initialize success
18:58:24.0799 6804 ============================================================
18:59:14.0402 5556 ============================================================
18:59:14.0402 5556 Scan started
18:59:14.0402 5556 Mode: Manual; SigCheck; TDLFS;
18:59:14.0402 5556 ============================================================
18:59:14.0692 5556 ================ Scan system memory ========================
18:59:14.0692 5556 System memory - ok
18:59:14.0692 5556 ================ Scan services =============================
18:59:14.0872 5556 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:59:15.0102 5556 1394ohci - ok
18:59:15.0122 5556 [ C49C56B35BFC6CDA8D1FDCAD2885568F ] Acceler C:\Windows\system32\DRIVERS\Acceler.sys
18:59:15.0132 5556 Acceler - ok
18:59:15.0172 5556 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:59:15.0192 5556 ACPI - ok
18:59:15.0212 5556 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:59:15.0272 5556 AcpiPmi - ok
18:59:15.0362 5556 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:59:15.0382 5556 AdobeARMservice - ok
18:59:15.0442 5556 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:59:15.0492 5556 adp94xx - ok
18:59:15.0512 5556 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:59:15.0542 5556 adpahci - ok
18:59:15.0552 5556 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:59:15.0572 5556 adpu320 - ok
18:59:15.0602 5556 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:59:15.0682 5556 AeLookupSvc - ok
18:59:15.0722 5556 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:59:15.0802 5556 AFD - ok
18:59:15.0832 5556 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:59:15.0852 5556 agp440 - ok
18:59:15.0872 5556 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:59:15.0922 5556 ALG - ok
18:59:15.0942 5556 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:59:15.0972 5556 aliide - ok
18:59:16.0002 5556 [ 9A5495EDEBE7D6B3F7E9A86EBE5EA248 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
18:59:16.0042 5556 AMD External Events Utility - ok
18:59:16.0062 5556 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:59:16.0082 5556 amdide - ok
18:59:16.0102 5556 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:59:16.0142 5556 AmdK8 - ok
18:59:16.0162 5556 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:59:16.0202 5556 AmdPPM - ok
18:59:16.0232 5556 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:59:16.0262 5556 amdsata - ok
18:59:16.0282 5556 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:59:16.0322 5556 amdsbs - ok
18:59:16.0342 5556 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:59:16.0362 5556 amdxata - ok
18:59:16.0422 5556 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:59:16.0502 5556 AppID - ok
18:59:16.0542 5556 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:59:16.0642 5556 AppIDSvc - ok
18:59:16.0672 5556 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
18:59:16.0702 5556 Appinfo - ok
18:59:16.0802 5556 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:59:16.0822 5556 Apple Mobile Device - ok
18:59:16.0863 5556 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
18:59:16.0893 5556 arc - ok
18:59:16.0913 5556 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:59:16.0943 5556 arcsas - ok
18:59:17.0053 5556 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:59:17.0083 5556 aspnet_state - ok
18:59:17.0113 5556 [ 0BAEFD3F648C6E7AB52990DD9565E4E2 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
18:59:17.0173 5556 aswFsBlk - ok
18:59:17.0213 5556 [ 36949EB7E71C5779C5163AF6AFB2A161 ] aswKbd C:\Windows\system32\drivers\aswKbd.sys
18:59:17.0233 5556 aswKbd - ok
18:59:17.0263 5556 [ FA562F34ED6633C66170B09182B4C049 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
18:59:17.0293 5556 aswMonFlt - ok
18:59:17.0363 5556 [ 64E2BAB4096C13D2342BC4661C967E07 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
18:59:17.0393 5556 aswRdr - ok
18:59:17.0423 5556 [ 5573AA70993A2BB81525B1C704B88763 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
18:59:17.0443 5556 aswRvrt - ok
18:59:17.0483 5556 [ 10ED1CAB84AA65983C41A11F60294C9B ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
18:59:17.0553 5556 aswSnx - ok
18:59:17.0563 5556 [ 00E5253353717D3CA12A0F5A6F9991EC ] aswSP C:\Windows\system32\drivers\aswSP.sys
18:59:17.0593 5556 aswSP - ok
18:59:17.0603 5556 [ 29DD8E458A84171202AA4979364C30C0 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
18:59:17.0623 5556 aswTdi - ok
18:59:17.0653 5556 [ 6359B99C955DB9F40B653159A0EED261 ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
18:59:17.0673 5556 aswVmm - ok
18:59:17.0693 5556 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:59:17.0773 5556 AsyncMac - ok
18:59:17.0793 5556 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:59:17.0823 5556 atapi - ok
18:59:17.0973 5556 [ A08339AE90972E268B9622C668F450E8 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
18:59:18.0145 5556 atikmdag - ok
18:59:18.0195 5556 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:59:18.0315 5556 AudioEndpointBuilder - ok
18:59:18.0345 5556 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:59:18.0411 5556 AudioSrv - ok
18:59:18.0477 5556 [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
18:59:18.0497 5556 avast! Antivirus - ok
18:59:18.0567 5556 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:59:18.0627 5556 AxInstSV - ok
18:59:18.0677 5556 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
18:59:18.0737 5556 b06bdrv - ok
18:59:18.0767 5556 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:59:18.0827 5556 b57nd60a - ok
18:59:18.0877 5556 [ E001DD475A7C27EBE5A0DB45C11BAD71 ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
18:59:18.0897 5556 BCM42RLY - ok
18:59:18.0979 5556 [ F4CD5F52850BF2C978DE178F256BA372 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
18:59:19.0099 5556 BCM43XX - ok
18:59:19.0149 5556 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:59:19.0199 5556 BDESVC - ok
18:59:19.0229 5556 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:59:19.0319 5556 Beep - ok
18:59:19.0379 5556 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:59:19.0479 5556 BFE - ok
18:59:19.0529 5556 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
18:59:19.0661 5556 BITS - ok
18:59:19.0683 5556 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:59:19.0711 5556 blbdrive - ok
18:59:19.0751 5556 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:59:19.0771 5556 bowser - ok
18:59:19.0791 5556 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:59:19.0821 5556 BrFiltLo - ok
18:59:19.0841 5556 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:59:19.0861 5556 BrFiltUp - ok
18:59:19.0901 5556 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:59:19.0921 5556 Browser - ok
18:59:19.0941 5556 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:59:19.0981 5556 Brserid - ok
18:59:20.0011 5556 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:59:20.0061 5556 BrSerWdm - ok
18:59:20.0081 5556 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:59:20.0131 5556 BrUsbMdm - ok
18:59:20.0151 5556 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:59:20.0181 5556 BrUsbSer - ok
18:59:20.0201 5556 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:59:20.0251 5556 BTHMODEM - ok
18:59:20.0291 5556 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:59:20.0381 5556 bthserv - ok
18:59:20.0401 5556 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:59:20.0461 5556 cdfs - ok
18:59:20.0501 5556 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:59:20.0531 5556 cdrom - ok
18:59:20.0581 5556 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:59:20.0651 5556 CertPropSvc - ok
18:59:20.0691 5556 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:59:20.0721 5556 circlass - ok
18:59:20.0751 5556 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:59:20.0781 5556 CLFS - ok
18:59:20.0831 5556 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:59:20.0851 5556 clr_optimization_v2.0.50727_32 - ok
18:59:20.0881 5556 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:59:20.0911 5556 clr_optimization_v2.0.50727_64 - ok
18:59:20.0981 5556 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:59:21.0011 5556 clr_optimization_v4.0.30319_32 - ok
18:59:21.0031 5556 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:59:21.0061 5556 clr_optimization_v4.0.30319_64 - ok
18:59:21.0071 5556 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:59:21.0101 5556 CmBatt - ok
18:59:21.0141 5556 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:59:21.0151 5556 cmdide - ok
18:59:21.0201 5556 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
18:59:21.0261 5556 CNG - ok
18:59:21.0301 5556 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:59:21.0331 5556 Compbatt - ok
18:59:21.0341 5556 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:59:21.0391 5556 CompositeBus - ok
18:59:21.0401 5556 COMSysApp - ok
18:59:21.0431 5556 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:59:21.0461 5556 crcdisk - ok
18:59:21.0491 5556 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:59:21.0541 5556 CryptSvc - ok
18:59:21.0581 5556 [ ED5CF92396A62F4C15110DCDB5E854D9 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
18:59:21.0621 5556 CtClsFlt - ok
18:59:21.0671 5556 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:59:21.0771 5556 DcomLaunch - ok
18:59:21.0853 5556 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:59:22.0853 5556 defragsvc - ok
18:59:22.0904 5556 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:59:22.0964 5556 DfsC - ok
18:59:23.0004 5556 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:59:23.0104 5556 Dhcp - ok
18:59:23.0134 5556 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:59:23.0204 5556 discache - ok
18:59:23.0234 5556 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:59:23.0254 5556 Disk - ok
18:59:23.0284 5556 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:59:23.0324 5556 Dnscache - ok
18:59:23.0404 5556 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
18:59:23.0424 5556 DockLoginService ( UnsignedFile.Multi.Generic ) - warning
18:59:23.0424 5556 DockLoginService - detected UnsignedFile.Multi.Generic (1)
18:59:23.0454 5556 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:59:23.0544 5556 dot3svc - ok
18:59:23.0574 5556 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:59:23.0634 5556 DPS - ok
18:59:23.0664 5556 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:59:23.0684 5556 drmkaud - ok
18:59:23.0744 5556 dump_wmimmc - ok
18:59:23.0794 5556 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:59:23.0864 5556 DXGKrnl - ok
18:59:23.0894 5556 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:59:23.0984 5556 EapHost - ok
18:59:24.0084 5556 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
18:59:24.0224 5556 ebdrv - ok
18:59:24.0254 5556 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:59:24.0294 5556 EFS - ok
18:59:24.0364 5556 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:59:24.0444 5556 ehRecvr - ok
18:59:24.0474 5556 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:59:24.0524 5556 ehSched - ok
18:59:24.0594 5556 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
18:59:24.0624 5556 ElbyCDIO - ok
18:59:24.0704 5556 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:59:24.0764 5556 elxstor - ok
18:59:24.0794 5556 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:59:24.0844 5556 ErrDev - ok
18:59:24.0894 5556 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:59:25.0004 5556 EventSystem - ok
18:59:25.0034 5556 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:59:25.0114 5556 exfat - ok
18:59:25.0144 5556 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:59:25.0224 5556 fastfat - ok
18:59:25.0274 5556 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:59:25.0354 5556 Fax - ok
18:59:25.0384 5556 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:59:25.0434 5556 fdc - ok
18:59:25.0474 5556 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:59:25.0564 5556 fdPHost - ok
18:59:25.0584 5556 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:59:25.0684 5556 FDResPub - ok
18:59:25.0704 5556 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:59:25.0734 5556 FileInfo - ok
18:59:25.0744 5556 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:59:25.0834 5556 Filetrace - ok
18:59:25.0945 5556 [ 9E084AA2E8061F7618495B67BD22FAFE ] Flexlm Service 1 C:\SIMULIA\License\lmgrd.exe
18:59:26.0025 5556 Flexlm Service 1 - ok
18:59:26.0035 5556 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:59:26.0065 5556 flpydisk - ok
18:59:26.0095 5556 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:59:26.0115 5556 FltMgr - ok
18:59:26.0175 5556 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
18:59:26.0245 5556 FontCache - ok
18:59:26.0285 5556 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:59:26.0315 5556 FontCache3.0.0.0 - ok
18:59:26.0345 5556 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:59:26.0375 5556 FsDepends - ok
18:59:26.0405 5556 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:59:26.0435 5556 Fs_Rec - ok
18:59:26.0465 5556 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:59:26.0505 5556 fvevol - ok
18:59:26.0515 5556 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:59:26.0535 5556 gagp30kx - ok
18:59:26.0605 5556 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
18:59:26.0625 5556 GamesAppService - ok
18:59:26.0665 5556 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:59:26.0695 5556 GEARAspiWDM - ok
18:59:26.0745 5556 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:59:26.0855 5556 gpsvc - ok
18:59:26.0925 5556 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:59:26.0955 5556 gupdate - ok
18:59:26.0965 5556 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:59:26.0985 5556 gupdatem - ok
18:59:27.0025 5556 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:59:27.0055 5556 gusvc - ok
18:59:27.0075 5556 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:59:27.0125 5556 hcw85cir - ok
18:59:27.0155 5556 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:59:27.0205 5556 HdAudAddService - ok
18:59:27.0235 5556 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:59:27.0275 5556 HDAudBus - ok
18:59:27.0295 5556 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:59:27.0345 5556 HidBatt - ok
18:59:27.0365 5556 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:59:27.0415 5556 HidBth - ok
18:59:27.0445 5556 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:59:27.0485 5556 HidIr - ok
18:59:27.0525 5556 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
18:59:27.0605 5556 hidserv - ok
18:59:27.0645 5556 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:59:27.0675 5556 HidUsb - ok
18:59:27.0715 5556 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:59:27.0805 5556 hkmsvc - ok
18:59:27.0835 5556 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:59:27.0885 5556 HomeGroupListener - ok
18:59:27.0925 5556 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:59:27.0975 5556 HomeGroupProvider - ok
18:59:28.0005 5556 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:59:28.0035 5556 HpSAMD - ok
18:59:28.0095 5556 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:59:28.0205 5556 HTTP - ok
18:59:28.0255 5556 [ CDAA8E257BB625B2387219E605DDE37D ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
18:59:28.0265 5556 hwdatacard ( UnsignedFile.Multi.Generic ) - warning
18:59:28.0265 5556 hwdatacard - detected UnsignedFile.Multi.Generic (1)
18:59:28.0285 5556 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:59:28.0315 5556 hwpolicy - ok
18:59:28.0335 5556 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:59:28.0375 5556 i8042prt - ok
18:59:28.0435 5556 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
18:59:28.0475 5556 IAANTMON - ok
18:59:28.0515 5556 [ 4F6FB2CDBDEEFC47E7D2066E78254580 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
18:59:28.0545 5556 iaStor - ok
18:59:28.0565 5556 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:59:28.0585 5556 iaStorV - ok
18:59:28.0665 5556 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
18:59:28.0695 5556 IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:59:28.0695 5556 IDriverT - detected UnsignedFile.Multi.Generic (1)
18:59:28.0765 5556 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:59:28.0825 5556 idsvc - ok
18:59:28.0865 5556 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:59:28.0875 5556 iirsp - ok
18:59:28.0925 5556 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:59:29.0045 5556 IKEEXT - ok
18:59:29.0065 5556 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:59:29.0085 5556 intelide - ok
18:59:29.0105 5556 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:59:29.0125 5556 intelppm - ok
18:59:29.0145 5556 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:59:29.0205 5556 IPBusEnum - ok
18:59:29.0235 5556 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:59:29.0315 5556 IpFilterDriver - ok
18:59:29.0345 5556 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:59:29.0455 5556 iphlpsvc - ok
18:59:29.0485 5556 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:59:29.0515 5556 IPMIDRV - ok
18:59:29.0525 5556 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:59:29.0615 5556 IPNAT - ok
18:59:29.0755 5556 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:59:29.0805 5556 iPod Service - ok
18:59:29.0845 5556 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:59:29.0885 5556 IRENUM - ok
18:59:29.0935 5556 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:59:29.0955 5556 isapnp - ok
18:59:30.0005 5556 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:59:30.0045 5556 iScsiPrt - ok
18:59:30.0075 5556 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
18:59:30.0105 5556 kbdclass - ok
18:59:30.0145 5556 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
18:59:30.0185 5556 kbdhid - ok
18:59:30.0215 5556 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:59:30.0245 5556 KeyIso - ok
18:59:30.0285 5556 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:59:30.0315 5556 KSecDD - ok
18:59:30.0335 5556 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:59:30.0355 5556 KSecPkg - ok
18:59:30.0385 5556 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:59:30.0465 5556 ksthunk - ok
18:59:30.0505 5556 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:59:30.0595 5556 KtmRm - ok
18:59:30.0655 5556 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:59:30.0755 5556 LanmanServer - ok
18:59:30.0785 5556 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:59:30.0865 5556 LanmanWorkstation - ok
18:59:30.0895 5556 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:59:30.0955 5556 lltdio - ok
18:59:30.0995 5556 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:59:31.0055 5556 lltdsvc - ok
18:59:31.0075 5556 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:59:31.0125 5556 lmhosts - ok
18:59:31.0145 5556 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:59:31.0165 5556 LSI_FC - ok
18:59:31.0175 5556 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:59:31.0195 5556 LSI_SAS - ok
18:59:31.0205 5556 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:59:31.0225 5556 LSI_SAS2 - ok
18:59:31.0235 5556 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:59:31.0255 5556 LSI_SCSI - ok
18:59:31.0275 5556 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:59:31.0335 5556 luafv - ok
18:59:31.0365 5556 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:59:31.0395 5556 Mcx2Svc - ok
18:59:31.0415 5556 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:59:31.0445 5556 megasas - ok
18:59:31.0465 5556 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:59:31.0505 5556 MegaSR - ok
18:59:31.0585 5556 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
18:59:31.0615 5556 Microsoft Office Groove Audit Service - ok
18:59:31.0635 5556 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:59:31.0725 5556 MMCSS - ok
18:59:31.0745 5556 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:59:31.0785 5556 Modem - ok
18:59:31.0815 5556 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:59:31.0865 5556 monitor - ok
18:59:31.0896 5556 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:59:31.0926 5556 mouclass - ok
18:59:31.0936 5556 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:59:31.0976 5556 mouhid - ok
18:59:31.0996 5556 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:59:32.0016 5556 mountmgr - ok
18:59:32.0036 5556 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:59:32.0056 5556 mpio - ok
18:59:32.0066 5556 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:59:32.0116 5556 mpsdrv - ok
18:59:32.0156 5556 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:59:32.0266 5556 MpsSvc - ok
18:59:32.0296 5556 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:59:32.0356 5556 MRxDAV - ok
18:59:32.0386 5556 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:59:32.0426 5556 mrxsmb - ok
18:59:32.0446 5556 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:59:32.0486 5556 mrxsmb10 - ok
18:59:32.0516 5556 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:59:32.0536 5556 mrxsmb20 - ok
18:59:32.0758 5556 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:59:32.0778 5556 msahci - ok
18:59:32.0808 5556 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:59:32.0828 5556 msdsm - ok
18:59:32.0848 5556 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:59:32.0908 5556 MSDTC - ok
18:59:32.0938 5556 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:59:33.0008 5556 Msfs - ok
18:59:33.0028 5556 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:59:33.0088 5556 mshidkmdf - ok
18:59:33.0098 5556 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:59:33.0118 5556 msisadrv - ok
18:59:33.0138 5556 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:59:33.0208 5556 MSiSCSI - ok
18:59:33.0208 5556 msiserver - ok
18:59:33.0238 5556 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:59:33.0308 5556 MSKSSRV - ok
18:59:33.0348 5556 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:59:33.0408 5556 MSPCLOCK - ok
18:59:33.0428 5556 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:59:33.0488 5556 MSPQM - ok
18:59:33.0528 5556 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:59:33.0548 5556 MsRPC - ok
18:59:33.0568 5556 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:59:33.0578 5556 mssmbios - ok
18:59:33.0598 5556 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:59:33.0658 5556 MSTEE - ok
18:59:33.0678 5556 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:59:33.0698 5556 MTConfig - ok
18:59:33.0718 5556 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:59:33.0738 5556 Mup - ok
18:59:33.0758 5556 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:59:33.0828 5556 napagent - ok
18:59:33.0858 5556 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:59:33.0908 5556 NativeWifiP - ok
18:59:33.0948 5556 [ 74C4AC4E3424862A8149DD1E788ABC89 ] ncplelhp C:\Windows\system32\DRIVERS\ncplelhp.sys
18:59:33.0958 5556 ncplelhp - ok
18:59:33.0998 5556 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
18:59:34.0068 5556 NDIS - ok
18:59:34.0078 5556 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:59:34.0158 5556 NdisCap - ok
18:59:34.0178 5556 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:59:34.0238 5556 NdisTapi - ok
18:59:34.0258 5556 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:59:34.0338 5556 Ndisuio - ok
18:59:34.0358 5556 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:59:34.0458 5556 NdisWan - ok
18:59:34.0478 5556 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:59:34.0548 5556 NDProxy - ok
18:59:34.0588 5556 [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys
18:59:34.0628 5556 Netaapl - ok
18:59:34.0648 5556 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:59:34.0728 5556 NetBIOS - ok
18:59:34.0778 5556 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:59:34.0858 5556 NetBT - ok
18:59:34.0868 5556 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:59:34.0898 5556 Netlogon - ok
18:59:34.0938 5556 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:59:35.0028 5556 Netman - ok
18:59:35.0058 5556 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:59:35.0088 5556 NetMsmqActivator - ok
18:59:35.0098 5556 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:59:35.0118 5556 NetPipeActivator - ok
18:59:35.0148 5556 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:59:35.0248 5556 netprofm - ok
18:59:35.0258 5556 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:59:35.0278 5556 NetTcpActivator - ok
18:59:35.0288 5556 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:59:35.0318 5556 NetTcpPortSharing - ok
18:59:35.0350 5556 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:59:35.0370 5556 nfrd960 - ok
18:59:35.0410 5556 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:59:35.0500 5556 NlaSvc - ok
18:59:35.0520 5556 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:59:35.0590 5556 Npfs - ok
18:59:35.0610 5556 npggsvc - ok
18:59:35.0620 5556 NPPTNT2 - ok
18:59:35.0640 5556 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:59:35.0740 5556 nsi - ok
18:59:35.0760 5556 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:59:35.0840 5556 nsiproxy - ok
18:59:35.0890 5556 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:59:35.0990 5556 Ntfs - ok
18:59:36.0000 5556 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:59:36.0090 5556 Null - ok
18:59:36.0150 5556 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:59:36.0180 5556 nvraid - ok
18:59:36.0200 5556 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:59:36.0230 5556 nvstor - ok
18:59:36.0260 5556 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:59:36.0270 5556 nv_agp - ok
18:59:36.0320 5556 [ D955D5DE998DB2476BF0892BE3A96C26 ] O2FLASH C:\Windows\system32\DRIVERS\o2flash.exe
18:59:36.0360 5556 O2FLASH - ok
18:59:36.0380 5556 [ 1B2E099223F16AAB166E9602F7A5ECD4 ] O2MDGRDR C:\Windows\system32\DRIVERS\o2mdgx64.sys
18:59:36.0400 5556 O2MDGRDR - ok
18:59:36.0460 5556 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:59:36.0490 5556 odserv - ok
18:59:36.0520 5556 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:59:36.0560 5556 ohci1394 - ok
18:59:36.0610 5556 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:59:36.0640 5556 ose - ok
18:59:36.0680 5556 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:59:36.0740 5556 p2pimsvc - ok
18:59:36.0770 5556 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:59:36.0820 5556 p2psvc - ok
18:59:36.0850 5556 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:59:36.0890 5556 Parport - ok
18:59:36.0920 5556 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:59:36.0950 5556 partmgr - ok
18:59:36.0970 5556 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:59:37.0020 5556 PcaSvc - ok
18:59:37.0080 5556 [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
18:59:37.0120 5556 pccsmcfd - ok
18:59:37.0150 5556 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:59:37.0180 5556 pci - ok
18:59:37.0200 5556 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:59:37.0220 5556 pciide - ok
18:59:37.0230 5556 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:59:37.0250 5556 pcmcia - ok
18:59:37.0270 5556 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:59:37.0290 5556 pcw - ok
18:59:37.0380 5556 [ A1688A4FB2EC49D040C027EF6DC7A87B ] PDF Architect Helper Service C:\Program Files (x86)\PDF Architect\HelperService.exe
18:59:37.0460 5556 PDF Architect Helper Service - ok
18:59:37.0520 5556 [ E23FF9B2F8EEAB2BDDA681C21C48E843 ] PDF Architect Service C:\Program Files (x86)\PDF Architect\ConversionService.exe
18:59:37.0580 5556 PDF Architect Service - ok
18:59:37.0600 5556 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:59:37.0720 5556 PEAUTH - ok
18:59:37.0780 5556 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:59:37.0830 5556 PerfHost - ok
18:59:37.0931 5556 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:59:38.0071 5556 pla - ok
18:59:38.0101 5556 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:59:38.0161 5556 PlugPlay - ok
18:59:38.0191 5556 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:59:38.0241 5556 PNRPAutoReg - ok
18:59:38.0271 5556 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:59:38.0311 5556 PNRPsvc - ok
18:59:38.0341 5556 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:59:38.0451 5556 PolicyAgent - ok
18:59:38.0481 5556 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:59:38.0591 5556 Power - ok
18:59:38.0641 5556 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:59:38.0731 5556 PptpMiniport - ok
18:59:38.0761 5556 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:59:38.0801 5556 Processor - ok
18:59:38.0821 5556 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
18:59:38.0921 5556 ProfSvc - ok
18:59:38.0941 5556 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:59:38.0961 5556 ProtectedStorage - ok
18:59:39.0001 5556 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:59:39.0081 5556 Psched - ok
18:59:39.0121 5556 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
18:59:39.0151 5556 PxHlpa64 - ok
18:59:39.0191 5556 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:59:39.0271 5556 ql2300 - ok
18:59:39.0301 5556 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:59:39.0321 5556 ql40xx - ok
18:59:39.0351 5556 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:59:39.0381 5556 QWAVE - ok
18:59:39.0391 5556 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:59:39.0421 5556 QWAVEdrv - ok
18:59:39.0491 5556 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
18:59:39.0521 5556 RapiMgr - ok
18:59:39.0531 5556 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:59:39.0621 5556 RasAcd - ok
18:59:39.0661 5556 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:59:39.0721 5556 RasAgileVpn - ok
18:59:39.0731 5556 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:59:39.0781 5556 RasAuto - ok
18:59:39.0811 5556 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:59:39.0891 5556 Rasl2tp - ok
18:59:39.0951 5556 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:59:40.0061 5556 RasMan - ok
18:59:40.0081 5556 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:59:40.0171 5556 RasPppoe - ok
18:59:40.0201 5556 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:59:40.0271 5556 RasSstp - ok
18:59:40.0311 5556 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:59:40.0411 5556 rdbss - ok
18:59:40.0431 5556 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:59:40.0451 5556 rdpbus - ok
18:59:40.0471 5556 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:59:40.0531 5556 RDPCDD - ok
18:59:40.0561 5556 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:59:40.0611 5556 RDPENCDD - ok
18:59:40.0631 5556 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:59:40.0681 5556 RDPREFMP - ok
18:59:40.0721 5556 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:59:40.0751 5556 RDPWD - ok
18:59:40.0791 5556 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:59:40.0811 5556 rdyboost - ok
18:59:40.0831 5556 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:59:40.0928 5556 RemoteAccess - ok
18:59:40.0958 5556 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:59:41.0048 5556 RemoteRegistry - ok
18:59:41.0078 5556 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:59:41.0168 5556 RpcEptMapper - ok
18:59:41.0208 5556 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:59:41.0238 5556 RpcLocator - ok
18:59:41.0288 5556 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
18:59:41.0368 5556 RpcSs - ok
18:59:41.0398 5556 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:59:41.0488 5556 rspndr - ok
18:59:41.0528 5556 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
18:59:41.0578 5556 RTL8167 - ok
18:59:41.0628 5556 [ EA268BCE30691C2DD24F02E617FD2EB5 ] s0016bus C:\Windows\system32\DRIVERS\s0016bus.sys
18:59:41.0648 5556 s0016bus - ok
18:59:41.0678 5556 [ F5F9DEB89996D333EF976624D37E24E3 ] s0016mdfl C:\Windows\system32\DRIVERS\s0016mdfl.sys
18:59:41.0688 5556 s0016mdfl - ok
18:59:41.0718 5556 [ C17CE2AEE67480FEBCC36ECCB54C0BE8 ] s0016mdm C:\Windows\system32\DRIVERS\s0016mdm.sys
18:59:41.0728 5556 s0016mdm - ok
18:59:41.0748 5556 [ CC267F04C54C5EC5B7BD658D7628469F ] s0016mgmt C:\Windows\system32\DRIVERS\s0016mgmt.sys
18:59:41.0768 5556 s0016mgmt - ok
18:59:41.0788 5556 [ 30A35BBCE09D9FE67482FD62C61911FC ] s0016nd5 C:\Windows\system32\DRIVERS\s0016nd5.sys
18:59:41.0798 5556 s0016nd5 - ok
18:59:41.0808 5556 [ CA394DCC38579C7AD82E83EE64D798A0 ] s0016obex C:\Windows\system32\DRIVERS\s0016obex.sys
18:59:41.0818 5556 s0016obex - ok
18:59:41.0838 5556 [ EB267CCEA84E6E8598D92F73332AC67B ] s0016unic C:\Windows\system32\DRIVERS\s0016unic.sys
18:59:41.0868 5556 s0016unic - ok
18:59:41.0888 5556 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:59:41.0908 5556 SamSs - ok
18:59:41.0928 5556 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:59:41.0948 5556 sbp2port - ok
18:59:41.0968 5556 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:59:42.0028 5556 SCardSvr - ok
18:59:42.0058 5556 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:59:42.0138 5556 scfilter - ok
18:59:42.0188 5556 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:59:42.0298 5556 Schedule - ok
18:59:42.0328 5556 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:59:42.0368 5556 SCPolicySvc - ok
18:59:42.0398 5556 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
18:59:42.0418 5556 sdbus - ok
18:59:42.0448 5556 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:59:42.0498 5556 SDRSVC - ok
18:59:42.0528 5556 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:59:42.0598 5556 secdrv - ok
18:59:42.0638 5556 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:59:42.0738 5556 seclogon - ok
18:59:42.0778 5556 [ EDE7A1D2715AAC2190D51DC07AFD44E3 ] seehcri C:\Windows\system32\DRIVERS\seehcri.sys
18:59:42.0818 5556 seehcri ( UnsignedFile.Multi.Generic ) - warning
18:59:42.0818 5556 seehcri - detected UnsignedFile.Multi.Generic (1)
18:59:42.0858 5556 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
18:59:42.0948 5556 SENS - ok
18:59:42.0968 5556 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:59:42.0998 5556 SensrSvc - ok
18:59:43.0048 5556 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:59:43.0068 5556 Serenum - ok
18:59:43.0108 5556 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:59:43.0158 5556 Serial - ok
18:59:43.0178 5556 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:59:43.0208 5556 sermouse - ok
18:59:43.0298 5556 [ 668043F192AB9659761A349A4703600D ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
18:59:43.0358 5556 ServiceLayer - ok
18:59:43.0408 5556 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:59:43.0498 5556 SessionEnv - ok
18:59:43.0528 5556 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
18:59:43.0578 5556 sffdisk - ok
18:59:43.0608 5556 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:59:43.0648 5556 sffp_mmc - ok
18:59:43.0668 5556 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
18:59:43.0718 5556 sffp_sd - ok
18:59:43.0758 5556 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:59:43.0788 5556 sfloppy - ok
18:59:43.0888 5556 [ 74EC60E20516AAA573BE74F31175270F ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
18:59:43.0978 5556 SftService - ok
18:59:44.0018 5556 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:59:44.0118 5556 SharedAccess - ok
18:59:44.0158 5556 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:59:44.0258 5556 ShellHWDetection - ok
18:59:44.0288 5556 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:59:44.0298 5556 SiSRaid2 - ok
18:59:44.0318 5556 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:59:44.0338 5556 SiSRaid4 - ok
18:59:44.0348 5556 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:59:44.0408 5556 Smb - ok
18:59:44.0448 5556 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:59:44.0488 5556 SNMPTRAP - ok
18:59:44.0508 5556 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:59:44.0528 5556 spldr - ok
18:59:44.0549 5556 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
18:59:44.0615 5556 Spooler - ok
18:59:44.0722 5556 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:59:44.0896 5556 sppsvc - ok
18:59:44.0916 5556 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:59:44.0976 5556 sppuinotify - ok
18:59:45.0026 5556 [ D630B6F2E8379B6F10DC16E82A426552 ] sprtsvc_DellSupportCenter C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
18:59:45.0046 5556 sprtsvc_DellSupportCenter - ok
18:59:45.0076 5556 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:59:45.0126 5556 srv - ok
18:59:45.0156 5556 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:59:45.0206 5556 srv2 - ok
18:59:45.0226 5556 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:59:45.0266 5556 srvnet - ok
18:59:45.0296 5556 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:59:45.0396 5556 SSDPSRV - ok
18:59:45.0426 5556 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:59:45.0476 5556 SstpSvc - ok
18:59:45.0586 5556 [ 444109453A2B87E6C16BCDA5953E81A9 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
18:59:45.0626 5556 STacSV - ok
18:59:45.0666 5556 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:59:45.0696 5556 stexstor - ok
18:59:45.0726 5556 [ 02E784FA49032F84964DB90A3ED81890 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
18:59:45.0776 5556 STHDA - ok
18:59:45.0816 5556 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
18:59:45.0856 5556 StillCam - ok
18:59:45.0896 5556 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:59:45.0946 5556 stisvc - ok
18:59:45.0966 5556 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
18:59:45.0986 5556 swenum - ok
18:59:46.0006 5556 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:59:46.0086 5556 swprv - ok
18:59:46.0116 5556 [ 1657B7442D5CE30533F5C4317716B468 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
18:59:46.0146 5556 SynTP - ok
18:59:46.0206 5556 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:59:46.0316 5556 SysMain - ok
18:59:46.0386 5556 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:59:46.0426 5556 TabletInputService - ok
18:59:46.0446 5556 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:59:46.0556 5556 TapiSrv - ok
18:59:46.0576 5556 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:59:46.0676 5556 TBS - ok
18:59:46.0766 5556 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:59:46.0856 5556 Tcpip - ok
18:59:46.0896 5556 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:59:46.0966 5556 TCPIP6 - ok
18:59:47.0006 5556 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:59:47.0086 5556 tcpipreg - ok
18:59:47.0116 5556 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:59:47.0156 5556 TDPIPE - ok
18:59:47.0186 5556 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:59:47.0226 5556 TDTCP - ok
18:59:47.0256 5556 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:59:47.0326 5556 tdx - ok
18:59:47.0356 5556 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:59:47.0376 5556 TermDD - ok
18:59:47.0396 5556 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:59:47.0496 5556 TermService - ok
18:59:47.0526 5556 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:59:47.0586 5556 Themes - ok
18:59:47.0626 5556 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:59:47.0696 5556 THREADORDER - ok
18:59:47.0706 5556 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:59:47.0756 5556 TrkWks - ok
18:59:47.0816 5556 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:59:47.0896 5556 TrustedInstaller - ok
18:59:47.0936 5556 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:59:47.0977 5556 tssecsrv - ok
18:59:48.0027 5556 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:59:48.0057 5556 TsUsbFlt - ok
18:59:48.0097 5556 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:59:48.0157 5556 tunnel - ok
18:59:48.0197 5556 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:59:48.0217 5556 uagp35 - ok
18:59:48.0237 5556 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:59:48.0297 5556 udfs - ok
18:59:48.0317 5556 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:59:48.0357 5556 UI0Detect - ok
18:59:48.0397 5556 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:59:48.0427 5556 uliagpkx - ok
18:59:48.0457 5556 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:59:48.0507 5556 umbus - ok
18:59:48.0527 5556 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:59:48.0557 5556 UmPass - ok
18:59:48.0587 5556 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:59:48.0637 5556 upnphost - ok
18:59:48.0677 5556 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
18:59:48.0717 5556 USBAAPL64 - ok
18:59:48.0747 5556 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:59:48.0787 5556 usbccgp - ok
18:59:48.0817 5556 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:59:48.0857 5556 usbcir - ok
18:59:48.0867 5556 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:59:48.0917 5556 usbehci - ok
18:59:48.0947 5556 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:59:48.0997 5556 usbhub - ok
18:59:49.0017 5556 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:59:49.0057 5556 usbohci - ok
18:59:49.0097 5556 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:59:49.0127 5556 usbprint - ok
18:59:49.0167 5556 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:59:49.0197 5556 usbscan - ok
18:59:49.0257 5556 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\Windows\system32\drivers\usbser.sys
18:59:49.0297 5556 usbser - ok
18:59:49.0317 5556 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:59:49.0367 5556 USBSTOR - ok
18:59:49.0387 5556 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:59:49.0427 5556 usbuhci - ok
18:59:49.0467 5556 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
18:59:49.0527 5556 usbvideo - ok
18:59:49.0557 5556 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:59:49.0647 5556 UxSms - ok
18:59:49.0677 5556 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:59:49.0697 5556 VaultSvc - ok
18:59:49.0727 5556 [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
18:59:49.0767 5556 VClone - ok
18:59:49.0797 5556 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:59:49.0827 5556 vdrvroot - ok
18:59:49.0867 5556 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:59:49.0957 5556 vds - ok
18:59:49.0987 5556 [ 00C7DF4F50962BA218AB60D32869100B ] vflt C:\Windows\system32\DRIVERS\vfilter.sys
18:59:50.0007 5556 vflt ( UnsignedFile.Multi.Generic ) - warning
18:59:50.0007 5556 vflt - detected UnsignedFile.Multi.Generic (1)
18:59:50.0037 5556 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:59:50.0077 5556 vga - ok
18:59:50.0087 5556 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:59:50.0177 5556 VgaSave - ok
18:59:50.0207 5556 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:59:50.0237 5556 vhdmp - ok
18:59:50.0257 5556 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:59:50.0287 5556 viaide - ok
18:59:50.0317 5556 [ A99CA064AD11266FE7067A79BF78BBB5 ] vnet C:\Windows\system32\DRIVERS\virtualnet.sys
18:59:50.0347 5556 vnet ( UnsignedFile.Multi.Generic ) - warning
18:59:50.0347 5556 vnet - detected UnsignedFile.Multi.Generic (1)
18:59:50.0367 5556 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:59:50.0397 5556 volmgr - ok
18:59:50.0447 5556 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:59:50.0487 5556 volmgrx - ok
18:59:50.0517 5556 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:59:50.0557 5556 volsnap - ok
18:59:50.0577 5556 vpnva - ok
18:59:50.0607 5556 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:59:50.0637 5556 vsmraid - ok
18:59:50.0697 5556 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:59:50.0817 5556 VSS - ok
18:59:50.0837 5556 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
18:59:50.0877 5556 vwifibus - ok
18:59:50.0907 5556 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:59:50.0937 5556 vwififlt - ok
18:59:50.0967 5556 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
18:59:50.0987 5556 vwifimp - ok
18:59:51.0017 5556 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:59:51.0067 5556 W32Time - ok
18:59:51.0077 5556 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:59:51.0107 5556 WacomPen - ok
18:59:51.0137 5556 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:59:51.0217 5556 WANARP - ok
18:59:51.0227 5556 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:59:51.0287 5556 Wanarpv6 - ok
18:59:51.0337 5556 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:59:51.0417 5556 WatAdminSvc - ok
18:59:51.0487 5556 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:59:51.0577 5556 wbengine - ok
18:59:51.0607 5556 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:59:51.0647 5556 WbioSrvc - ok
18:59:51.0677 5556 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
18:59:51.0707 5556 WcesComm - ok
18:59:51.0747 5556 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:59:51.0797 5556 wcncsvc - ok
18:59:51.0807 5556 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:59:51.0837 5556 WcsPlugInService - ok
18:59:51.0867 5556 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:59:51.0897 5556 Wd - ok
18:59:51.0917 5556 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:59:51.0977 5556 Wdf01000 - ok
18:59:51.0997 5556 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:59:52.0037 5556 WdiServiceHost - ok
18:59:52.0047 5556 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:59:52.0067 5556 WdiSystemHost - ok
18:59:52.0097 5556 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:59:52.0147 5556 WebClient - ok
18:59:52.0167 5556 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:59:52.0277 5556 Wecsvc - ok
18:59:52.0297 5556 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:59:52.0357 5556 wercplsupport - ok
18:59:52.0387 5556 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:59:52.0477 5556 WerSvc - ok
18:59:52.0507 5556 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:59:52.0557 5556 WfpLwf - ok
18:59:52.0597 5556 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
18:59:52.0617 5556 WimFltr - ok
18:59:52.0647 5556 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:59:52.0667 5556 WIMMount - ok
18:59:52.0677 5556 WinDefend - ok
18:59:52.0687 5556 WinHttpAutoProxySvc - ok
18:59:52.0737 5556 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:59:52.0787 5556 Winmgmt - ok
18:59:52.0857 5556 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:59:53.0007 5556 WinRM - ok
18:59:53.0047 5556 [ FE88B288356E7B47B74B13372ADD906D ] WINUSB C:\Windows\system32\DRIVERS\WinUSB.SYS
18:59:53.0097 5556 WINUSB - ok
18:59:53.0147 5556 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:59:53.0237 5556 Wlansvc - ok
18:59:53.0367 5556 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:59:53.0497 5556 wlidsvc - ok
18:59:53.0537 5556 [ 13B0A570E1AE451C92DA550085D72CF3 ] wltrysvc C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
18:59:53.0557 5556 wltrysvc ( UnsignedFile.Multi.Generic ) - warning
18:59:53.0557 5556 wltrysvc - detected UnsignedFile.Multi.Generic (1)
18:59:53.0587 5556 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:59:53.0617 5556 WmiAcpi - ok
18:59:53.0647 5556 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:59:53.0707 5556 wmiApSrv - ok
18:59:53.0727 5556 WMPNetworkSvc - ok
18:59:53.0737 5556 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:59:53.0777 5556 WPCSvc - ok
18:59:53.0807 5556 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:59:53.0837 5556 WPDBusEnum - ok
18:59:53.0857 5556 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:59:53.0917 5556 ws2ifsl - ok
18:59:53.0947 5556 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
18:59:53.0997 5556 wscsvc - ok
18:59:54.0007 5556 WSearch - ok
18:59:54.0089 5556 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:59:54.0209 5556 wuauserv - ok
18:59:54.0249 5556 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:59:54.0339 5556 WudfPf - ok
18:59:54.0369 5556 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:59:54.0459 5556 WUDFRd - ok
18:59:54.0489 5556 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:59:54.0579 5556 wudfsvc - ok
18:59:54.0609 5556 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:59:54.0669 5556 WwanSvc - ok
18:59:54.0719 5556 ================ Scan global ===============================
18:59:54.0749 5556 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:59:54.0779 5556 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:59:54.0809 5556 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:59:54.0839 5556 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:59:54.0869 5556 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:59:54.0889 5556 [Global] - ok
18:59:54.0889 5556 ================ Scan MBR ==================================
18:59:54.0909 5556 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:59:55.0400 5556 \Device\Harddisk0\DR0 - ok
18:59:55.0420 5556 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR6
18:59:58.0300 5556 \Device\Harddisk1\DR6 - ok
18:59:58.0310 5556 ================ Scan VBR ==================================
18:59:58.0310 5556 [ 99187E142120C4F5E4110DA2CC8792AA ] \Device\Harddisk0\DR0\Partition1
18:59:58.0320 5556 \Device\Harddisk0\DR0\Partition1 - ok
18:59:58.0340 5556 [ BFA55B382B5101EA9405387DCD7CD00E ] \Device\Harddisk0\DR0\Partition2
18:59:58.0340 5556 \Device\Harddisk0\DR0\Partition2 - ok
18:59:58.0360 5556 [ 78FA9E5364539C4866B755C19B19FC32 ] \Device\Harddisk0\DR0\Partition3
18:59:58.0370 5556 \Device\Harddisk0\DR0\Partition3 - ok
18:59:58.0400 5556 [ 4E389FC7B86B56DD2AFBB04C31449C75 ] \Device\Harddisk0\DR0\Partition4
18:59:58.0400 5556 \Device\Harddisk0\DR0\Partition4 - ok
18:59:58.0410 5556 [ 49353CB5A36E986D5CB8AF35CDED1BA6 ] \Device\Harddisk1\DR6\Partition1
18:59:58.0410 5556 \Device\Harddisk1\DR6\Partition1 - ok
18:59:58.0410 5556 ============================================================
18:59:58.0410 5556 Scan finished
18:59:58.0410 5556 ============================================================
18:59:58.0430 7048 Detected object count: 7
18:59:58.0430 7048 Actual detected object count: 7
19:00:09.0181 7048 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user
19:00:09.0181 7048 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:00:09.0181 7048 hwdatacard ( UnsignedFile.Multi.Generic ) - skipped by user
19:00:09.0181 7048 hwdatacard ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:00:09.0181 7048 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
19:00:09.0181 7048 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:00:09.0191 7048 seehcri ( UnsignedFile.Multi.Generic ) - skipped by user
19:00:09.0191 7048 seehcri ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:00:09.0191 7048 vflt ( UnsignedFile.Multi.Generic ) - skipped by user
19:00:09.0191 7048 vflt ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:00:09.0201 7048 vnet ( UnsignedFile.Multi.Generic ) - skipped by user
19:00:09.0201 7048 vnet ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:00:09.0201 7048 wltrysvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:00:09.0201 7048 wltrysvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
12.06.2013, 18:24
| #7 |
| /// Malware-holic | Mehrere Funde durch Malwarebytes Hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.06.2013, 21:45
| #8 |
| | Mehrere Funde durch Malwarebytes hier das Ergebnis: Code:
ATTFilter ComboFix 13-06-08.02 - Tankeu Tokoto 12.06.2013 22:24:21.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4091.1575 [GMT 2:00]
ausgeführt von:: c:\users\Tankeu Tokoto\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-12 bis 2013-06-12 ))))))))))))))))))))))))))))))
.
.
2013-06-12 20:39 . 2013-06-12 20:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-12 10:50 . 2013-06-12 10:50 -------- d-----w- c:\program files (x86)\7-Zip
2013-06-12 07:05 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-12 01:41 . 2013-06-12 01:41 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4FC0D660-02A5-4332-A74A-5A0C98BF01B5}\offreg.dll
2013-06-11 06:21 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4FC0D660-02A5-4332-A74A-5A0C98BF01B5}\mpengine.dll
2013-06-08 20:27 . 2013-06-08 20:27 545200 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-06-08 20:27 . 2013-06-08 20:27 526768 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-08 20:27 . 2013-06-08 20:27 196528 ----a-w- c:\windows\system32\javaws.exe
2013-06-08 20:27 . 2013-06-08 20:27 172976 ----a-w- c:\windows\system32\javaw.exe
2013-06-08 20:27 . 2013-06-08 20:27 172976 ----a-w- c:\windows\system32\java.exe
2013-06-08 20:27 . 2013-06-08 20:27 -------- d-----w- c:\program files\Java
2013-05-18 10:46 . 2013-05-18 10:46 -------- d-----w- C:\Intel
2013-05-17 14:09 . 2013-05-06 13:39 9060352 ----a-w- c:\windows\system32\mshtml.dll
2013-05-17 14:09 . 2013-02-28 12:03 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-17 14:09 . 2013-02-28 11:38 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-05-17 14:09 . 2013-04-10 05:46 12294656 ----a-w- c:\windows\system32\ieframe.dll
2013-05-17 14:09 . 2013-04-10 05:46 2458112 ----a-w- c:\windows\system32\iertutil.dll
2013-05-17 10:47 . 2013-05-17 11:40 -------- d-----w- c:\users\Tankeu Tokoto\AppData\Roaming\PerformerSoft
2013-05-17 10:47 . 2013-05-17 10:47 -------- d-----w- c:\programdata\IBUpdaterService
2013-05-17 10:47 . 2012-12-19 13:53 19632 ----a-w- c:\windows\system32\roboot64.exe
2013-05-15 14:19 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 14:19 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 14:19 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-15 14:19 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-15 14:19 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-15 14:19 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-15 14:19 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-15 14:19 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-15 14:19 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-15 14:19 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-08 20:21 . 2013-01-16 12:17 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-08 20:21 . 2013-01-16 12:17 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-17 12:28 . 2011-03-28 17:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-16 01:18 . 2010-01-02 17:26 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-09 08:59 . 2013-03-19 20:07 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2013-03-19 20:07 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-05-09 08:59 . 2012-04-25 07:42 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59 . 2011-05-24 08:51 378432 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-05-09 08:59 . 2011-05-24 08:51 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2011-05-24 08:51 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-09 08:59 . 2011-05-24 08:51 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:59 . 2011-05-24 08:51 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58 . 2011-05-24 08:50 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2011-05-24 08:51 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-02 00:06 . 2010-08-26 10:36 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-12 14:45 . 2013-04-23 19:02 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-08 08:46 . 2012-06-25 08:58 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-04-08 08:46 . 2010-04-20 16:13 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-04 03:35 . 2013-04-28 16:05 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-02 14:09 . 2013-04-02 14:09 4550656 ----a-w- c:\windows\SysWow64\GPhotos.scr
2013-03-29 16:05 . 2013-03-29 16:05 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-29 16:05 . 2013-03-29 16:05 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-29 16:05 . 2013-03-29 16:05 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-03-29 16:05 . 2013-03-29 16:05 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-03-29 16:05 . 2013-03-29 16:05 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-29 16:05 . 2013-03-29 16:05 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-29 16:05 . 2013-03-29 16:05 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-29 16:05 . 2013-03-29 16:05 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-29 16:05 . 2013-03-29 16:05 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-03-29 16:05 . 2013-03-29 16:05 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-03-29 16:05 . 2013-03-29 16:05 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-03-29 16:05 . 2013-03-29 16:05 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-29 16:05 . 2013-03-29 16:05 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-29 16:05 . 2013-03-29 16:05 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-03-29 16:05 . 2013-03-29 16:05 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-03-29 16:05 . 2013-03-29 16:05 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-03-29 16:05 . 2013-03-29 16:05 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-29 16:05 . 2013-03-29 16:05 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-29 16:05 . 2013-03-29 16:05 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-03-29 16:05 . 2013-03-29 16:05 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-03-29 16:05 . 2013-03-29 16:05 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-29 16:05 . 2013-03-29 16:05 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-29 16:05 . 2013-03-29 16:05 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-29 16:05 . 2013-03-29 16:05 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-29 16:05 . 2013-03-29 16:05 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-03-29 16:05 . 2013-03-29 16:05 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-03-29 16:05 . 2013-03-29 16:05 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-03-29 16:05 . 2013-03-29 16:05 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-03-29 16:05 . 2013-03-29 16:05 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-03-29 16:05 . 2013-03-29 16:05 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-03-29 16:05 . 2013-03-29 16:05 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-03-29 16:05 . 2013-03-29 16:05 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-03-29 16:05 . 2013-03-29 16:05 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-03-29 16:05 . 2013-03-29 16:05 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-03-29 16:05 . 2013-03-29 16:05 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-03-29 16:05 . 2013-03-29 16:05 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-03-29 16:05 . 2013-03-29 16:05 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-03-29 16:05 . 2013-03-29 16:05 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-03-29 16:05 . 2013-03-29 16:05 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-03-29 16:05 . 2013-03-29 16:05 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-03-29 16:05 . 2013-03-29 16:05 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-03-29 16:05 . 2013-03-29 16:05 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-03-29 16:05 . 2013-03-29 16:05 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-03-29 16:05 . 2013-03-29 16:05 1504768 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-03-29 16:05 . 2013-03-29 16:05 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-03-29 16:05 . 2013-03-29 16:05 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-03-29 16:05 . 2013-03-29 16:05 1238528 ----a-w- c:\windows\system32\d3d10.dll
2013-03-29 16:05 . 2013-03-29 16:05 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-03-29 16:05 . 2013-03-29 16:05 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-03-29 16:05 . 2013-03-29 16:05 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-03-29 16:05 . 2013-03-29 16:05 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2013-03-29 16:05 . 2013-03-29 16:05 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-03-29 16:05 . 2013-03-29 16:05 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-03-19 06:04 . 2013-04-10 00:09 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 00:08 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 00:08 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 00:09 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 00:08 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 00:08 112640 ----a-w- c:\windows\system32\smss.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-12-06 14:35 1308504 ----a-r- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-12-06 1308504]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\11\ISUSPM.exe" [2008-09-26 210208]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-26 98304]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-01-30 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-07 559616]
" Malwarebytes Anti-Malware "="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys;c:\windows\SYSNATIVE\DRIVERS\vfilter.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\Gameforge4D\CABAL Online\GameGuard\dump_wmimmc.sys;c:\program files (x86)\Gameforge4D\CABAL Online\GameGuard\dump_wmimmc.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 ncplelhp;NCP Secure Client NDIS6 Driver;c:\windows\system32\DRIVERS\ncplelhp.sys;c:\windows\SYSNATIVE\DRIVERS\ncplelhp.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys;c:\windows\SYSNATIVE\DRIVERS\s0016bus.sys [x]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s0016mdfl.sys [x]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s0016mdm.sys [x]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s0016mgmt.sys [x]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s0016nd5.sys [x]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys;c:\windows\SYSNATIVE\DRIVERS\s0016obex.sys [x]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys;c:\windows\SYSNATIVE\DRIVERS\s0016unic.sys [x]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys;c:\windows\SYSNATIVE\DRIVERS\seehcri.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys;c:\windows\SYSNATIVE\DRIVERS\virtualnet.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswKbd;aswKbd; [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 Flexlm Service 1;Flexlm Service 1;c:\simulia\License\lmgrd.exe;c:\simulia\License\lmgrd.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys;c:\windows\SYSNATIVE\DRIVERS\Acceler.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys;c:\windows\SYSNATIVE\DRIVERS\o2mdgx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 44334622
*Deregistered* - 44334622
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-06 23:29 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-24 19:13]
.
2013-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-24 19:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2006-09-20 20480]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.holasearch.com/?affID=121962&tt=gc_&babsrc=HP_ss&mntrId=B2C60CEEE6946449
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 193.189.244.202 193.189.244.194
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
FF - ProfilePath - c:\users\Tankeu Tokoto\AppData\Roaming\Mozilla\Firefox\Profiles\euqplq9m.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=2&CUI=SB_CUI&q=
FF - ExtSQL: 2013-04-17 15:50; hdvc@hdvc.com; c:\users\Tankeu Tokoto\AppData\Roaming\Mozilla\Firefox\Profiles\euqplq9m.default\extensions\hdvc@hdvc.com.xpi
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-connections - 96
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 24
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=b2c650db0000000000000ceee6946449&q=
FF - user.js: extensions.BabylonToolbar.id - b2c650db0000000000000ceee6946449
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15666
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.4.9
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.4.9
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.4.911:51
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - irhnew
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar_i.excTlbr - false
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110193&tt=201112_1849_4712_1
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar.rvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.holasearch.tlbrSrchUrl -
FF - user.js: extensions.holasearch.id - b2c650db0000000000000ceee6946449
FF - user.js: extensions.holasearch.appId - {8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B}
FF - user.js: extensions.holasearch.instlDay - 15842
FF - user.js: extensions.holasearch.vrsn - 1.8.16.16
FF - user.js: extensions.holasearch.vrsni - 1.8.16.16
FF - user.js: extensions.holasearch.vrsnTs - 1.8.16.1613:38
FF - user.js: extensions.holasearch.prtnrId - holasearch
FF - user.js: extensions.holasearch.prdct - holasearch
FF - user.js: extensions.holasearch.aflt - babsst
FF - user.js: extensions.holasearch.smplGrp - none
FF - user.js: extensions.holasearch.tlbrId - base
FF - user.js: extensions.holasearch.instlRef - sst
FF - user.js: extensions.holasearch.dfltLng - en
FF - user.js: extensions.holasearch.excTlbr - false
FF - user.js: extensions.holasearch.ffxUnstlRst - false
FF - user.js: extensions.holasearch.admin - false
FF - user.js: extensions.holasearch.autoRvrt - false
FF - user.js: extensions.holasearch.rvrt - false
FF - user.js: extensions.holasearch.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-12 22:43:08
ComboFix-quarantined-files.txt 2013-06-12 20:43
.
Vor Suchlauf: 15 Verzeichnis(se), 90.358.685.696 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 91.210.289.152 Bytes frei
.
- - End Of File - - BDE564ACB2641DF4E6963EBE5B300318
D41D8CD98F00B204E9800998ECF8427E
|
|
12.06.2013, 21:47
| #9 |
| /// Malware-holic | Mehrere Funde durch Malwarebytes Hi, lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.06.2013, 22:28
| #10 |
| | Mehrere Funde durch Malwarebytes hi, hier die Liste Code:
ATTFilter 7-Zip 9.20 12.06.2013 notwendig Abaqus 6.10-1 Dassault Systemes Simulia Corp. 01.10.2011 6.9.0.0 notwendig Abaqus FLEXnet License Server Dassault Systemes Simulia Corp. 01.10.2011 6.9.0.0 notwendig Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 08.06.2013 6,00MB 11.7.700.202 notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 08.06.2013 6,00MB 11.7.700.202 notwendig Adobe Reader XI (11.0.03) - Deutsch Adobe Systems Incorporated 19.05.2013 134MB 11.0.03 notwendig Apple Application Support Apple Inc. 01.07.2012 61,0MB 2.1.9 unnötig Apple Mobile Device Support Apple Inc. 01.07.2012 24,9MB 5.2.0.6 unnötig Apple Software Update Apple Inc. 05.11.2011 2,38MB 2.1.3.127 unnötig ATI Catalyst Control Center 10.12.2009 2.009.0625.1811 notwendig avast! Free Antivirus AVAST Software 29.05.2013 8.0.1489.0 notwendig Canon IJ Network Scan Utility 10.01.2010 notwendig Canon Inkjet Printer Driver Add-On Module 19.05.2010 notwendig Canon MP Navigator EX 1.0 10.01.2010 notwendig Canon MX700 series 10.01.2010 notwendig Canon My Printer 10.01.2010 notwendig Canon Utilities Easy-PhotoPrint EX 10.01.2010 notwendig Canon Utilities Solution Menu 10.01.2010 notwendig CCleaner Piriform 24.05.2013 4.02 notwendig Cisco EAP-FAST Module Cisco Systems, Inc. 10.12.2009 1,55MB 2.2.14 unnötig Cisco LEAP Module Cisco Systems, Inc. 10.12.2009 644KB 1.0.19 unnötig Cisco PEAP Module Cisco Systems, Inc. 10.12.2009 1,23MB 1.1.6 unnötig Compatibility Pack für 2007 Office System Microsoft Corporation 09.01.2013 367MB 12.0.6612.1000 unnötig Dell DataSafe Local Backup Dell 10.12.2009 9.4.60 unnötig Dell DataSafe Local Backup - Support Software Dell 10.12.2009 9.4.60 unnötig Dell DataSafe Online Dell, Inc. 30.04.2010 8,33MB 1.2.0011 unnötig Dell Dock Dell 10.12.2009 2.0.0 unnötig Dell Getting Started Guide Dell Inc. 10.12.2009 1.00.0000 unnötig Dell Support Center (Support Software) Dell 10.12.2009 2.5.09100 unnötig Dell Webcam Central Creative Technology Ltd 10.12.2009 1.40.05 unnötig Dell Wireless WLAN Card Utility Dell Inc. 10.12.2009 5.30.21.0 unnötig DHTML Editing Component Microsoft Corporation 27.10.2010 554KB 6.02.0001 unnötig DivX Plus DirectShow Filters DivX, Inc. 26.08.2010 unnötig DivX-Setup DivX, LLC 17.03.2013 2.6.1.24 unnötig FileCards privat 12.12.2010 972KB 1.0.0 unbekannt Flatcast Viewer Plugin 5.2.2.454 1 mal 1 Software GmbH 11.12.2011 unbekannt GIMP 2.6.12 The GIMP Team 14.03.2012 114MB 2.6.12 notwendig Google Chrome Google Inc. 24.04.2013 27.0.1453.110 unnötig iCloud Apple Inc. 28.05.2012 33,2MB 1.1.0.40 unnötig Intel® Matrix Storage Manager Intel Corporation 10.12.2009 notwendig iTunes Apple Inc. 01.07.2012 182MB 10.6.3.25 unnötig Java 7 Update 21 Oracle 08.04.2013 129MB 7.0.210 notwendig Java(TM) 6 Update 33 Oracle 25.06.2012 95,6MB 6.0.330 notwendig Java(TM) 6 Update 45 (64-bit) Oracle 08.06.2013 92,3MB 6.0.450 notwendig Live! Cam Avatar Creator Creative Technology Ltd 10.12.2009 4.6.3009.1 unnötig Malwarebytes Anti-Malware Version 1.75.0.1300 Malwarebytes Corporation 12.06.2013 19,2MB 1.75.0.1300 notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 31.01.2012 38,8MB 4.0.30319 notwendig Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 12.03.2012 2,93MB 4.0.30319 notwendig Microsoft .NET Framework 4 Extended Microsoft Corporation 31.01.2012 51,9MB 4.0.30319 notwendig Microsoft HPC MPI Redistributable Pack Microsoft Corporation 01.10.2011 7,24MB 2.1.1765.0 notwendig Microsoft Office Enterprise 2007 Microsoft Corporation 31.01.2012 12.0.6612.1000 notwendig Microsoft Office File Validation Add-In Microsoft Corporation 14.09.2011 7,95MB 14.0.5130.5003 notwendig Microsoft Office Live Add-in 1.5 Microsoft Corporation 18.04.2012 508KB 2.0.4024.1 notwendig Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 09.01.2013 105MB 12.0.6612.1000 notwendig Microsoft Silverlight Microsoft Corporation 13.03.2013 149MB 5.1.20125.0 notwendig Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 10.12.2009 1,72MB 3.1.0000 notwendig Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Corporation 09.01.2010 260KB 8.0.50727.4053 notwendig Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 09.01.2010 252KB 8.0.50727.4053 notwendig Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 16.06.2011 300KB 8.0.58299 notwendig Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 10.12.2009 708KB 8.0.61000 notwendig Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Corporation 01.05.2011 580KB 8.0.51011 Microsoft Visual C++ 2005 Redistributable - KB2467175 Microsoft Corporation 07.10.2011 2,64MB 8.0.51011 Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Corporation 09.01.2010 212KB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Corporation 01.05.2011 790KB 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 26.05.2011 598KB 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Corporation 12.10.2010 1,70MB 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 10.12.2009 788KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 01.10.2011 238KB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 16.06.2011 788KB 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 21.09.2011 244KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 24.05.2011 590KB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 16.06.2011 600KB 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Corporation 28.11.2011 11,0MB 10.0.30319 Microsoft Works Microsoft Corporation 09.10.2012 0,97GB 9.7.0621 unnötig Mozilla Firefox 21.0 (x86 de) Mozilla 28.05.2013 47,6MB 21.0 notwendig MSXML 4.0 SP2 (KB954430) Microsoft Corporation 11.01.2010 1,27MB 4.20.9870.0 unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 13.01.2010 1,33MB 4.20.9876.0 unbekannt MySQL Connector/ODBC 5.1 MySQL AB 07.01.2011 7,09MB 5.1.5 unbekannt Nonoh Finarea S.A. Switzerland 03.01.2010 10,6MB 4.04 build 554 notwendig PC Connectivity Solution Nokia 05.11.2011 20,8MB 11.5.13.0 unnötig PDF Architect pdfforge 19.02.2013 91,1MB 1.0.52.8917 notwendig Picasa 3 Google, Inc. 18.04.2013 3.9 notwendig Power Tab Editor 1.7 11.10.2011 unbekannt PowerDVD DX CyberLink Corp. 10.12.2009 8.3.5424 unnötig Presto! PageManager 7.15.16 NewSoft Technology Corporation 10.01.2010 7.15.16 unnötig Quickset64 Dell Inc. 10.12.2009 9.6.6 unnötig Roxio Burn Roxio 10.12.2009 35,1MB 1.0 notwendig Safari Apple Inc. 01.07.2012 104MB 5.34.57.2 unnotig ScanSoft OmniPage SE 4 Nuance Communications, Inc. 10.01.2010 167MB 15.2.0020 unnöitig SweetIM Bundle by SweetPacks SweetPacks LTD 16.01.2013 1.0.0.0 unbekannt Synaptics Pointing Device Driver Synaptics Incorporated 10.12.2009 13.2.2.2 unbekannt TuneUp Utilities 2013 TuneUp Software 19.02.2013 13.0.3020.2 unnötig VirtualCloneDrive Elaborate Bytes 31.01.2012 unnötig VLC media player 2.0.2 VideoLAN 21.07.2012 2.0.2 notwendig WildTangent Games App (Dell Games) WildTangent 18.06.2011 4.0.5.14 unnötig WildTangent-Spiele WildTangent 10.12.2009 1.0.0.71 unnötig Windows Live Essentials Microsoft Corporation 26.06.2012 15.4.3555.0308 unnötig Windows Live Sync Microsoft Corporation 11.12.2010 2,79MB 14.0.8117.416 unnötig Windows Media Player Firefox Plugin Microsoft Corp 28.04.2010 296KB 1.0.0.8 unnötig Windows Mobile-Gerätecenter Microsoft Corporation 17.10.2011 27,4MB 6.1.6965.0 unnötig Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) Nokia 05.11.2011 08/22/2008 7.0.0.0 unnötig WinRAR 12.07.2010 notwendig WinRAR 12.07.2010 notwendig World of Warcraft Blizzard Entertainment 18.12.2012 4.0.0.12911 notwendig |
|
13.06.2013, 11:34
| #11 |
| /// Malware-holic | Mehrere Funde durch Malwarebytes b deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Cisco : alle Dell : alle, außer du nutzt wlan das nicht DivX: beide iCloud iTunes Java(TM) : alle Live PC Connectivity PowerDVD Presto Quickset64 Safari ScanSoft SweetIM TuneUp VirtualCloneDrive WildTangent : beide Windows Live : beide Öffne CCleaner, analysieren, starten, PC neustarten. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.06.2013, 11:46
| #12 |
| | Mehrere Funde durch Malwarebytes Hallo markus, da ich mit meinem anderen laptop nach dem deinstallieren der programme und dem adwcleaner totale probleme jetzt habe, würde ich gerne mit dem weiteren procedere an dem laptop gerne erstmal stoppen, da ich Angst habe, dass hier das gleiche passiert und ich brauche wenigstens einen funktionierenden laptop um arbeiten zu können (stecke gerade mitten in meiner abschlussarbeit!). Deswegen hier erstmal stop und ich warte dann solange bis der andere laptop auf vordermann gebracht ist, bis ich an dem hier weitermache  Ich hoffe, das ist okay! |
|
13.06.2013, 11:50
| #13 |
| /// Malware-holic | Mehrere Funde durch Malwarebytes verstehe ich nicht, wir arbeiten doch nur an einem gerät, warum solltest du mit dem prozedere stoppen damit es an dem anderen gerät keine Probleme gibt? welche Probleme gibts überhaupt
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.06.2013, 11:53
| #14 |
| | Mehrere Funde durch Malwarebytes okay, das ist der andere thread, den du auch bearbeitest, ich hab 2 laptops, der eine ist dieser und der andere, den bearbeitest du unter dem titel: zuerst keine webseite mehr geladen, dann probleme mit Avast..... Der macht seit heute früh nur noch Probleme. Aber das kannst du in dem anderen Thread lesen, bevor es zu totaler Verwirrung führt |
|
| Themen zu Mehrere Funde durch Malwarebytes |
| action, anti-malware, appdata, chrome, code, default, erhalte, erhalten, explorer, folge, folgendes, funde, google, laptop, local, log, malwarebyte, malwarebytes, malwarebytes anti-malware, minute, service, service pack 1, software, storage, users |
WARNUNG an die MITLESER: 
Linear-Darstellung
