|
Log-Analyse und Auswertung: TR/Kazy.795 - Downloads sind nicht mehr möglichWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
12.06.2013, 18:12 | #1 |
| TR/Kazy.795 - Downloads sind nicht mehr möglich Hallo, zunächst einmal möchte ich Euch sagen, dass ich es klasse finde, dass Ihr mit diesem Forum Hilfestellung bei Virus-Problemen gebt. Ich habe bisher weder viel Foren-Erfahrung, noch hatte ich bisher einen Virus. Ich betrete daher im doppelten Sinn Neuland. Daher hoffe ich, dass ihr mir helfen könnt und bedanke mich schon einmal ganz herzlich im Voraus. Avira hat mir folgenden Fund angezeigt, den ich in Quarantäne verschoben habe: TR/Kazy.795 Am nächsten Tag gab es dann das erste Problem: Downloads waren nicht mehr möglich (weder aus Webmail noch aus dem Browser). Ich habe die Schritte in der Anleitung durchgeführt. Den Scan mit GMER musste ich zweimal durchführen, da beim ersten mal mit dem "blauen" Problembildschirm alles abgebrochen wurde. Ich habe dann Windows wieder neu gestartet. Hätte ich Schritt 1 (defogger) dann erneut durchführen müssen? Hier sind die Logs: OTL: OTL logfile created on: 12.06.2013 14:43:40 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Richard\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,93 Gb Total Physical Memory | 0,59 Gb Available Physical Memory | 30,77% Memory free 3,86 Gb Paging File | 2,09 Gb Available in Paging File | 54,09% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 48,83 Gb Total Space | 2,50 Gb Free Space | 5,13% Space Free | Partition Type: NTFS Drive D: | 184,06 Gb Total Space | 6,84 Gb Free Space | 3,72% Space Free | Partition Type: NTFS Drive Z: | 2,00 Gb Total Space | 0,05 Gb Free Space | 2,46% Space Free | Partition Type: FAT32 Computer Name: RICHARD-PC | User Name: Richard | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.12 14:37:04 | 000,050,477 | ---- | M] () -- C:\Users\Richard\Desktop\Defogger.exe PRC - [2013.06.12 14:05:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Richard\Desktop\OTL.exe PRC - [2013.06.03 18:58:12 | 000,064,008 | ---- | M] (Google) -- C:\Users\Richard\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe PRC - [2013.05.29 07:27:40 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Programme\Google\Chrome\Application\chrome.exe PRC - [2013.05.25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Richard\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013.05.07 10:20:30 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.04.23 09:48:17 | 010,244,448 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version8\TeamViewer.exe PRC - [2013.04.23 09:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2013.04.23 09:40:59 | 000,193,888 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version8\tv_w32.exe PRC - [2013.03.28 12:29:16 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2013.03.28 12:29:06 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2013.03.28 12:29:05 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2013.02.05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe PRC - [2012.11.30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.03 09:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Common Files\Java\Java Update\jucheck.exe PRC - [2012.05.29 17:25:52 | 001,564,880 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe PRC - [2011.10.12 00:13:12 | 003,975,088 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe PRC - [2011.07.31 15:07:18 | 000,189,808 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Programme\Common Files\Lexware\Update Manager\LxUpdateManager.exe PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2011.06.29 16:16:30 | 000,083,248 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Programme\Sybase\SQL Anywhere 9\win32\dbsrv9.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.01.20 13:04:14 | 000,370,688 | -H-- | M] (SanDisk Corporation) -- C:\Programme\SanDisk\SanDisk Media Manager\SanDiskMediaManager-Launcher.EXE PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.09.08 05:16:54 | 000,154,312 | ---- | M] (Zecter Inc.) -- C:\Programme\Zecter\ZumoDrive\zumodrive.exe PRC - [2010.08.21 11:55:32 | 000,391,296 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2010.08.21 11:55:28 | 000,780,504 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe PRC - [2010.08.21 11:54:46 | 005,493,736 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe PRC - [2010.08.20 17:00:22 | 002,570,688 | ---- | M] (Acronis) -- C:\Programme\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe PRC - [2009.09.22 20:42:16 | 002,453,504 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe PRC - [2009.09.05 17:29:06 | 000,385,024 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe PRC - [2009.06.22 15:21:58 | 000,304,592 | ---- | M] () -- C:\Programme\XSManager\WTGService.exe PRC - [2009.06.04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [1999.09.30 21:31:38 | 000,869,376 | ---- | M] (Fred's Software) -- C:\Programme\PrintKey2000\Printkey2000.exe ========== Modules (No Company Name) ========== MOD - [2013.06.12 14:37:04 | 000,050,477 | ---- | M] () -- C:\Users\Richard\Desktop\Defogger.exe MOD - [2013.06.12 14:13:05 | 000,295,424 | ---- | M] () -- C:\Users\Richard\AppData\Local\Temp\WindowsFolderWatcher.dll1354219197849016131.lib MOD - [2013.06.12 14:12:35 | 000,389,632 | ---- | M] () -- C:\Users\Richard\AppData\Local\Temp\WindowsZFSJNI.dll1331569038997267936.lib MOD - [2013.06.12 14:12:33 | 000,379,904 | ---- | M] () -- C:\Users\Richard\AppData\Local\Temp\libsqlitejdbc-555837357366778175.lib MOD - [2013.06.12 14:12:01 | 000,199,168 | ---- | M] () -- C:\Users\Richard\AppData\Local\Temp\WindowsAPI.dll7196461024918885117.lib MOD - [2013.05.29 07:27:38 | 000,393,168 | ---- | M] () -- C:\Programme\Google\Chrome\Application\27.0.1453.110\ppgooglenaclpluginchrome.dll MOD - [2013.05.29 07:27:37 | 013,136,336 | ---- | M] () -- C:\Programme\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll MOD - [2013.05.29 07:27:35 | 004,051,408 | ---- | M] () -- C:\Programme\Google\Chrome\Application\27.0.1453.110\pdf.dll MOD - [2013.05.29 07:26:40 | 000,599,504 | ---- | M] () -- C:\Programme\Google\Chrome\Application\27.0.1453.110\libglesv2.dll MOD - [2013.05.29 07:26:39 | 000,124,368 | ---- | M] () -- C:\Programme\Google\Chrome\Application\27.0.1453.110\libegl.dll MOD - [2013.05.29 07:26:36 | 001,597,392 | ---- | M] () -- C:\Programme\Google\Chrome\Application\27.0.1453.110\ffmpegsumo.dll MOD - [2013.05.15 23:57:14 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\153143f74d840484b510d8cf5187796b\System.Windows.Forms.ni.dll MOD - [2013.05.15 23:56:50 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\233661f3a2b632e9553915c8639637d0\System.Configuration.ni.dll MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Richard\AppData\Roaming\Dropbox\bin\libcef.dll MOD - [2013.01.10 10:13:06 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll MOD - [2013.01.10 10:12:48 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll MOD - [2013.01.10 10:12:35 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll MOD - [2013.01.10 10:12:21 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Richard\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll MOD - [2012.06.18 17:24:30 | 000,260,096 | ---- | M] () -- D:\Notepad++\NppShell_05.dll MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- c:\xampp\FileZillaFTP\FileZillaServer.exe -- (FileZilla Server) SRV - [2013.05.14 21:21:16 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.04.23 09:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2013.03.28 12:29:16 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.28 12:29:05 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.02.26 15:49:50 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService) SRV - [2012.09.20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.06.06 14:30:30 | 000,022,016 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- c:\xampp\apache\bin\httpd.exe -- (Apache2.2) SRV - [2012.03.10 02:23:38 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2011.10.12 00:13:12 | 003,975,088 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2011.06.29 16:16:30 | 000,083,248 | ---- | M] (iAnywhere Solutions, Inc.) [Auto | Running] -- C:\Programme\Sybase\SQL Anywhere 9\win32\dbsrv9.exe -- (Lexware_Professional_Datenbank) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.08.21 11:55:28 | 000,780,504 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.06.22 15:21:58 | 000,304,592 | ---- | M] () [Auto | Running] -- C:\Programme\XSManager\WTGService.exe -- (WTGService) SRV - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) ========== Driver Services (SafeList) ========== DRV - [2013.03.28 12:29:19 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2013.03.28 12:29:19 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2013.03.28 12:29:19 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2013.02.26 17:34:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2012.09.19 10:02:06 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) DRV - [2012.09.19 10:02:06 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) DRV - [2011.10.12 00:13:13 | 000,163,232 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp) DRV - [2011.10.12 00:13:09 | 000,752,128 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpm273.sys -- (tdrpman273) DRV - [2011.10.12 00:13:08 | 000,600,928 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter) DRV - [2011.10.12 00:13:04 | 000,170,464 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.04.16 07:50:36 | 000,147,416 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cbfs.sys -- (CbFs) DRV - [2009.10.28 11:59:06 | 000,035,384 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PcaSp50.sys -- (PcaSp50) DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial) DRV - [2008.10.31 16:19:38 | 000,103,424 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cmnsusbser.sys -- (cmnsusbser) DRV - [2007.07.16 23:29:43 | 000,020,504 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hpfxfax.sys -- (HPFXFAX) DRV - [2007.07.16 23:29:33 | 000,017,432 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hpfxbulk.sys -- (HPFXBULK) DRV - [2001.09.18 13:00:00 | 000,167,816 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\omcamvid.sys -- (OVT511Plus) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=a8aef8dd-62b8-4df3-97c8-6887b4d051d5&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=a8aef8dd-62b8-4df3-97c8-6887b4d051d5&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=a8aef8dd-62b8-4df3-97c8-6887b4d051d5&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=a8aef8dd-62b8-4df3-97c8-6887b4d051d5&affid=111583&searchtype=hp&babsrc=lnkry_nt&installDate=01/01/1970 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 82 2D 3E 42 EC AF CB 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=a8aef8dd-62b8-4df3-97c8-6887b4d051d5&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=a8aef8dd-62b8-4df3-97c8-6887b4d051d5&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970 IE - HKCU\..\SearchScopes,DefaultScope = {54538F69-A7AC-415D-A3EB-25503A003D3C} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=a8aef8dd-62b8-4df3-97c8-6887b4d051d5&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970 IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{54538F69-A7AC-415D-A3EB-25503A003D3C}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7IRFC_de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Web Search" FF - prefs.js..browser.startup.homepage: "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=a8aef8dd-62b8-4df3-97c8-6887b4d051d5&affid=111583&searchtype=hp&babsrc=lnkry&installDate=01/01/1970" FF - prefs.js..extensions.enabledAddons: {a8aef8dd-62b8-4df3-97c8-6887b4d051d5}:1.1 FF - prefs.js..keyword.URL: "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=a8aef8dd-62b8-4df3-97c8-6887b4d051d5&affid=111583&searchtype=ds&babsrc=lnkry&installDate=01/01/1970&q=" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Richard\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Richard\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Richard\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Richard\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Richard\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Richard\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.23 20:47:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.26 15:49:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.24 10:13:54 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Richard\AppData\Roaming\5045 [2011.11.21 20:12:27 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.26 15:49:51 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.24 10:13:54 | 000,000,000 | ---D | M] [2011.05.09 00:12:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Richard\AppData\Roaming\mozilla\Extensions [2013.02.18 21:37:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Richard\AppData\Roaming\mozilla\Firefox\Profiles\xiz03qfu.default\extensions [2013.02.18 21:37:29 | 000,000,000 | ---D | M] ("Linkury Smartbar") -- C:\Users\Richard\AppData\Roaming\mozilla\Firefox\Profiles\xiz03qfu.default\extensions\{a8aef8dd-62b8-4df3-97c8-6887b4d051d5} [2012.03.04 23:01:26 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Richard\AppData\Roaming\mozilla\Firefox\Profiles\xiz03qfu.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.06.09 11:52:22 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\Richard\AppData\Roaming\mozilla\Firefox\Profiles\xiz03qfu.default\extensions\toolbar@ask.com [2013.02.18 09:11:55 | 000,002,499 | ---- | M] () -- C:\Users\Richard\AppData\Roaming\mozilla\firefox\profiles\xiz03qfu.default\searchplugins\Web Search.xml [2012.10.23 14:01:25 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.03.09 16:25:14 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.02.26 15:49:50 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013.02.26 15:49:47 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.26 15:49:47 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.02.26 15:49:47 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.02.26 15:49:47 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.02.26 15:49:47 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.26 15:49:47 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{go ogle:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParam eter}, CHR - homepage: hxxp://www.googlemail.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\pdf.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll CHR - plugin: GoogleChromeRemotePlugin (Enabled) = C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\GoogleChromeRemotePlugin.dll CHR - plugin: registryAccess (Enabled) = C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj\7.15.2.0_0\background/registryAccess.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Richard\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - Extension: Linkury Smartbar = C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\ CHR - Extension: Google Drive = C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Google Mail = C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2011.03.19 00:55:52 | 000,000,854 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [HP Color LaserJet CM1312 MFP Series Fax] C:\Program Files\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [SAOB Monitor] C:\Programme\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe File not found O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [Browser Infrastructure Helper] C:\Users\Richard\AppData\Local\Smartbar\Application\Linkury.exe startup File not found O4 - HKCU..\Run: [Facebook Update] C:\Users\Richard\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [ZumoDrive] C:\Program Files\Zecter\ZumoDrive\ZumoLauncher.lnk () O4 - Startup: C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Richard\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zahlungserinnerung.lnk = C:\Profi cash\wzed.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Users\Richard\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_Win32.cab (20-20 3D Viewer) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.11.2) O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab (IGDTester Class) O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} hxxp://ellister.dyndns.org/plugin/h263ctrl.cab (VaPgCtrl Class) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.11.2) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C91DC459-BFCD-42FA-A9AE-13791738C14A}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E14349E5-A973-4107-B5C1-E016224D30F8}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009.07.31 22:44:36 | 000,000,000 | ---D | M] - Z:\Documents -- [ FAT32 ] O32 - AutoRun File - [2011.05.01 15:28:41 | 000,000,000 | ---D | M] - Z:\Linked Folders -- [ FAT32 ] O32 - AutoRun File - [2013.06.12 14:35:14 | 000,000,000 | ---D | M] - Z:\Patenmappe-Shared -- [ FAT32 ] O33 - MountPoints2\{88d7ebda-aee3-11e0-a207-001f1696d7c9}\Shell - "" = AutoRun O33 - MountPoints2\{88d7ebda-aee3-11e0-a207-001f1696d7c9}\Shell\AutoRun\command - "" = F:\autorun.exe O33 - MountPoints2\{8accffea-9a4e-11e0-8f7a-001f1696d7c9}\Shell - "" = AutoRun O33 - MountPoints2\{8accffea-9a4e-11e0-8f7a-001f1696d7c9}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{97528204-635a-11e0-9ef0-001f1696d7c9}\Shell - "" = AutoRun O33 - MountPoints2\{97528204-635a-11e0-9ef0-001f1696d7c9}\Shell\AutoRun\command - "" = F:\MyDiSa.exe O33 - MountPoints2\{ae544812-62c3-11df-a208-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{ae544812-62c3-11df-a208-806e6f6e6963}\Shell\AutoRun\command - "" = E:\o2Start.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.12 14:40:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Richard\Desktop\OTL.exe [2013.06.12 13:40:55 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Malwarebytes [2013.06.12 13:40:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.06.12 13:40:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.06.12 13:40:34 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.06.12 13:40:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.06.03 15:29:20 | 000,000,000 | ---D | C] -- C:\Windows\rescache [4 C:\Users\Richard\Desktop\*.tmp files -> C:\Users\Richard\Desktop\*.tmp -> ] [2 C:\Users\Richard\AppData\Roaming\*.tmp files -> C:\Users\Richard\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.12 14:42:11 | 000,000,000 | ---- | M] () -- C:\Users\Richard\defogger_reenable [2013.06.12 14:37:04 | 000,050,477 | ---- | M] () -- C:\Users\Richard\Desktop\Defogger.exe [2013.06.12 14:28:01 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1772502657-2889558274-1553771813-1000UA.job [2013.06.12 14:27:02 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.12 14:21:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.12 14:18:21 | 000,019,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.12 14:18:21 | 000,019,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.12 14:09:03 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.12 14:08:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.12 14:08:29 | 1554,739,200 | -HS- | M] () -- C:\hiberfil.sys [2013.06.12 14:05:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Richard\Desktop\OTL.exe [2013.06.12 13:57:13 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1772502657-2889558274-1553771813-1000UA.job [2013.06.12 13:40:38 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.12 07:55:57 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1772502657-2889558274-1553771813-1000Core.job [2013.06.11 20:16:19 | 000,196,608 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2013.06.07 12:40:57 | 000,001,061 | ---- | M] () -- C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.06.04 19:57:18 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.06.04 19:57:18 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.06.04 19:57:18 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.06.04 19:57:18 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.29 12:34:53 | 000,073,577 | ---- | M] () -- C:\Users\Richard\Desktop\Mietauto-Erstattung.pdf [2013.05.29 09:57:01 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1772502657-2889558274-1553771813-1000Core.job [2013.05.16 14:09:20 | 003,859,152 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.05.14 20:30:51 | 000,163,586 | ---- | M] () -- C:\Users\Richard\Desktop\easyJet-online check-in.pdf [4 C:\Users\Richard\Desktop\*.tmp files -> C:\Users\Richard\Desktop\*.tmp -> ] [2 C:\Users\Richard\AppData\Roaming\*.tmp files -> C:\Users\Richard\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.12 14:42:11 | 000,000,000 | ---- | C] () -- C:\Users\Richard\defogger_reenable [2013.06.12 14:40:34 | 000,050,477 | ---- | C] () -- C:\Users\Richard\Desktop\Defogger.exe [2013.06.12 13:40:38 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.29 12:34:52 | 000,073,577 | ---- | C] () -- C:\Users\Richard\Desktop\Mietauto-Erstattung.pdf [2013.05.14 20:30:51 | 000,163,586 | ---- | C] () -- C:\Users\Richard\Desktop\easyJet-online check-in.pdf [2013.03.23 22:17:07 | 000,002,282 | ---- | C] () -- C:\Users\Richard\.recently-used.xbel [2013.03.18 20:47:48 | 000,004,096 | -H-- | C] () -- C:\Users\Richard\AppData\Local\keyfile3.drm [2012.10.08 14:42:06 | 000,000,600 | ---- | C] () -- C:\Users\Richard\PUTTY.RND [2012.09.20 23:05:07 | 000,000,141 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2012.01.23 22:26:54 | 000,000,000 | ---- | C] () -- C:\Users\Richard\AppData\Local\{4BF84341-4223-423A-A747-A5FA0358E1DC} [2011.12.15 00:29:17 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI [2011.12.12 18:27:26 | 000,481,611 | ---- | C] () -- C:\Users\Richard\111209_Sommer_Sauer_Barts.pdf [2011.11.06 19:51:37 | 000,000,072 | ---- | C] () -- C:\Users\Richard\AppData\Roaming\blckdom.res [2011.09.27 12:17:26 | 000,198,144 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll [2011.09.27 12:16:20 | 000,304,128 | ---- | C] () -- C:\Windows\System32\LxDNT100.dll [2011.09.27 12:14:14 | 000,133,120 | ---- | C] () -- C:\Windows\System32\LxDNTvmc100.dll [2011.09.27 12:13:58 | 000,069,120 | ---- | C] () -- C:\Windows\System32\LxDNTvm100.dll [2011.07.05 13:17:19 | 000,000,000 | ---- | C] () -- C:\Users\Richard\AppData\Local\{8009FEA1-5810-4FAD-8035-E5DFD7A8B7C6} [2011.06.27 16:30:33 | 000,000,000 | ---- | C] () -- C:\Users\Richard\AppData\Local\{E7BE5F4C-582D-4D44-8FCD-EB2332EBD25F} [2011.06.13 19:25:39 | 000,000,000 | ---- | C] () -- C:\Users\Richard\AppData\Local\{3A7D1FE4-EAAC-4FB6-8762-9A112DAF50F2} [2010.07.24 23:52:49 | 000,019,367 | ---- | C] () -- C:\Users\Richard\USt-Voranmeldung_2Q2010.elfo [2010.07.20 19:38:40 | 000,020,480 | ---- | C] () -- C:\Users\Richard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.05.28 09:32:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.05.18 23:26:48 | 000,007,625 | ---- | C] () -- C:\Users\Richard\AppData\Local\resmon.resmoncfg ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] "ThreadingModel" = Both "" = C:\$Recycle.Bin\S-1-5-21-1772502657-2889558274-1553771813-1000\$16ff2f68c68998a72779c643dfad8ffe\n. [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.11.06 19:51:44 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\5038 [2011.11.11 15:44:44 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\5039 [2011.11.15 15:33:06 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\5040 [2011.11.17 10:29:28 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\5041 [2011.11.18 02:46:42 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\5042 [2011.11.19 15:10:19 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\5043 [2011.11.21 20:12:27 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\5045 [2011.06.19 00:14:10 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Acronis [2010.06.12 22:56:04 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\AI Internet Solutions [2011.03.10 02:24:45 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\blaxxun interactive [2010.06.01 20:21:42 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.10.12 00:03:57 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\D4AB7C83-E910-4F4A-BA83-63048517CC6F [2013.06.12 14:39:06 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Dropbox [2012.03.04 23:01:49 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\DVDVideoSoft [2012.03.04 23:01:25 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\DVDVideoSoftIEHelpers [2012.04.19 22:55:40 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\elsterformular [2013.03.23 22:17:07 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\gtk-2.0 [2010.06.13 22:54:20 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\IrfanView [2011.11.06 19:51:30 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\kock [2012.02.26 04:41:49 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Lexware [2013.04.11 12:40:02 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\NetxpVerein [2012.08.22 18:16:36 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Notepad++ [2012.07.21 18:19:06 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\OpenCandy [2011.05.20 16:21:35 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2013.04.11 13:17:50 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Subsembly [2013.01.05 14:03:48 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\TeamViewer [2011.11.08 00:37:50 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\UAs [2010.12.30 14:20:56 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Wieldy [2011.11.08 23:17:20 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\xmldm [2011.07.16 23:05:00 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\XSManager [2013.06.12 14:13:04 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\ZumoDrive ========== Purity Check ========== < End of report > Extras: OTL Extras logfile created on: 12.06.2013 14:43:40 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Richard\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,93 Gb Total Physical Memory | 0,59 Gb Available Physical Memory | 30,77% Memory free 3,86 Gb Paging File | 2,09 Gb Available in Paging File | 54,09% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 48,83 Gb Total Space | 2,50 Gb Free Space | 5,13% Space Free | Partition Type: NTFS Drive D: | 184,06 Gb Total Space | 6,84 Gb Free Space | 3,72% Space Free | Partition Type: NTFS Drive Z: | 2,00 Gb Total Space | 0,05 Gb Free Space | 2,46% Space Free | Partition Type: FAT32 Computer Name: RICHARD-PC | User Name: Richard | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 ========== Firewall Settings ========== ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002C9FA8-ED6A-4B44-883A-29A5EEE3A7F6}" = Lexware financial office pro 2012 "{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule "{02A388E1-5998-453A-ADF1-823BFB0EAAAE}" = bpd_scan "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011 "{0626C86E-5A8F-4A6D-8C0A-5FF38BD2DA3A}" = hppFaxUtilityCM1312 "{07B85EEC-05BD-4E6A-AAEB-502FB2473DFA}" = hppCLJCM1312 "{0868BB9D-5EA0-40AF-A1CC-A38ED4E5BC67}" = 32 Bit HP CIO Components Installer "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{13702021-43FB-480C-912F-D9B74A538288}" = OpenProj "{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 11 "{2753B568-6F85-4E31-A114-A7F8D8606DDD}" = NETGEAR Powerline Utility "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program "{2D7F5A88-C877-4713-8B3A-6ACBF06B62BE}" = BPDSoftware_Ini "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{325D1D94-4F34-46A7-A489-737C801B931D}" = hppusgCM1312 "{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{484A13AB-A4C1-41FD-87E0-EBE2DA01250E}" = hppSendFaxCM1312 "{49BE00D7-9144-43ED-B18D-D75D1336ACF8}" = 7400_Help "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4C657898-7214-4851-B363-9F75ADE9E3C0}" = ProjectLibre "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3 "{51268A7D-4E1A-371A-9849-496D48930952}" = Google Talk Plugin "{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery "{53BC789D-073D-47B6-AA9F-DE05990AF07A}" = Adobe Creative Suite 5 Production Premium "{583EDB12-4CEA-48B5-A7BA-88069DD47BA2}" = hppQFolderCM1312 "{591B2FA3-E8BC-4163-B1E8-0723DFB67E1D}" = SanDisk ® Media Manager "{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{6FE4A01A-CAB2-42AB-ABD3-C5D9530AF9A0}" = Lexware financial office Juli 2005 "{7985C7FA-B151-4BA7-B19E-1577A7B527F1}" = hppFaxDrvCM1312 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{88C6F99C-DEFC-4CA3-8A83-0BF9FD13E377}" = HP OfficeJet L7400 Series "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8EEDB90E-6ABC-42bb-AD4C-39DEE05E3EEA}" = HP Color LaserJet CM1312 MFP Series 5.1 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{95EFD16D-3A38-4E7A-901A-24A92399547C}" = Lexware Elster "{96439822-CC3B-48E3-B196-B719892D295D}" = Lexware financial office Juli 2005a "{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v4.2 "{995F2783-8311-49BF-833E-DB659774B4F6}" = hppFonts "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A34386F8-7655-4E3B-9F51-D3064F607C89}" = blaxxun Contact "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{B01AAC47-D5D7-4A9A-AFC0-1C2C23AE8991}" = Linkury Smartbar "{B59ACF5E-0FF7-44D2-B57D-E516F334AC2E}" = hppScanToCM1312 "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch "{D31A8447-7962-42F9-A339-BE79D05C785E}" = BPDSoftware "{D5F1B51C-FDD3-41C3-B1A1-1477F75C7539}" = L7400_Basic "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{E546139F-B099-4a36-BCC2-AC7D68CA9383}" = Lexware financial office pro 2012 "{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung "{ED498DD7-FBC1-4C67-8D9B-C9218FBC818D}" = hppManualsCM1312 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service "{FDC5E0B1-2739-48A1-8027-F76F2E68AC84}" = Lexware professional Datenbank 2012 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Avira AntiVir Desktop" = Avira Free Antivirus "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "CrystalDiskInfo_is1" = CrystalDiskInfo 5.0.0 Shizuku Edition "DAO" = DAO 3.5/3.6 "Der Verein im Netz" = Der Verein im Netz 20120102-1 "DivX Setup" = DivX-Setup "ElsterFormular 13.2.0.8623u" = ElsterFormular "FormatFactory" = FormatFactory 2.90 "Free YouTube Download_is1" = Free YouTube Download version 3.0.22.221 "FreePDF_XP" = FreePDF (Remove only) "Google Chrome" = Google Chrome "GPL Ghostscript 8.71" = GPL Ghostscript 8.71 "HDMI" = Intel(R) Graphics Media Accelerator Driver "HP Imaging Device Functions" = HP Imaging Device Functions 10.0 "HPExtendedCapabilities" = HP Customer Participation Program 10.0 "InstallShield_{2753B568-6F85-4E31-A114-A7F8D8606DDD}" = NETGEAR Powerline Utility "IrfanView" = IrfanView (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300 "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 16.0.1 (x86 de)" = Mozilla Firefox 16.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Notepad++" = Notepad++ "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "Picasa 3" = Picasa 3 "PixGEN_is1" = PixGEN v.2.8.4 "PrintKey2000" = PrintKey2000 "Profi cash" = Profi cash "Redirection Port Monitor" = RedMon - Redirection Port Monitor "TeamViewer 8" = TeamViewer 8 "TVWiz" = Intel(R) TV Wizard "VLC media player" = VLC media player 1.0.5 "WinGimp-2.0_is1" = GIMP 2.6.10 "WinRAR archiver" = WinRAR archiver "xampp" = XAMPP 1.8.0 "XSManager" = XSManager "ZumoDrive" = ZumoDrive ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater "{cfd033d2-5432-49df-8bdc-03fb5035a6bc}" = Linkury Smartbar Engine "620d61f3f0fa6f3d" = NetxpVerein "Adobe Connect 9 Add-in" = Adobe Connect 9 Add-in "Adobe Connect Add-in" = Adobe Connect Add-in "Dropbox" = Dropbox ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 10.06.2013 08:19:11 | Computer Name = Richard-PC | Source = Apache Service | ID = 3299 Description = The Apache service named reported the following error: >>> httpd.exe: Could not open configuration file C:/xampp/apache/conf/httpd.conf: Das System kann den angegebenen Pfad nicht finden. . Error - 11.06.2013 08:43:08 | Computer Name = Richard-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16483, Zeitstempel: 0x515df825 Name des fehlerhaften Moduls: Flash32_11_7_700_202.ocx, Version: 11.7.700.202, Zeitstempel: 0x51801f91 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00380dca ID des fehlerhaften Prozesses: 0x6c04 Startzeit der fehlerhaften Anwendung: 0x01ce66a07d162b7e Pfad der fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\Flash32_11_7_700_202.ocx Berichtskennung: 7782a53c-d294-11e2-8ecc-001f1696d7c9 Error - 11.06.2013 13:51:25 | Computer Name = Richard-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 11.06.2013 14:17:29 | Computer Name = Richard-PC | Source = Apache Service | ID = 3299 Description = The Apache service named reported the following error: >>> httpd.exe: Could not open configuration file C:/xampp/apache/conf/httpd.conf: Das System kann den angegebenen Pfad nicht finden. . Error - 12.06.2013 03:12:29 | Computer Name = Richard-PC | Source = Google Update | ID = 20 Description = Error - 12.06.2013 05:53:03 | Computer Name = Richard-PC | Source = Apache Service | ID = 3299 Description = The Apache service named reported the following error: >>> httpd.exe: Could not open configuration file C:/xampp/apache/conf/httpd.conf: Das System kann den angegebenen Pfad nicht finden. . Error - 12.06.2013 07:07:11 | Computer Name = Richard-PC | Source = Apache Service | ID = 3299 Description = The Apache service named reported the following error: >>> httpd.exe: Could not open configuration file C:/xampp/apache/conf/httpd.conf: Das System kann den angegebenen Pfad nicht finden. . Error - 12.06.2013 07:29:37 | Computer Name = Richard-PC | Source = VSS | ID = 12310 Description = Error - 12.06.2013 07:29:38 | Computer Name = Richard-PC | Source = VSS | ID = 12298 Description = Error - 12.06.2013 08:08:44 | Computer Name = Richard-PC | Source = Apache Service | ID = 3299 Description = The Apache service named reported the following error: >>> httpd.exe: Could not open configuration file C:/xampp/apache/conf/httpd.conf: Das System kann den angegebenen Pfad nicht finden. . [ Media Center Events ] Error - 24.02.2011 11:54:40 | Computer Name = Richard-PC | Source = MCUpdate | ID = 0 Description = 16:54:39 - Fehler beim Herstellen der Internetverbindung. 16:54:39 - Serververbindung konnte nicht hergestellt werden.. Error - 24.02.2011 11:54:47 | Computer Name = Richard-PC | Source = MCUpdate | ID = 0 Description = 16:54:45 - Fehler beim Herstellen der Internetverbindung. 16:54:45 - Serververbindung konnte nicht hergestellt werden.. Error - 24.02.2011 12:54:54 | Computer Name = Richard-PC | Source = MCUpdate | ID = 0 Description = 17:54:54 - Fehler beim Herstellen der Internetverbindung. 17:54:54 - Serververbindung konnte nicht hergestellt werden.. Error - 24.02.2011 12:55:02 | Computer Name = Richard-PC | Source = MCUpdate | ID = 0 Description = 17:55:00 - Fehler beim Herstellen der Internetverbindung. 17:55:00 - Serververbindung konnte nicht hergestellt werden.. Error - 24.02.2011 13:55:09 | Computer Name = Richard-PC | Source = MCUpdate | ID = 0 Description = 18:55:09 - Fehler beim Herstellen der Internetverbindung. 18:55:09 - Serververbindung konnte nicht hergestellt werden.. Error - 24.02.2011 13:55:17 | Computer Name = Richard-PC | Source = MCUpdate | ID = 0 Description = 18:55:14 - Fehler beim Herstellen der Internetverbindung. 18:55:14 - Serververbindung konnte nicht hergestellt werden.. Error - 09.04.2011 05:44:47 | Computer Name = Richard-PC | Source = MCUpdate | ID = 0 Description = 11:44:47 - Fehler beim Herstellen der Internetverbindung. 11:44:47 - Serververbindung konnte nicht hergestellt werden.. Error - 09.04.2011 05:45:20 | Computer Name = Richard-PC | Source = MCUpdate | ID = 0 Description = 11:45:17 - Fehler beim Herstellen der Internetverbindung. 11:45:17 - Serververbindung konnte nicht hergestellt werden.. Error - 17.04.2011 05:52:30 | Computer Name = Richard-PC | Source = MCUpdate | ID = 0 Description = 11:52:30 - Fehler beim Herstellen der Internetverbindung. 11:52:30 - Serververbindung konnte nicht hergestellt werden.. Error - 17.04.2011 05:53:03 | Computer Name = Richard-PC | Source = MCUpdate | ID = 0 Description = 11:52:59 - Fehler beim Herstellen der Internetverbindung. 11:52:59 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 12.06.2013 07:07:11 | Computer Name = Richard-PC | Source = Service Control Manager | ID = 7003 Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert. Error - 12.06.2013 07:07:11 | Computer Name = Richard-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: %%-2147024891 Error - 12.06.2013 07:07:12 | Computer Name = Richard-PC | Source = Service Control Manager | ID = 7003 Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert. Error - 12.06.2013 07:09:12 | Computer Name = Richard-PC | Source = Service Control Manager | ID = 7022 Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht richtig gestartet. Error - 12.06.2013 08:08:43 | Computer Name = Richard-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060 Error - 12.06.2013 08:08:44 | Computer Name = Richard-PC | Source = Service Control Manager | ID = 7024 Description = Der Dienst "Apache2.2" wurde mit folgendem dienstspezifischem Fehler beendet: %%1. Error - 12.06.2013 08:08:44 | Computer Name = Richard-PC | Source = Service Control Manager | ID = 7003 Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert. Error - 12.06.2013 08:08:44 | Computer Name = Richard-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: %%-2147024891 Error - 12.06.2013 08:08:45 | Computer Name = Richard-PC | Source = Service Control Manager | ID = 7003 Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert. Error - 12.06.2013 08:10:26 | Computer Name = Richard-PC | Source = Service Control Manager | ID = 7022 Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht richtig gestartet. < End of report > Gmer: GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-06-12 19:05:00 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.FBEO 232,89GB Running: gmer_2.1.19163.exe; Driver: C:\Users\Richard\AppData\Local\Temp\uxliqfow.sys ---- System - GMER 2.1 ---- SSDT 90648C36 ZwCreateSection SSDT 90648C40 ZwRequestWaitReplyPort SSDT 90648C3B ZwSetContextThread SSDT 90648C45 ZwSetSecurityObject SSDT 90648C4A ZwSystemDebugControl SSDT 90648BD7 ZwTerminateProcess ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 8307CA09 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830B61F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 830BD34C 4 Bytes [36, 8C, 64, 90] .text ntkrnlpa.exe!KeRemoveQueueEx + 1553 830BD6A8 4 Bytes [40, 8C, 64, 90] .text ntkrnlpa.exe!KeRemoveQueueEx + 1597 830BD6EC 4 Bytes [3B, 8C, 64, 90] .text ntkrnlpa.exe!KeRemoveQueueEx + 1613 830BD768 4 Bytes [45, 8C, 64, 90] .text ntkrnlpa.exe!KeRemoveQueueEx + 1667 830BD7BC 4 Bytes [4A, 8C, 64, 90] .text ... ---- Devices - GMER 2.1 ---- Device Ntfs.sys AttachedDevice tdrpm273.sys Device volmgr.sys AttachedDevice fltmgr.sys Device iaStor.sys Device usbccgp.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{903EE08B-6225-11DF-9631-806E6F6E6963} 8334150248 Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{903EE08C-6225-11DF-9631-806E6F6E6963} 30384608 ---- Files - GMER 2.1 ---- File C:\Program Files\Windows Defender\de-DE\MpAsDesc.dll.mui 44544 bytes executable File C:\Program Files\Windows Defender\de-DE\MpEvMsg.dll.mui 16896 bytes executable File C:\Program Files\Windows Defender\de-DE\MsMpRes.dll.mui 54272 bytes executable ---- EOF - GMER 2.1 ---- |
12.06.2013, 18:19 | #2 |
/// Malware-holic | TR/Kazy.795 - Downloads sind nicht mehr möglich Hi poste bitte alle Avira Funde mit Pfadangabe
__________________http://www.trojaner-board.de/125889-...en-posten.html
__________________ |
12.06.2013, 18:45 | #3 |
| TR/Kazy.795 - Downloads sind nicht mehr möglich Vielen Dank für die schnelle Rückmeldung und auch die Anleitung, wo die Logs zu finden sind.
__________________Hier die Funde von Avira: Exportierte Ereignisse: 12.06.2013 13:53 [System-Scanner] Malware gefunden Die Datei 'C:\$Recycle.Bin\S-1-5-21-1772502657-2889558274-1553771813-1000\$RFB2795CA' enthielt einen Virus oder unerwünschtes Programm 'TR/Kazy.795' [trojan]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4ed8dde1.qua' verschoben! 12.06.2013 13:53 [System-Scanner] Malware gefunden Die Datei 'C:\$Recycle.Bin\S-1-5-21-1772502657-2889558274-1553771813-1000\$R3E86CEFD' enthielt einen Virus oder unerwünschtes Programm 'TR/Kazy.795' [trojan]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '565af247.qua' verschoben! 12.06.2013 13:50 [Echtzeit-Scanner] Malware gefunden In der Datei 'C:\$Recycle.Bin\S-1-5-21-1772502657-2889558274-1553771813-1000\$R3E86CEFD' wurde ein Virus oder unerwünschtes Programm 'TR/Kazy.795' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 12.06.2013 13:50 [Echtzeit-Scanner] Malware gefunden In der Datei 'C:\$Recycle.Bin\S-1-5-21-1772502657-2889558274-1553771813-1000\$RFB2795CA' wurde ein Virus oder unerwünschtes Programm 'TR/Kazy.795' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 11.06.2013 20:26 [System-Scanner] Malware gefunden Die Datei 'C:\$Recycle.Bin\S-1-5-21-1772502657-2889558274-1553771813-1000\$16ff2f68c68998a 72779c643dfad8ffe\n' enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen' [trojan]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '55bffc23.qua' verschoben! 11.06.2013 20:21 [Echtzeit-Scanner] Malware gefunden In der Datei 'C:\$Recycle.Bin\S-1-5-21-1772502657-2889558274-1553771813-1000\$16ff2f68c68998a 72779c643dfad8ffe\n' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 11.06.2013 19:17 [System-Scanner] Malware gefunden Die Datei 'C:\Users\Richard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\74594de6-3aa 96e8c' enthielt einen Virus oder unerwünschtes Programm 'JAVA/Jogek.bss' [virus]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '595bf6d2.qua' verschoben! 11.06.2013 13:48 [System-Scanner] Malware gefunden Die Datei 'C:\$Recycle.Bin\S-1-5-18\$16ff2f68c68998a72779c643dfad8ffe\n' enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen' [trojan]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '55bd9c1b.qua' verschoben! 11.06.2013 13:43 [Echtzeit-Scanner] Malware gefunden In der Datei 'C:\$Recycle.Bin\S-1-5-18\$16ff2f68c68998a72779c643dfad8ffe\n' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen' [trojan] gefunden. Ausgeführte Aktion: Übergeben an Scanner 11.06.2013 13:43 [Echtzeit-Scanner] Malware gefunden In der Datei 'C:\$Recycle.Bin\S-1-5-18\$16ff2f68c68998a72779c643dfad8ffe\n' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 11.06.2013 13:42 [Echtzeit-Scanner] Malware gefunden In der Datei 'C:\$Recycle.Bin\S-1-5-21-1772502657-2889558274-1553771813-1000\$16ff2f68c68998a 72779c643dfad8ffe\n' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 11.06.2013 13:42 [Echtzeit-Scanner] Malware gefunden In der Datei 'C:\$Recycle.Bin\S-1-5-21-1772502657-2889558274-1553771813-1000\$16ff2f68c68998a 72779c643dfad8ffe\n' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen' [trojan] gefunden. Ausgeführte Aktion: Übergeben an Scanner |
12.06.2013, 19:01 | #4 |
/// Malware-holic | TR/Kazy.795 - Downloads sind nicht mehr möglich Hi, Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
12.06.2013, 21:22 | #5 |
| TR/Kazy.795 - Downloads sind nicht mehr möglich Hallo, hier ist der Inhalt der Logfile des TDSSKiller: 22:16:58.0830 4576 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 22:16:59.0126 4576 ============================================================ 22:16:59.0126 4576 Current date / time: 2013/06/12 22:16:59.0126 22:16:59.0126 4576 SystemInfo: 22:16:59.0126 4576 22:16:59.0126 4576 OS Version: 6.1.7601 ServicePack: 1.0 22:16:59.0126 4576 Product type: Workstation 22:16:59.0126 4576 ComputerName: RICHARD-PC 22:16:59.0126 4576 UserName: Richard 22:16:59.0126 4576 Windows directory: C:\Windows 22:16:59.0126 4576 System windows directory: C:\Windows 22:16:59.0126 4576 Processor architecture: Intel x86 22:16:59.0126 4576 Number of processors: 2 22:16:59.0126 4576 Page size: 0x1000 22:16:59.0126 4576 Boot type: Normal boot 22:16:59.0126 4576 ============================================================ 22:17:00.0280 4576 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 22:17:00.0280 4576 ============================================================ 22:17:00.0280 4576 \Device\Harddisk0\DR0: 22:17:00.0280 4576 MBR partitions: 22:17:00.0280 4576 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x61A8000 22:17:00.0280 4576 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x61A8800, BlocksNum 0x1701C800 22:17:00.0280 4576 ============================================================ 22:17:00.0312 4576 C: <-> \Device\Harddisk0\DR0\Partition1 22:17:00.0374 4576 D: <-> \Device\Harddisk0\DR0\Partition2 22:17:00.0374 4576 ============================================================ 22:17:00.0374 4576 Initialize success 22:17:00.0374 4576 ============================================================ 22:17:19.0792 0872 ============================================================ 22:17:19.0792 0872 Scan started 22:17:19.0792 0872 Mode: Manual; SigCheck; TDLFS; 22:17:19.0792 0872 ============================================================ 22:17:21.0252 0872 ================ Scan system memory ======================== 22:17:21.0252 0872 System memory - ok 22:17:21.0253 0872 ================ Scan services ============================= 22:17:21.0483 0872 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 22:17:21.0673 0872 1394ohci - ok 22:17:21.0719 0872 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys 22:17:21.0743 0872 ACPI - ok 22:17:21.0795 0872 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 22:17:21.0890 0872 AcpiPmi - ok 22:17:22.0064 0872 [ 63D91B83EB33081E14DD01CAE34D4F26 ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe 22:17:22.0113 0872 AcrSch2Svc - ok 22:17:22.0261 0872 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 22:17:22.0293 0872 AdobeARMservice - ok 22:17:22.0391 0872 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 22:17:22.0414 0872 AdobeFlashPlayerUpdateSvc - ok 22:17:22.0466 0872 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 22:17:22.0536 0872 adp94xx - ok 22:17:22.0573 0872 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 22:17:22.0638 0872 adpahci - ok 22:17:22.0665 0872 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 22:17:22.0727 0872 adpu320 - ok 22:17:22.0778 0872 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 22:17:22.0851 0872 AeLookupSvc - ok 22:17:22.0929 0872 [ A27DEEEBF1B17A053AEA3E2F1D6F9295 ] afcdp C:\Windows\system32\DRIVERS\afcdp.sys 22:17:22.0998 0872 afcdp - ok 22:17:23.0166 0872 [ 149E8CA66CEADE0D17AC4028A567499F ] afcdpsrv C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe 22:17:23.0394 0872 afcdpsrv - ok 22:17:23.0455 0872 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys 22:17:23.0568 0872 AFD - ok 22:17:23.0607 0872 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys 22:17:23.0665 0872 agp440 - ok 22:17:23.0734 0872 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys 22:17:23.0773 0872 aic78xx - ok 22:17:23.0822 0872 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe 22:17:23.0907 0872 ALG - ok 22:17:23.0953 0872 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys 22:17:24.0011 0872 aliide - ok 22:17:24.0042 0872 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys 22:17:24.0096 0872 amdagp - ok 22:17:24.0144 0872 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys 22:17:24.0205 0872 amdide - ok 22:17:24.0249 0872 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 22:17:24.0336 0872 AmdK8 - ok 22:17:24.0358 0872 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 22:17:24.0447 0872 AmdPPM - ok 22:17:24.0504 0872 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys 22:17:24.0556 0872 amdsata - ok 22:17:24.0595 0872 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 22:17:24.0657 0872 amdsbs - ok 22:17:24.0683 0872 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys 22:17:24.0728 0872 amdxata - ok 22:17:24.0854 0872 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe 22:17:24.0912 0872 AntiVirSchedulerService - ok 22:17:24.0971 0872 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe 22:17:25.0006 0872 AntiVirService - ok 22:17:25.0096 0872 [ 44EE9285880603E2C7550541EA698D8D ] Apache2.2 c:\xampp\apache\bin\httpd.exe 22:17:25.0172 0872 Apache2.2 ( UnsignedFile.Multi.Generic ) - warning 22:17:25.0172 0872 Apache2.2 - detected UnsignedFile.Multi.Generic (1) 22:17:25.0204 0872 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys 22:17:25.0310 0872 AppID - ok 22:17:25.0361 0872 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll 22:17:25.0477 0872 AppIDSvc - ok 22:17:25.0515 0872 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll 22:17:25.0558 0872 Appinfo - ok 22:17:25.0596 0872 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys 22:17:25.0657 0872 arc - ok 22:17:25.0689 0872 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 22:17:25.0750 0872 arcsas - ok 22:17:25.0799 0872 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 22:17:25.0903 0872 AsyncMac - ok 22:17:25.0951 0872 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys 22:17:25.0999 0872 atapi - ok 22:17:26.0056 0872 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 22:17:26.0127 0872 AudioEndpointBuilder - ok 22:17:26.0139 0872 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll 22:17:26.0175 0872 Audiosrv - ok 22:17:26.0218 0872 [ 87425709A251386064C99B684BF96F72 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 22:17:26.0264 0872 avgntflt - ok 22:17:26.0336 0872 [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 22:17:26.0401 0872 avipbb - ok 22:17:26.0468 0872 [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 22:17:26.0525 0872 avkmgr - ok 22:17:26.0581 0872 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll 22:17:26.0685 0872 AxInstSV - ok 22:17:26.0740 0872 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys 22:17:26.0786 0872 b06bdrv - ok 22:17:26.0817 0872 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys 22:17:26.0885 0872 b57nd60x - ok 22:17:26.0940 0872 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll 22:17:27.0032 0872 BDESVC - ok 22:17:27.0055 0872 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys 22:17:27.0151 0872 Beep - ok 22:17:27.0209 0872 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll 22:17:27.0277 0872 BITS - ok 22:17:27.0318 0872 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 22:17:27.0401 0872 blbdrive - ok 22:17:27.0440 0872 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 22:17:27.0485 0872 bowser - ok 22:17:27.0505 0872 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 22:17:27.0618 0872 BrFiltLo - ok 22:17:27.0640 0872 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 22:17:27.0688 0872 BrFiltUp - ok 22:17:27.0735 0872 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll 22:17:27.0798 0872 Browser - ok 22:17:27.0822 0872 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys 22:17:27.0943 0872 Brserid - ok 22:17:27.0966 0872 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 22:17:28.0031 0872 BrSerWdm - ok 22:17:28.0057 0872 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 22:17:28.0159 0872 BrUsbMdm - ok 22:17:28.0167 0872 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 22:17:28.0254 0872 BrUsbSer - ok 22:17:28.0278 0872 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 22:17:28.0407 0872 BTHMODEM - ok 22:17:28.0448 0872 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll 22:17:28.0539 0872 bthserv - ok 22:17:28.0584 0872 [ 560C3AC812597D58626D6C92FDC7F58D ] CbFs C:\Windows\system32\drivers\cbfs.sys 22:17:28.0604 0872 CbFs - ok 22:17:28.0646 0872 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 22:17:28.0733 0872 cdfs - ok 22:17:28.0780 0872 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys 22:17:28.0807 0872 cdrom - ok 22:17:28.0843 0872 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll 22:17:28.0892 0872 CertPropSvc - ok 22:17:28.0940 0872 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys 22:17:29.0000 0872 circlass - ok 22:17:29.0047 0872 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys 22:17:29.0077 0872 CLFS - ok 22:17:29.0147 0872 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 22:17:29.0212 0872 clr_optimization_v2.0.50727_32 - ok 22:17:29.0305 0872 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 22:17:29.0331 0872 clr_optimization_v4.0.30319_32 - ok 22:17:29.0360 0872 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 22:17:29.0433 0872 CmBatt - ok 22:17:29.0450 0872 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys 22:17:29.0475 0872 cmdide - ok 22:17:29.0528 0872 [ 675D67423980FC1784B93AA47D350A31 ] cmnsusbser C:\Windows\system32\DRIVERS\cmnsusbser.sys 22:17:29.0649 0872 cmnsusbser - ok 22:17:29.0709 0872 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys 22:17:29.0812 0872 CNG - ok 22:17:29.0862 0872 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 22:17:29.0919 0872 Compbatt - ok 22:17:29.0980 0872 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 22:17:30.0067 0872 CompositeBus - ok 22:17:30.0082 0872 COMSysApp - ok 22:17:30.0116 0872 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 22:17:30.0165 0872 crcdisk - ok 22:17:30.0215 0872 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll 22:17:30.0298 0872 CryptSvc - ok 22:17:30.0345 0872 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll 22:17:30.0404 0872 DcomLaunch - ok 22:17:30.0435 0872 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll 22:17:30.0490 0872 defragsvc - ok 22:17:30.0519 0872 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 22:17:30.0626 0872 DfsC - ok 22:17:30.0675 0872 [ 6CC6C4B9D7B906A151AA094CA087B9F0 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys 22:17:30.0730 0872 dg_ssudbus - ok 22:17:30.0801 0872 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll 22:17:30.0863 0872 Dhcp - ok 22:17:30.0895 0872 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys 22:17:30.0950 0872 discache - ok 22:17:30.0997 0872 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys 22:17:31.0053 0872 Disk - ok 22:17:31.0101 0872 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll 22:17:31.0164 0872 Dnscache - ok 22:17:31.0213 0872 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll 22:17:31.0310 0872 dot3svc - ok 22:17:31.0379 0872 [ B5E479EB83707DD698F66953E922042C ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys 22:17:31.0474 0872 Dot4 - ok 22:17:31.0524 0872 [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys 22:17:31.0610 0872 Dot4Print - ok 22:17:31.0641 0872 [ CF491FF38D62143203C065260567E2F7 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys 22:17:31.0679 0872 dot4usb - ok 22:17:31.0710 0872 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll 22:17:31.0767 0872 DPS - ok 22:17:31.0813 0872 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 22:17:31.0860 0872 drmkaud - ok 22:17:31.0915 0872 [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 22:17:32.0010 0872 DXGKrnl - ok 22:17:32.0049 0872 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll 22:17:32.0103 0872 EapHost - ok 22:17:32.0230 0872 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys 22:17:32.0438 0872 ebdrv - ok 22:17:32.0475 0872 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe 22:17:32.0519 0872 EFS - ok 22:17:32.0578 0872 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 22:17:32.0662 0872 ehRecvr - ok 22:17:32.0679 0872 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe 22:17:32.0756 0872 ehSched - ok 22:17:32.0812 0872 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 22:17:32.0848 0872 elxstor - ok 22:17:32.0883 0872 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys 22:17:32.0961 0872 ErrDev - ok 22:17:33.0016 0872 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll 22:17:33.0075 0872 EventSystem - ok 22:17:33.0103 0872 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys 22:17:33.0162 0872 exfat - ok 22:17:33.0185 0872 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys 22:17:33.0306 0872 fastfat - ok 22:17:33.0349 0872 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe 22:17:33.0397 0872 Fax - ok 22:17:33.0423 0872 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys 22:17:33.0506 0872 fdc - ok 22:17:33.0544 0872 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll 22:17:33.0649 0872 fdPHost - ok 22:17:33.0666 0872 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll 22:17:33.0779 0872 FDResPub - ok 22:17:33.0796 0872 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 22:17:33.0858 0872 FileInfo - ok 22:17:33.0884 0872 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 22:17:33.0971 0872 Filetrace - ok 22:17:33.0991 0872 FileZilla Server - ok 22:17:34.0028 0872 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 22:17:34.0083 0872 flpydisk - ok 22:17:34.0146 0872 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 22:17:34.0207 0872 FltMgr - ok 22:17:34.0259 0872 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll 22:17:34.0382 0872 FontCache - ok 22:17:34.0447 0872 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 22:17:34.0507 0872 FontCache3.0.0.0 - ok 22:17:34.0554 0872 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 22:17:34.0619 0872 FsDepends - ok 22:17:34.0666 0872 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 22:17:34.0718 0872 Fs_Rec - ok 22:17:34.0779 0872 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 22:17:34.0856 0872 fvevol - ok 22:17:34.0895 0872 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 22:17:34.0953 0872 gagp30kx - ok 22:17:35.0020 0872 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll 22:17:35.0105 0872 gpsvc - ok 22:17:35.0208 0872 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 22:17:35.0225 0872 gupdate - ok 22:17:35.0234 0872 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 22:17:35.0250 0872 gupdatem - ok 22:17:35.0332 0872 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 22:17:35.0400 0872 gusvc - ok 22:17:35.0432 0872 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 22:17:35.0520 0872 hcw85cir - ok 22:17:35.0578 0872 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 22:17:35.0667 0872 HdAudAddService - ok 22:17:35.0712 0872 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 22:17:35.0741 0872 HDAudBus - ok 22:17:35.0766 0872 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 22:17:35.0846 0872 HidBatt - ok 22:17:35.0867 0872 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 22:17:35.0960 0872 HidBth - ok 22:17:35.0984 0872 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 22:17:36.0060 0872 HidIr - ok 22:17:36.0090 0872 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll 22:17:36.0150 0872 hidserv - ok 22:17:36.0212 0872 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 22:17:36.0271 0872 HidUsb - ok 22:17:36.0309 0872 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll 22:17:36.0390 0872 hkmsvc - ok 22:17:36.0433 0872 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 22:17:36.0562 0872 HomeGroupListener - ok 22:17:36.0601 0872 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 22:17:36.0677 0872 HomeGroupProvider - ok 22:17:36.0723 0872 [ 299683D4C8AAA3F6F5D5D226A1782A6E ] HPFXBULK C:\Windows\system32\drivers\hpfxbulk.sys 22:17:36.0745 0872 HPFXBULK - ok 22:17:36.0783 0872 [ F728DB73A87231E27B6BA34D71CE2EDB ] HPFXFAX C:\Windows\system32\drivers\hpfxfax.sys 22:17:36.0831 0872 HPFXFAX - ok 22:17:36.0975 0872 [ F50F7984FDD151EDD8A70A8DBD9E2A44 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll 22:17:37.0005 0872 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning 22:17:37.0006 0872 hpqcxs08 - detected UnsignedFile.Multi.Generic (1) 22:17:37.0029 0872 [ DF446BA625CC441617843E87798CE048 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll 22:17:37.0062 0872 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning 22:17:37.0062 0872 hpqddsvc - detected UnsignedFile.Multi.Generic (1) 22:17:37.0108 0872 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 22:17:37.0168 0872 HpSAMD - ok 22:17:37.0224 0872 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys 22:17:37.0328 0872 HTTP - ok 22:17:37.0353 0872 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 22:17:37.0405 0872 hwpolicy - ok 22:17:37.0467 0872 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 22:17:37.0522 0872 i8042prt - ok 22:17:37.0599 0872 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe 22:17:37.0653 0872 IAANTMON - ok 22:17:37.0686 0872 [ D483687EACE0C065EE772481A96E05F5 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 22:17:37.0704 0872 iaStor - ok 22:17:37.0741 0872 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 22:17:37.0814 0872 iaStorV - ok 22:17:37.0901 0872 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 22:17:38.0010 0872 idsvc - ok 22:17:38.0229 0872 [ 36CC40B02AE593D6152AC8BD657720AF ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys 22:17:38.0579 0872 igfx - ok 22:17:38.0623 0872 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 22:17:38.0678 0872 iirsp - ok 22:17:38.0772 0872 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll 22:17:38.0850 0872 IKEEXT - ok 22:17:38.0969 0872 [ B29E79C67F3779E70BA187E31B639EBC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys 22:17:39.0133 0872 IntcAzAudAddService - ok 22:17:39.0178 0872 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys 22:17:39.0221 0872 intelide - ok 22:17:39.0276 0872 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 22:17:39.0310 0872 intelppm - ok 22:17:39.0341 0872 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 22:17:39.0428 0872 IPBusEnum - ok 22:17:39.0461 0872 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 22:17:39.0572 0872 IpFilterDriver - ok 22:17:39.0608 0872 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 22:17:39.0634 0872 IPMIDRV - ok 22:17:39.0663 0872 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys 22:17:39.0716 0872 IPNAT - ok 22:17:39.0746 0872 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys 22:17:39.0808 0872 IRENUM - ok 22:17:39.0837 0872 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys 22:17:39.0895 0872 isapnp - ok 22:17:39.0940 0872 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 22:17:40.0002 0872 iScsiPrt - ok 22:17:40.0050 0872 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 22:17:40.0094 0872 kbdclass - ok 22:17:40.0132 0872 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 22:17:40.0210 0872 kbdhid - ok 22:17:40.0230 0872 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe 22:17:40.0248 0872 KeyIso - ok 22:17:40.0290 0872 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 22:17:40.0358 0872 KSecDD - ok 22:17:40.0398 0872 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 22:17:40.0430 0872 KSecPkg - ok 22:17:40.0472 0872 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll 22:17:40.0601 0872 KtmRm - ok 22:17:40.0653 0872 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll 22:17:40.0736 0872 LanmanServer - ok 22:17:40.0761 0872 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 22:17:40.0821 0872 LanmanWorkstation - ok 22:17:40.0887 0872 Lexware_Professional_Datenbank - ok 22:17:40.0939 0872 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 22:17:41.0047 0872 lltdio - ok 22:17:41.0087 0872 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll 22:17:41.0133 0872 lltdsvc - ok 22:17:41.0147 0872 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll 22:17:41.0251 0872 lmhosts - ok 22:17:41.0286 0872 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 22:17:41.0346 0872 LSI_FC - ok 22:17:41.0385 0872 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 22:17:41.0441 0872 LSI_SAS - ok 22:17:41.0450 0872 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 22:17:41.0484 0872 LSI_SAS2 - ok 22:17:41.0493 0872 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 22:17:41.0531 0872 LSI_SCSI - ok 22:17:41.0570 0872 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys 22:17:41.0636 0872 luafv - ok 22:17:41.0736 0872 [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe 22:17:41.0805 0872 McComponentHostService - ok 22:17:41.0870 0872 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 22:17:41.0904 0872 Mcx2Svc - ok 22:17:41.0921 0872 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 22:17:41.0968 0872 megasas - ok 22:17:42.0021 0872 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 22:17:42.0091 0872 MegaSR - ok 22:17:42.0214 0872 Microsoft SharePoint Workspace Audit Service - ok 22:17:42.0240 0872 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll 22:17:42.0309 0872 MMCSS - ok 22:17:42.0322 0872 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys 22:17:42.0427 0872 Modem - ok 22:17:42.0466 0872 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 22:17:42.0501 0872 monitor - ok 22:17:42.0535 0872 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 22:17:42.0590 0872 mouclass - ok 22:17:42.0627 0872 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 22:17:42.0686 0872 mouhid - ok 22:17:42.0739 0872 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 22:17:42.0804 0872 mountmgr - ok 22:17:42.0885 0872 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 22:17:42.0956 0872 MozillaMaintenance - ok 22:17:43.0009 0872 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys 22:17:43.0074 0872 mpio - ok 22:17:43.0117 0872 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 22:17:43.0230 0872 mpsdrv - ok 22:17:43.0269 0872 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 22:17:43.0332 0872 MRxDAV - ok 22:17:43.0393 0872 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 22:17:43.0434 0872 mrxsmb - ok 22:17:43.0479 0872 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 22:17:43.0569 0872 mrxsmb10 - ok 22:17:43.0595 0872 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 22:17:43.0636 0872 mrxsmb20 - ok 22:17:43.0670 0872 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys 22:17:43.0733 0872 msahci - ok 22:17:43.0891 0872 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys 22:17:43.0923 0872 msdsm - ok 22:17:43.0954 0872 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe 22:17:44.0039 0872 MSDTC - ok 22:17:44.0098 0872 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys 22:17:44.0171 0872 Msfs - ok 22:17:44.0208 0872 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 22:17:44.0244 0872 mshidkmdf - ok 22:17:44.0283 0872 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 22:17:44.0337 0872 msisadrv - ok 22:17:44.0383 0872 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 22:17:44.0468 0872 MSiSCSI - ok 22:17:44.0475 0872 msiserver - ok 22:17:44.0524 0872 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 22:17:44.0594 0872 MSKSSRV - ok 22:17:44.0626 0872 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 22:17:44.0732 0872 MSPCLOCK - ok 22:17:44.0746 0872 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 22:17:44.0821 0872 MSPQM - ok 22:17:44.0845 0872 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 22:17:44.0872 0872 MsRPC - ok 22:17:44.0923 0872 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 22:17:44.0940 0872 mssmbios - ok 22:17:44.0984 0872 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 22:17:45.0042 0872 MSTEE - ok 22:17:45.0072 0872 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 22:17:45.0109 0872 MTConfig - ok 22:17:45.0132 0872 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys 22:17:45.0187 0872 Mup - ok 22:17:45.0242 0872 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll 22:17:45.0295 0872 napagent - ok 22:17:45.0358 0872 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 22:17:45.0430 0872 NativeWifiP - ok 22:17:45.0488 0872 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys 22:17:45.0521 0872 NDIS - ok 22:17:45.0565 0872 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 22:17:45.0614 0872 NdisCap - ok 22:17:45.0647 0872 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 22:17:45.0743 0872 NdisTapi - ok 22:17:45.0772 0872 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 22:17:45.0882 0872 Ndisuio - ok 22:17:45.0927 0872 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 22:17:46.0042 0872 NdisWan - ok 22:17:46.0080 0872 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 22:17:46.0173 0872 NDProxy - ok 22:17:46.0239 0872 [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll 22:17:46.0260 0872 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 22:17:46.0260 0872 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 22:17:46.0298 0872 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 22:17:46.0369 0872 NetBIOS - ok 22:17:46.0412 0872 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 22:17:46.0527 0872 NetBT - ok 22:17:46.0542 0872 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe 22:17:46.0560 0872 Netlogon - ok 22:17:46.0603 0872 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll 22:17:46.0660 0872 Netman - ok 22:17:46.0694 0872 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll 22:17:46.0748 0872 netprofm - ok 22:17:46.0807 0872 [ 652881F65B35564575255A0E05E23C55 ] netr28 C:\Windows\system32\DRIVERS\netr28.sys 22:17:46.0875 0872 netr28 - ok 22:17:46.0912 0872 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 22:17:46.0979 0872 NetTcpPortSharing - ok 22:17:47.0034 0872 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 22:17:47.0095 0872 nfrd960 - ok 22:17:47.0142 0872 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll 22:17:47.0193 0872 NlaSvc - ok 22:17:47.0225 0872 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys 22:17:47.0321 0872 Npfs - ok 22:17:47.0357 0872 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll 22:17:47.0439 0872 nsi - ok 22:17:47.0478 0872 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 22:17:47.0524 0872 nsiproxy - ok 22:17:47.0595 0872 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 22:17:47.0679 0872 Ntfs - ok 22:17:47.0710 0872 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys 22:17:47.0779 0872 Null - ok 22:17:47.0825 0872 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys 22:17:47.0883 0872 nvraid - ok 22:17:47.0913 0872 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys 22:17:47.0976 0872 nvstor - ok 22:17:48.0003 0872 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 22:17:48.0068 0872 nv_agp - ok 22:17:48.0086 0872 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 22:17:48.0129 0872 ohci1394 - ok 22:17:48.0202 0872 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 22:17:48.0236 0872 ose - ok 22:17:48.0414 0872 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 22:17:48.0751 0872 osppsvc - ok 22:17:48.0817 0872 [ C5739BE3A8EECDF951955A38E1741F45 ] OVT511Plus C:\Windows\system32\Drivers\omcamvid.sys 22:17:48.0900 0872 OVT511Plus - ok 22:17:48.0940 0872 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 22:17:48.0995 0872 p2pimsvc - ok 22:17:49.0021 0872 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll 22:17:49.0131 0872 p2psvc - ok 22:17:49.0158 0872 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys 22:17:49.0245 0872 Parport - ok 22:17:49.0278 0872 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys 22:17:49.0302 0872 partmgr - ok 22:17:49.0319 0872 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys 22:17:49.0359 0872 Parvdm - ok 22:17:49.0403 0872 [ 6AEAE10FB95BAEF27EBA4400D78FC568 ] PcaSp50 C:\Windows\system32\Drivers\PcaSp50.sys 22:17:49.0459 0872 PcaSp50 - ok 22:17:49.0506 0872 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll 22:17:49.0541 0872 PcaSvc - ok 22:17:49.0558 0872 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys 22:17:49.0587 0872 pci - ok 22:17:49.0617 0872 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys 22:17:49.0638 0872 pciide - ok 22:17:49.0665 0872 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 22:17:49.0736 0872 pcmcia - ok 22:17:49.0767 0872 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys 22:17:49.0790 0872 pcw - ok 22:17:49.0839 0872 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys 22:17:49.0940 0872 PEAUTH - ok 22:17:50.0040 0872 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll 22:17:50.0176 0872 pla - ok 22:17:50.0234 0872 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll 22:17:50.0278 0872 PlugPlay - ok 22:17:50.0315 0872 [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll 22:17:50.0364 0872 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 22:17:50.0364 0872 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 22:17:50.0408 0872 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 22:17:50.0501 0872 PNRPAutoReg - ok 22:17:50.0539 0872 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 22:17:50.0561 0872 PNRPsvc - ok 22:17:50.0602 0872 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 22:17:50.0691 0872 PolicyAgent - ok 22:17:50.0741 0872 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll 22:17:50.0788 0872 Power - ok 22:17:50.0830 0872 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 22:17:50.0870 0872 PptpMiniport - ok 22:17:50.0891 0872 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys 22:17:50.0982 0872 Processor - ok 22:17:51.0024 0872 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll 22:17:51.0085 0872 ProfSvc - ok 22:17:51.0097 0872 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe 22:17:51.0115 0872 ProtectedStorage - ok 22:17:51.0149 0872 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys 22:17:51.0207 0872 Psched - ok 22:17:51.0254 0872 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys 22:17:51.0303 0872 PxHelp20 - ok 22:17:51.0373 0872 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 22:17:51.0460 0872 ql2300 - ok 22:17:51.0490 0872 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 22:17:51.0539 0872 ql40xx - ok 22:17:51.0580 0872 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll 22:17:51.0695 0872 QWAVE - ok 22:17:51.0733 0872 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 22:17:51.0799 0872 QWAVEdrv - ok 22:17:51.0828 0872 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 22:17:51.0934 0872 RasAcd - ok 22:17:51.0978 0872 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 22:17:52.0031 0872 RasAgileVpn - ok 22:17:52.0068 0872 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll 22:17:52.0149 0872 RasAuto - ok 22:17:52.0164 0872 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 22:17:52.0268 0872 Rasl2tp - ok 22:17:52.0329 0872 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll 22:17:52.0412 0872 RasMan - ok 22:17:52.0443 0872 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 22:17:52.0517 0872 RasPppoe - ok 22:17:52.0559 0872 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 22:17:52.0627 0872 RasSstp - ok 22:17:52.0649 0872 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 22:17:52.0763 0872 rdbss - ok 22:17:52.0787 0872 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 22:17:52.0877 0872 rdpbus - ok 22:17:52.0922 0872 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 22:17:53.0023 0872 RDPCDD - ok 22:17:53.0063 0872 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 22:17:53.0166 0872 RDPENCDD - ok 22:17:53.0196 0872 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 22:17:53.0240 0872 RDPREFMP - ok 22:17:53.0268 0872 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 22:17:53.0357 0872 RDPWD - ok 22:17:53.0400 0872 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 22:17:53.0476 0872 rdyboost - ok 22:17:53.0521 0872 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll 22:17:53.0615 0872 RemoteAccess - ok 22:17:53.0648 0872 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll 22:17:53.0773 0872 RemoteRegistry - ok 22:17:53.0789 0872 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 22:17:53.0842 0872 RpcEptMapper - ok 22:17:53.0867 0872 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe 22:17:53.0960 0872 RpcLocator - ok 22:17:53.0988 0872 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll 22:17:54.0026 0872 RpcSs - ok 22:17:54.0059 0872 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 22:17:54.0137 0872 rspndr - ok 22:17:54.0164 0872 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe 22:17:54.0181 0872 SamSs - ok 22:17:54.0232 0872 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 22:17:54.0297 0872 sbp2port - ok 22:17:54.0348 0872 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll 22:17:54.0455 0872 SCardSvr - ok 22:17:54.0493 0872 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 22:17:54.0597 0872 scfilter - ok 22:17:54.0646 0872 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll 22:17:54.0732 0872 Schedule - ok 22:17:54.0765 0872 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll 22:17:54.0797 0872 SCPolicySvc - ok 22:17:54.0810 0872 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll 22:17:54.0913 0872 SDRSVC - ok 22:17:54.0969 0872 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 22:17:55.0029 0872 secdrv - ok 22:17:55.0060 0872 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll 22:17:55.0172 0872 seclogon - ok 22:17:55.0185 0872 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll 22:17:55.0234 0872 SENS - ok 22:17:55.0268 0872 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll 22:17:55.0316 0872 SensrSvc - ok 22:17:55.0333 0872 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 22:17:55.0434 0872 Serenum - ok 22:17:55.0475 0872 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys 22:17:55.0570 0872 Serial - ok 22:17:55.0602 0872 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 22:17:55.0659 0872 sermouse - ok 22:17:55.0713 0872 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll 22:17:55.0756 0872 SessionEnv - ok 22:17:55.0793 0872 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 22:17:55.0834 0872 sffdisk - ok 22:17:55.0851 0872 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 22:17:55.0933 0872 sffp_mmc - ok 22:17:55.0951 0872 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 22:17:56.0036 0872 sffp_sd - ok 22:17:56.0069 0872 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 22:17:56.0197 0872 sfloppy - ok 22:17:56.0233 0872 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 22:17:56.0281 0872 ShellHWDetection - ok 22:17:56.0336 0872 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys 22:17:56.0396 0872 sisagp - ok 22:17:56.0456 0872 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 22:17:56.0489 0872 SiSRaid2 - ok 22:17:56.0512 0872 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 22:17:56.0559 0872 SiSRaid4 - ok 22:17:56.0635 0872 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe 22:17:56.0741 0872 SkypeUpdate - ok 22:17:56.0763 0872 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys 22:17:56.0831 0872 Smb - ok 22:17:56.0902 0872 [ 85BADA660D57BC5AEF52B11CABD6D8F9 ] snapman C:\Windows\system32\DRIVERS\snapman.sys 22:17:56.0974 0872 snapman - ok 22:17:57.0035 0872 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 22:17:57.0059 0872 SNMPTRAP - ok 22:17:57.0084 0872 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys 22:17:57.0106 0872 spldr - ok 22:17:57.0143 0872 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe 22:17:57.0174 0872 Spooler - ok 22:17:57.0301 0872 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe 22:17:57.0455 0872 sppsvc - ok 22:17:57.0533 0872 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll 22:17:57.0648 0872 sppuinotify - ok 22:17:57.0801 0872 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys 22:17:57.0902 0872 srv - ok 22:17:58.0001 0872 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 22:17:58.0117 0872 srv2 - ok 22:17:58.0168 0872 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 22:17:58.0230 0872 srvnet - ok 22:17:58.0278 0872 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 22:17:58.0339 0872 SSDPSRV - ok 22:17:58.0414 0872 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys 22:17:58.0489 0872 ssmdrv - ok 22:17:58.0513 0872 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll 22:17:58.0572 0872 SstpSvc - ok 22:17:58.0615 0872 [ 359FEE084F1173FFFFD7F9CCBD43D47F ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys 22:17:58.0679 0872 ssudmdm - ok 22:17:58.0714 0872 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 22:17:58.0769 0872 stexstor - ok 22:17:58.0841 0872 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll 22:17:58.0942 0872 StiSvc - ok 22:17:58.0975 0872 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys 22:17:59.0015 0872 swenum - ok 22:17:59.0130 0872 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 22:17:59.0181 0872 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning 22:17:59.0181 0872 SwitchBoard - detected UnsignedFile.Multi.Generic (1) 22:17:59.0218 0872 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll 22:17:59.0313 0872 swprv - ok 22:17:59.0451 0872 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll 22:17:59.0533 0872 SysMain - ok 22:17:59.0629 0872 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll 22:17:59.0724 0872 TabletInputService - ok 22:17:59.0768 0872 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll 22:17:59.0814 0872 TapiSrv - ok 22:17:59.0880 0872 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll 22:17:59.0934 0872 TBS - ok 22:18:00.0145 0872 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 22:18:00.0293 0872 Tcpip - ok 22:18:00.0344 0872 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 22:18:00.0384 0872 TCPIP6 - ok 22:18:00.0492 0872 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 22:18:00.0572 0872 tcpipreg - ok 22:18:00.0617 0872 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 22:18:00.0713 0872 TDPIPE - ok 22:18:00.0785 0872 [ 431801FCC97034E04A6EFF81136578D7 ] tdrpman273 C:\Windows\system32\DRIVERS\tdrpm273.sys 22:18:00.0868 0872 tdrpman273 - ok 22:18:00.0931 0872 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 22:18:00.0999 0872 TDTCP - ok 22:18:01.0038 0872 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 22:18:01.0079 0872 tdx - ok 22:18:01.0285 0872 [ 7C8DD5576695B3362202EF09B20C425E ] TeamViewer8 C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe 22:18:01.0476 0872 TeamViewer8 - ok 22:18:01.0517 0872 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys 22:18:01.0581 0872 TermDD - ok 22:18:01.0642 0872 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll 22:18:01.0709 0872 TermService - ok 22:18:01.0735 0872 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll 22:18:01.0774 0872 Themes - ok 22:18:01.0795 0872 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll 22:18:01.0829 0872 THREADORDER - ok 22:18:01.0921 0872 [ A34D7024BB7140EC785C86BC065D4F60 ] timounter C:\Windows\system32\DRIVERS\timntr.sys 22:18:02.0009 0872 timounter - ok 22:18:02.0049 0872 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll 22:18:02.0110 0872 TrkWks - ok 22:18:02.0163 0872 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 22:18:02.0206 0872 TrustedInstaller - ok 22:18:02.0251 0872 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 22:18:02.0351 0872 tssecsrv - ok 22:18:02.0397 0872 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 22:18:02.0497 0872 TsUsbFlt - ok 22:18:02.0542 0872 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 22:18:02.0589 0872 tunnel - ok 22:18:02.0619 0872 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 22:18:02.0682 0872 uagp35 - ok 22:18:02.0715 0872 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys 22:18:02.0765 0872 udfs - ok 22:18:02.0802 0872 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 22:18:02.0879 0872 UI0Detect - ok 22:18:02.0904 0872 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 22:18:02.0932 0872 uliagpkx - ok 22:18:02.0982 0872 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys 22:18:03.0066 0872 umbus - ok 22:18:03.0109 0872 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 22:18:03.0196 0872 UmPass - ok 22:18:03.0231 0872 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll 22:18:03.0295 0872 upnphost - ok 22:18:03.0355 0872 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 22:18:03.0447 0872 usbaudio - ok 22:18:03.0465 0872 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 22:18:03.0538 0872 usbccgp - ok 22:18:03.0562 0872 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys 22:18:03.0643 0872 usbcir - ok 22:18:03.0664 0872 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 22:18:03.0726 0872 usbehci - ok 22:18:03.0789 0872 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 22:18:03.0835 0872 usbhub - ok 22:18:03.0859 0872 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys 22:18:03.0927 0872 usbohci - ok 22:18:03.0971 0872 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 22:18:04.0036 0872 usbprint - ok 22:18:04.0094 0872 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 22:18:04.0177 0872 usbscan - ok 22:18:04.0199 0872 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 22:18:04.0287 0872 USBSTOR - ok 22:18:04.0319 0872 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 22:18:04.0359 0872 usbuhci - ok 22:18:04.0437 0872 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 22:18:04.0488 0872 usbvideo - ok 22:18:04.0519 0872 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll 22:18:04.0565 0872 UxSms - ok 22:18:04.0576 0872 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe 22:18:04.0594 0872 VaultSvc - ok 22:18:04.0623 0872 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 22:18:04.0647 0872 vdrvroot - ok 22:18:04.0693 0872 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe 22:18:04.0768 0872 vds - ok 22:18:04.0798 0872 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 22:18:04.0879 0872 vga - ok 22:18:04.0893 0872 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys 22:18:04.0931 0872 VgaSave - ok 22:18:04.0971 0872 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 22:18:05.0012 0872 vhdmp - ok 22:18:05.0045 0872 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys 22:18:05.0069 0872 viaagp - ok 22:18:05.0100 0872 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys 22:18:05.0190 0872 ViaC7 - ok 22:18:05.0210 0872 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys 22:18:05.0267 0872 viaide - ok 22:18:05.0303 0872 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys 22:18:05.0349 0872 volmgr - ok 22:18:05.0393 0872 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 22:18:05.0466 0872 volmgrx - ok 22:18:05.0494 0872 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys 22:18:05.0555 0872 volsnap - ok 22:18:05.0618 0872 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 22:18:05.0681 0872 vsmraid - ok 22:18:05.0759 0872 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe 22:18:05.0856 0872 VSS - ok 22:18:05.0878 0872 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 22:18:05.0914 0872 vwifibus - ok 22:18:05.0956 0872 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 22:18:06.0045 0872 vwififlt - ok 22:18:06.0084 0872 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 22:18:06.0141 0872 vwifimp - ok 22:18:06.0187 0872 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll 22:18:06.0269 0872 W32Time - ok 22:18:06.0299 0872 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 22:18:06.0386 0872 WacomPen - ok 22:18:06.0423 0872 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 22:18:06.0508 0872 WANARP - ok 22:18:06.0517 0872 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 22:18:06.0550 0872 Wanarpv6 - ok 22:18:06.0644 0872 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 22:18:06.0754 0872 WatAdminSvc - ok 22:18:06.0830 0872 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe 22:18:06.0962 0872 wbengine - ok 22:18:06.0990 0872 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 22:18:07.0042 0872 WbioSrvc - ok 22:18:07.0078 0872 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll 22:18:07.0144 0872 wcncsvc - ok 22:18:07.0167 0872 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 22:18:07.0257 0872 WcsPlugInService - ok 22:18:07.0292 0872 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys 22:18:07.0322 0872 Wd - ok 22:18:07.0370 0872 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 22:18:07.0414 0872 Wdf01000 - ok 22:18:07.0438 0872 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll 22:18:07.0525 0872 WdiServiceHost - ok 22:18:07.0532 0872 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll 22:18:07.0554 0872 WdiSystemHost - ok 22:18:07.0598 0872 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll 22:18:07.0708 0872 WebClient - ok 22:18:07.0741 0872 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll 22:18:07.0785 0872 Wecsvc - ok 22:18:07.0804 0872 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll 22:18:07.0859 0872 wercplsupport - ok 22:18:07.0896 0872 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll 22:18:07.0952 0872 WerSvc - ok 22:18:07.0984 0872 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 22:18:08.0057 0872 WfpLwf - ok 22:18:08.0094 0872 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys 22:18:08.0116 0872 WIMMount - ok 22:18:08.0125 0872 WinHttpAutoProxySvc - ok 22:18:08.0196 0872 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 22:18:08.0271 0872 Winmgmt - ok 22:18:08.0328 0872 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll 22:18:08.0408 0872 WinRM - ok 22:18:08.0466 0872 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 22:18:08.0558 0872 WinUsb - ok 22:18:08.0608 0872 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll 22:18:08.0672 0872 Wlansvc - ok 22:18:08.0720 0872 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 22:18:08.0738 0872 WmiAcpi - ok 22:18:08.0780 0872 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 22:18:08.0826 0872 wmiApSrv - ok 22:18:08.0922 0872 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 22:18:09.0002 0872 WMPNetworkSvc - ok 22:18:09.0036 0872 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll 22:18:09.0115 0872 WPCSvc - ok 22:18:09.0159 0872 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 22:18:09.0192 0872 WPDBusEnum - ok 22:18:09.0217 0872 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 22:18:09.0312 0872 ws2ifsl - ok 22:18:09.0319 0872 WSearch - ok 22:18:09.0398 0872 [ 67C1BCCCB4B59552BD62827F812A3A8B ] WTGService C:\Program Files\XSManager\WTGService.exe 22:18:09.0477 0872 WTGService - ok 22:18:09.0580 0872 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 22:18:09.0647 0872 wuauserv - ok 22:18:09.0681 0872 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 22:18:09.0705 0872 WudfPf - ok 22:18:09.0764 0872 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 22:18:09.0806 0872 WUDFRd - ok 22:18:09.0842 0872 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 22:18:09.0878 0872 wudfsvc - ok 22:18:09.0913 0872 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc C:\Windows\System32\wwansvc.dll 22:18:09.0968 0872 WwanSvc - ok 22:18:10.0002 0872 ================ Scan global =============================== 22:18:10.0028 0872 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll 22:18:10.0063 0872 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll 22:18:10.0086 0872 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll 22:18:10.0115 0872 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll 22:18:10.0145 0872 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe 22:18:10.0163 0872 [Global] - ok 22:18:10.0164 0872 ================ Scan MBR ================================== 22:18:10.0172 0872 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 22:18:10.0760 0872 \Device\Harddisk0\DR0 - ok 22:18:10.0761 0872 ================ Scan VBR ================================== 22:18:10.0767 0872 [ DFDB8EACA0F107FE062C13F90EC0A084 ] \Device\Harddisk0\DR0\Partition1 22:18:10.0769 0872 \Device\Harddisk0\DR0\Partition1 - ok 22:18:10.0792 0872 [ 269F406C031664EC51F9965572AEED65 ] \Device\Harddisk0\DR0\Partition2 22:18:10.0794 0872 \Device\Harddisk0\DR0\Partition2 - ok 22:18:10.0795 0872 ============================================================ 22:18:10.0795 0872 Scan finished 22:18:10.0795 0872 ============================================================ 22:18:10.0824 4080 Detected object count: 6 22:18:10.0824 4080 Actual detected object count: 6 22:18:45.0733 4080 Apache2.2 ( UnsignedFile.Multi.Generic ) - skipped by user 22:18:45.0734 4080 Apache2.2 ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:18:45.0737 4080 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user 22:18:45.0737 4080 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:18:45.0740 4080 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user 22:18:45.0740 4080 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:18:45.0745 4080 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 22:18:45.0745 4080 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:18:45.0748 4080 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 22:18:45.0748 4080 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:18:45.0751 4080 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user 22:18:45.0751 4080 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip |
12.06.2013, 21:23 | #6 |
/// Malware-holic | TR/Kazy.795 - Downloads sind nicht mehr möglich Hi, Scan mit Combofix
__________________ --> TR/Kazy.795 - Downloads sind nicht mehr möglich |
12.06.2013, 21:31 | #7 |
| TR/Kazy.795 - Downloads sind nicht mehr möglich Hi habe auch noch eine Logdatei von Malwarebytes: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.06.12.03 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Richard :: RICHARD-PC [Administrator] 12.06.2013 13:42:21 MBAM-log-2013-06-12 (14-04-34).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 208290 Laufzeit: 21 Minute(n), 18 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 1 HKCR\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32| (Trojan.0Access) -> Bösartig: (C:\$Recycle.Bin\S-1-5-18\$16ff2f68c68998a72779c643dfad8ffe\n.) Gut: (fastprox.dll) -> Keine Aktion durchgeführt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\$Recycle.Bin\S-1-5-21-1772502657-2889558274-1553771813-1000\$R3E86CEFD (Trojan.Agent.RN) -> Keine Aktion durchgeführt. C:\$Recycle.Bin\S-1-5-21-1772502657-2889558274-1553771813-1000\$RFB2795CA (Trojan.Agent.RN) -> Keine Aktion durchgeführt. (Ende) Wie deaktiviere ich Avira Desktop? ComboFix sagt, dass dieses Programm (antivirus und antispyware) noch aktiv ist. Ich habe aber keine Ahnung, wie ich das deaktiviere. |
12.06.2013, 21:52 | #8 |
/// Malware-holic | TR/Kazy.795 - Downloads sind nicht mehr möglich rechtsklick auf den schirm, deaktivieren wenn combofix dan noch mal anschlägt auf ok klicken
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
12.06.2013, 21:58 | #9 |
| TR/Kazy.795 - Downloads sind nicht mehr möglich Bei Rechtsklick auf dem Schirm bekomme ich kein "Deaktivieren", sondern nur: - Echtzeit-Scanner aktivieren - Avira Free Antivirus starten - Avira Free Antivirus konfigurieren - Meine Meldungen - Update starten - Hilfe ... Reicht das schon? Es scheint geklappt zu haben. Downloads funktionieren wieder und auch die Funktionen zur Sicherheit in der Systemsteuerung sind wieder da. GANZ HERZLICHEN DANK!!!! Der Vollständigkeit halber noch die Logfile von Combofix: Code:
ATTFilter Combofix Logfile: Geändert von ricardoonlin (12.06.2013 um 22:35 Uhr) |
13.06.2013, 11:40 | #10 |
/// Malware-holic | TR/Kazy.795 - Downloads sind nicht mehr möglich hi und was ist das: - Echtzeit-Scanner aktivieren ddarüber kannn man eshalt natürlich auch deaktivieren. lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
13.06.2013, 12:39 | #11 |
| TR/Kazy.795 - Downloads sind nicht mehr möglich Viele Dateien konnte ich nicht wirklich zuordnen. Hier der Text: Code:
ATTFilter Acronis*True*Image*Home 2011 Acronis 12.10.2011 235MB 14.0.5105 unnötig Adobe AIR Adobe Systems Inc. 01.06.2010 1.5.3.9120 unbekannt Adobe Community Help Adobe Systems Incorporated 01.06.2010 3.0.0.400 unbekannt Adobe Connect 9 Add-in Adobe Systems Incorporated 07.05.2013 11.2.261.0 unbekannt Adobe Connect Add-in 07.05.2013 unbekannt Adobe Creative Suite 5 Production Premium Adobe Systems Incorporated 19.03.2011 4,85GB 5.0 notwendig Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 12.06.2013 6,00MB 11.7.700.224 unbekannt Adobe Flash Player 11 Plugin Adobe Systems Incorporated 14.05.2013 6,00MB 11.7.700.202 unbekannt Adobe Media Player Adobe Systems Incorporated 01.06.2010 1.8 unbekannt Adobe Reader X (10.1.4) - Deutsch Adobe Systems Incorporated 24.09.2012 121MB 10.1.4 notwendig Adobe Shockwave Player 11.5 Adobe Systems, Inc. 16.06.2010 11.5.7.609 unbekannt Atheros Driver Installation Program Atheros 18.05.2010 8.0.0.225 unbekannt Avira Free Antivirus Avira 07.05.2013 136MB 13.0.0.3640 notwendig Avira SearchFree Toolbar plus Web Protection Ask.com 09.06.2012 4,66MB 1.15.2.0 unbekannt Avira SearchFree Toolbar plus Web Protection Updater Ask.com 09.06.2012 1.3.0.23268 unbekannt blaxxun Contact 10.03.2011 unbekannt CCleaner Piriform 24.05.2013 4.02 Compatibility Pack for the 2007 Office system Microsoft Corporation 10.01.2013 184MB 12.0.6612.1000 notwendig CrystalDiskInfo 5.0.0 Shizuku Edition Crystal Dew World 21.07.2012 5,40MB 5.0.0 unbekannt Der Verein im Netz 20120102-1 HGL-Informatik 13.03.2012 20120102-1 notwendig DivX-Setup DivX, LLC 23.01.2012 2.6.1.5 unbekannt Dropbox Dropbox, Inc. 07.06.2013 2.0.22 notwendig ElsterFormular Landesfinanzdirektion Thüringen 27.02.2013 221MB 14.0.0.10899 notwendig Facebook Video Calling 1.2.0.287 Skype Limited 24.10.2012 4,76MB 1.2.287 unbekannt FlashFXP v4.2 OpenSight Software, LLC 01.05.2012 4.2.2.1760 unbekannt FormatFactory 2.90 Free Time 26.02.2012 2.90 notwendig Free YouTube Download version 3.0.22.221 DVDVideoSoft Ltd. 04.03.2012 60,5MB 3.0.22.221 unbekannt FreePDF (Remove only) 03.06.2010 notwendig GIMP 2.6.10 The GIMP Team 08.08.2010 108MB 2.6.10 notwendig Google Chrome Google Inc. 21.04.2011 27.0.1453.110 notwendig Google Earth Plug-in Google 22.03.2013 80,7MB 7.0.3.8542 notwendig Google Talk Plugin Google 07.06.2013 20,1MB 4.0.1.13525 unbekannt Google Toolbar for Internet Explorer Google Inc. 18.12.2012 7.4.3607.2246 unbekannt GPL Ghostscript 8.71 03.06.2010 notwendig HP Color LaserJet CM1312 MFP Series 5.1 HP 14.06.2010 5.1 notwendig HP Customer Participation Program 10.0 HP 14.06.2010 10.0 unbekannt HP Imaging Device Functions 10.0 HP 14.06.2010 10.0 unbekannt HP OfficeJet L7400 Series HP 28.05.2010 13.0 notwendig Intel(R) Graphics Media Accelerator Driver Intel Corporation 18.05.2010 54,2MB 8.15.10.1892 unbekannt Intel(R) Matrix Storage Manager Intel Corporation 18.05.2010 unbekannt Intel(R) TV Wizard Intel Corporation 18.05.2010 unbekannt IrfanView (remove only) Irfan Skiljan 12.06.2010 1,50MB 4.27 notwendig Java 7 Update 11 Oracle 15.09.2012 128MB 7.0.110 unbekannt Java(TM) 6 Update 31 Oracle 26.03.2012 95,1MB 6.0.310 unbekannt Lexware Elster Haufe-Lexware GmbH & Co.KG 26.02.2012 74,8MB 10.25.00.0003 notwendig Lexware financial office Juli 2005 Lexware 01.11.2007 9.50 notwendig Lexware financial office pro 2012 Haufe-Lexware GmbH & Co.KG 26.02.2012 844MB 12.00.00.0124 notwendig Lexware Info Service Haufe-Lexware GmbH & Co.KG 26.02.2012 15,5MB 2.80.00.0007 unbekannt Lexware professional Datenbank 2012 Haufe-Lexware GmbH & Co.KG 26.02.2012 246MB 12.00.00.0115 notwendig Linkury Smartbar Linkury Inc. 14.02.2013 19,7MB 1.6.1.835 unnötig Linkury Smartbar Engine Linkury Inc. 15.02.2013 1.6.1.835 unnötig Malwarebytes Anti-Malware Version 1.75.0.1300 Malwarebytes Corporation 12.06.2013 19,2MB 1.75.0.1300 notwendig McAfee Security Scan Plus McAfee, Inc. 17.02.2013 10,2MB 3.0.318.3 unnötig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 25.06.2010 38,8MB 4.0.30319 unbekannt Microsoft Office File Validation Add-In Microsoft Corporation 14.03.2012 7,95MB 14.0.5130.5003 unbekannt Microsoft Office Professional Plus 2010 Microsoft Corporation 20.04.2013 14.0.6029.1000 notwendig Microsoft Silverlight Microsoft Corporation 14.03.2013 66,9MB 5.1.20125.0 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 24.07.2010 244KB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 26.02.2012 230KB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 18.05.2010 596KB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 05.02.2012 600KB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 13.02.2012 15,0MB 10.0.40219 unbekannt Microsoft Works 6-9 Converter Microsoft Corporation 13.04.2012 6,44MB 9.7.0000 unbekannt Mozilla Firefox 16.0.1 (x86 de) Mozilla 26.02.2013 42,9MB 16.0.1 notwendig Mozilla Maintenance Service Mozilla 26.02.2013 329KB 16.0.1 unbekannt MSXML 4.0 SP2 (KB954430) Microsoft Corporation 02.06.2010 1,27MB 4.20.9870.0 unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 02.06.2010 1,33MB 4.20.9876.0 unbekannt NETGEAR Powerline Utility Ihr Firmenname 01.03.2011 5,92MB 2.0.0.6 unbekannt NetxpVerein Netxp GmbH 11.04.2013 1.1.1.14 notwendig Notepad++ 22.08.2012 6.1.6 notwendig OpenProj Serena Software Inc. 25.10.2012 7,15MB 1.4.0 notwendig Picasa 3 Google, Inc. 24.07.2011 3.8 unnötig PixGEN v.2.8.4 Pixopolis KG 17.12.2012 71,1MB unnötig PrintKey2000 24.09.2010 notwendig Profi cash 27.03.2012 notwendig ProjectLibre ProjectLibre 14.04.2013 11,5MB 1.5.15.0 notwendig Realtek High Definition Audio Driver Realtek Semiconductor Corp. 18.05.2010 6.0.1.5911 unbekannt RedMon - Redirection Port Monitor 03.06.2010 unbekannt SanDisk ® Media Manager SanDisk 20.09.2012 132MB 2.1.0.4 unbekannt Skype Click to Call Skype Technologies S.A. 09.03.2012 28,7MB 5.9.9216 unbekannt Skype™ 6.3 Skype Technologies S.A. 06.05.2013 38,7MB 6.3.105 notwendig TeamViewer 8 TeamViewer 25.04.2013 8.0.18051 notwendig VLC media player 1.0.5 VideoLAN Team 01.06.2010 1.0.5 notwendig WinRAR archiver 18.05.2010 notwendig XAMPP 1.8.0 22.08.2012 nowendig XSManager XSManager 15.07.2011 3.0 unbekannt ZumoDrive Zecter Inc. 19.09.2010 unnötig |
13.06.2013, 13:37 | #12 |
/// Malware-holic | TR/Kazy.795 - Downloads sind nicht mehr möglich deinstaliere: Acronis Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Adobe Shockwave Avira SearchFree: beide Free YouTube Google Toolbar Java : beide downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: McAfee Picasa PixGEN ZumoDrive Öffne CCleaner analysieren, starten, pc neustarten Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
13.06.2013, 14:03 | #13 |
| TR/Kazy.795 - Downloads sind nicht mehr möglich Na, da habe ich ja noch etwas vor mir. Ich werde es allerdings heute nicht mehr schaffen und muss es auf die nächste Woche verschieben. Dennoch habe ich eine kurze Frage: Sind das jetzt allgemeine Maßnahmen zum Aufräumen auf dem Computer oder ist der Virus immer noch da? Kann bis Montag etwas anbrennen? |
13.06.2013, 14:26 | #14 |
/// Malware-holic | TR/Kazy.795 - Downloads sind nicht mehr möglich na wir haben schon noch 2 scans. nächste woche bin ich dann übrigens vllt im urlaub, ab donnerstag
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
17.09.2013, 23:15 | #15 |
| TR/Kazy.795 - Downloads sind nicht mehr möglich Hallo Markus, ich bin wieder zurueck. Durch Urlaub und Schulferien hat es sich nun leider ein wenig verzoegert. Auch dein Urlaub ist ja nun schon wieder eine Zeit her. Ich habe alle Deinstallierungsanweisungen befolgt und fuehre gerade den CCleaner aus. Ich versuche den naechsten Schritt heute noch zu schaffen. Vielen Dank fuer deine Hilfe, Richard Hallo Markus, es hat geklappt, hier ist der Inhalt der Textdatei des AdwCleaner: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.004 - Bericht erstellt am 18/09/2013 um 00:06:41 # Updated 15/09/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits) # Benutzername : Richard - RICHARD-PC # Gestartet von : C:\Users\Richard\Desktop\adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\Users\Richard\AppData\Local\PackageAware Ordner Gelöscht : C:\Users\Richard\AppData\Local\Smartbar Ordner Gelöscht : C:\Users\Richard\AppData\LocalLow\boost_interprocess Ordner Gelöscht : C:\Users\Richard\AppData\LocalLow\Smartbar Ordner Gelöscht : C:\Users\Richard\AppData\Roaming\OpenCandy Ordner Gelöscht : C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\xiz03qfu.default\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C} Ordner Gelöscht : C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl Datei Gelöscht : C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\xiz03qfu.default\searchplugins\Web Search.xml ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.BHO Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_flash-decompiler-trillix_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_flash-decompiler-trillix_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Schlüssel Gelöscht : HKCU\Software\SmartbarBackup Schlüssel Gelöscht : HKCU\Software\SmartbarLog Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B01AAC47-D5D7-4A9A-AFC0-1C2C23AE8991} ***** [ Browser ] ***** -\\ Internet Explorer v10.0.9200.16686 Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] -\\ Mozilla Firefox v16.0.1 (de) [ Datei : C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\xiz03qfu.default\prefs.js ] Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=a8aef8dd-62b8-4df3-97c8-6887b4d051d5&affid=111583&searchtype=nt&babsrc=lnkry_nt&installDate=01/01/1970"); Zeile gelöscht : user_pref("browser.search.selectedEngine", "Web Search"); Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=a8aef8dd-62b8-4df3-97c8-6887b4d051d5&affid=111583&searchtype=hp&babsrc=lnkry&installDate=01/01/1970"[...] Zeile gelöscht : user_pref("extensions.helperbar.Country", "Germany"); Zeile gelöscht : user_pref("extensions.helperbar.DockingPositionDown", false); Zeile gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false); Zeile gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false); Zeile gelöscht : user_pref("extensions.helperbar.UserID", "a8aef8dd-62b8-4df3-97c8-6887b4d051d5"); Zeile gelöscht : user_pref("extensions.helperbar.Visibility", false); Zeile gelöscht : user_pref("keyword.URL", "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=a8aef8dd-62b8-4df3-97c8-6887b4d051d5&affid=111583&searchtype=ds&babsrc=lnkry&installDate=01/01/1970&q="); -\\ Google Chrome v29.0.1547.66 [ Datei : C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\preferences ] Gelöscht : urls_to_restore_on_startup ************************* AdwCleaner[R0].txt - [8660 octets] - [18/09/2013 00:04:58] AdwCleaner[S0].txt - [7719 octets] - [18/09/2013 00:06:41] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7779 octets] ########## [/HTML] Du meintest in deinem letzten Post, dass wir noch 2 Scans haben. Dann bin ich mal gespannt. Vielen Dank, Richard |
Themen zu TR/Kazy.795 - Downloads sind nicht mehr möglich |
32 bit, autorun, avira searchfree toolbar, bho, browser, crystaldiskinfo, excel, flash player, format, hewlett packard, home, iexplore.exe, install.exe, java/jogek.bss, linkury, logfile, officejet, plug-in, realtek, richtlinie, rundll, scan, smartbar, tr/crypt.zpack.gen, tr/kazy.795, trojan.0access, trojan.agent.rn, virus |