|
Log-Analyse und Auswertung: Stress mit "HEUR:Exploit.Java.CVE-2012-1723.gen"Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
13.06.2013, 16:47 | #1 |
| Stress mit "HEUR:Exploit.Java.CVE-2012-1723.gen" Hallo Forumteilnehmer, Kaspersky Pure 3.0 fand auf meinem Laptop den Trojaner "HEUR:Exploit.Java.CVE-2012-1723.gen". Aus einem älteren Threat entnahm ich, dass das Ding richtig übel ist. Ich habe nun mit "OldTimer" ein logfile erstellt und bitte die, die wissen, wie man den Trojaner rückstandsfrei wieder los wird, um Hilfe. Ein Scan mit "Malwarebytes" (der läuft gerade noch) brachte schon mal mindestens 26 infizierte Objekte.... Aua... Ich freue mich über Eure Hilfe, mit bestem Dank crusherxxx Hier das OTL-logfile:OTL Logfile: Code:
ATTFilter OTL logfile created on: 13.06.2013 15:56:19 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bandick\Desktop\Systemgeschichten 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 2,07 Gb Available Physical Memory | 53,68% Memory free 7,71 Gb Paging File | 5,27 Gb Available in Paging File | 68,31% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 452,29 Gb Total Space | 279,72 Gb Free Space | 61,84% Space Free | Partition Type: NTFS Drive D: | 465,76 Gb Total Space | 465,66 Gb Free Space | 99,98% Space Free | Partition Type: NTFS Computer Name: BANDICK-VAIO | User Name: Bandick | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.13 15:50:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bandick\Desktop\Systemgeschichten\OTL.exe PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.03.25 22:41:31 | 019,721,728 | ---- | M] (Europe Support Ltd. N.V.) -- C:\Games\Game Alarm\gamealarm.exe PRC - [2013.02.18 12:50:44 | 000,590,848 | ---- | M] (Blabbers Communications Ltd) -- C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe PRC - [2013.02.08 15:55:20 | 001,644,680 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2013.01.10 11:02:16 | 000,844,144 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2013.01.10 11:02:12 | 000,310,128 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe PRC - [2013.01.10 11:02:08 | 001,475,952 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe PRC - [2012.12.21 14:32:50 | 000,819,040 | ---- | M] (Infowatch) -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe PRC - [2012.12.20 18:23:04 | 000,356,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe PRC - [2012.01.25 15:23:54 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe PRC - [2011.12.29 17:10:08 | 000,960,160 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe PRC - [2011.12.21 14:15:06 | 000,550,128 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe PRC - [2011.11.29 17:50:40 | 000,182,576 | ---- | M] (Blabbers Communications LTD) -- C:\Program Files (x86)\BrowserCompanion\BCHelper.exe PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.07.11 11:46:10 | 000,491,520 | ---- | M] () -- C:\Games\Game Alarm\Updater.exe PRC - [2011.02.14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Care\VCService.exe PRC - [2011.01.29 06:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Programme\Sony\VAIO Care\listener.exe PRC - [2011.01.17 19:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 19:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010.11.27 00:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe PRC - [2010.11.27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe PRC - [2010.06.20 22:47:18 | 000,108,400 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe PRC - [2010.06.20 22:47:16 | 000,099,696 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe PRC - [2010.06.20 22:47:16 | 000,067,952 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe PRC - [2010.06.18 08:07:12 | 000,423,280 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe PRC - [2010.05.31 20:18:32 | 000,217,968 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe PRC - [2010.05.31 20:18:32 | 000,120,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe PRC - [2010.05.31 18:01:52 | 000,673,136 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe PRC - [2010.05.28 22:02:57 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.05.28 22:02:38 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.03.04 05:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2009.10.09 06:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe PRC - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008.09.18 11:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe ========== Modules (No Company Name) ========== MOD - [2013.03.25 22:41:25 | 000,159,744 | ---- | M] () -- C:\Games\Game Alarm\rt\jetrt\baseline720.dll MOD - [2013.03.25 22:41:25 | 000,126,976 | ---- | M] () -- C:\Games\Game Alarm\rt\bin\zip.dll MOD - [2013.03.25 22:41:24 | 000,069,632 | ---- | M] () -- C:\Games\Game Alarm\rt\bin\java.dll MOD - [2013.03.25 22:41:24 | 000,020,480 | ---- | M] () -- C:\Games\Game Alarm\rt\bin\jetvm\jvm.dll MOD - [2013.02.15 12:21:31 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll MOD - [2013.02.14 22:13:30 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll MOD - [2013.01.15 23:25:41 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll MOD - [2013.01.13 21:14:31 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\dd2d0cf72eac6e5b113a0059aeb3cab5\IAStorUtil.ni.dll MOD - [2013.01.13 21:05:41 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01b47a246b4ec7bfec31bf4503aceda1\System.Runtime.Remoting.ni.dll MOD - [2013.01.13 21:05:03 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll MOD - [2013.01.13 21:04:37 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\82a4c4666ad83c3a375210247e69646b\WindowsBase.ni.dll MOD - [2013.01.13 21:04:29 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll MOD - [2013.01.13 21:04:26 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll MOD - [2013.01.13 21:04:25 | 007,974,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll MOD - [2013.01.13 21:04:20 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll MOD - [2013.01.12 03:52:23 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll MOD - [2013.01.12 03:52:11 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll MOD - [2013.01.12 03:52:04 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll MOD - [2013.01.12 03:52:00 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll MOD - [2013.01.12 03:51:59 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll MOD - [2013.01.12 03:51:57 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll MOD - [2013.01.12 03:51:55 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll MOD - [2013.01.12 03:51:50 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll MOD - [2012.12.20 18:19:26 | 000,479,752 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\dblite.dll MOD - [2012.03.11 17:11:00 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2012.03.11 17:11:00 | 000,170,496 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll MOD - [2011.08.07 13:54:44 | 000,362,029 | ---- | M] () -- C:\Program Files (x86)\BrowserCompanion\sqlite3.dll MOD - [2011.07.11 11:46:10 | 000,491,520 | ---- | M] () -- C:\Games\Game Alarm\Updater.exe MOD - [2010.11.25 18:09:26 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.25 18:09:23 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.01.29 06:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector) SRV:64bit: - [2010.10.08 08:55:08 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2013.06.12 14:02:11 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.06.05 15:11:52 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.21 14:32:50 | 000,819,040 | ---- | M] (Infowatch) [Auto | Running] -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv) SRV - [2012.12.20 18:23:04 | 000,356,968 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe -- (AVP) SRV - [2012.10.26 10:44:28 | 001,286,784 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Update\VUAgent.exe -- (VUAgent) SRV - [2012.01.25 15:23:54 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe -- (BBUpdate) SRV - [2012.01.25 15:23:54 | 000,192,792 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.exe -- (BBSvc) SRV - [2011.12.29 17:10:08 | 000,960,160 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw) SRV - [2011.12.21 14:15:06 | 000,550,128 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr) SRV - [2011.12.11 11:44:18 | 000,114,000 | ---- | M] (Joosoft.com GmbH) [Auto | Running] -- C:\Windows\SysWOW64\UpdSvc.dll -- (Update-Service) SRV - [2011.12.01 11:04:56 | 000,289,952 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService) SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.08.26 19:47:26 | 000,101,600 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper) SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011.02.14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Care\VCService.exe -- (VCService) SRV - [2010.11.27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2010.11.25 09:36:47 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service) SRV - [2010.11.25 09:27:27 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.06.21 19:00:52 | 000,575,856 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management) SRV - [2010.06.20 22:47:18 | 000,108,400 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp) SRV - [2010.06.20 22:47:16 | 000,067,952 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs) SRV - [2010.06.18 08:07:12 | 000,423,280 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms) SRV - [2010.06.09 16:56:02 | 000,384,880 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr) SRV - [2010.06.09 00:55:14 | 000,952,096 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2010.06.08 18:00:04 | 000,836,608 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService) SRV - [2010.06.01 16:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2010.05.31 20:18:32 | 000,217,968 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2010.05.28 22:02:57 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.05.28 22:02:38 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.10.09 06:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0) SRV - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2008.09.18 11:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor) SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.06.04 09:15:02 | 000,103,448 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2013.06.04 09:15:00 | 000,203,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2012.11.02 15:48:52 | 000,613,720 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2012.10.18 14:50:46 | 000,054,104 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi) DRV:64bit: - [2012.09.03 18:23:58 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2012.09.03 17:57:00 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt) DRV:64bit: - [2012.08.13 16:49:40 | 000,178,008 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps) DRV:64bit: - [2012.06.19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (Kl1) DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.06.02 14:39:44 | 000,084,536 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\CSCrySec.sys -- (CSCrySec) DRV:64bit: - [2011.06.02 14:39:44 | 000,066,616 | ---- | M] (Infowatch) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv) DRV:64bit: - [2011.06.02 07:47:22 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2011.06.02 07:47:22 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) DRV:64bit: - [2011.06.02 07:47:22 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) DRV:64bit: - [2011.04.01 10:23:04 | 000,045,160 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rsvcdwdr.sys -- (rsvcdwdr) DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.10.08 08:55:08 | 006,661,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2010.10.08 08:55:08 | 006,661,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.10.08 08:55:08 | 000,195,584 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.06.24 22:34:53 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010.06.24 22:33:43 | 010,326,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010.06.23 22:04:45 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2010.06.23 22:04:43 | 000,342,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl) DRV:64bit: - [2010.06.23 22:04:43 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2010.06.23 22:04:43 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010.06.23 22:04:09 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2010.06.23 22:03:07 | 000,078,848 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe) DRV:64bit: - [2010.06.23 22:02:59 | 000,094,208 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci) DRV:64bit: - [2010.05.31 23:36:54 | 000,299,568 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2010.05.31 23:36:48 | 000,402,720 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2010.05.31 23:36:41 | 001,573,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010.05.31 22:10:13 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2010.05.28 22:03:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010.05.28 22:02:36 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2010.04.26 22:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP) DRV:64bit: - [2010.03.04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.10.10 04:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2009.09.14 14:46:42 | 000,027,152 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.26 15:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) DRV:64bit: - [2008.06.16 04:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Bandick\Desktop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEE&bmod=SVEE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=101241&mntrId=a0c9eb560000000000004a0f6ed80f1b IE - HKCU\..\SearchScopes\{65F5E014-2DCF-45A5-B288-8EE74DA8EA55}: "URL" = hxxp://de.shopping.com/?linkin_id=8056363 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SVEE_de IE - HKCU\..\SearchScopes\{B8102FD8-6A6B-4E37-A599-0AE5FBA506C8}: "URL" = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices IE - HKCU\..\SearchScopes\{C8AFB312-20C2-4F2B-8AF2-5E7DD2193908}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-9/4?satitle={searchTerms} IE - HKCU\..\SearchScopes\{E4F3CD3A-DF3D-403D-AE04-A0D1EBD4AA08}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=06311987-63FB-4024-9212-769F21BE9726&apn_sauid=9AFE8EC9-7E45-4510-A157-0F6D3849F425 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.2.558 FF - prefs.js..extensions.enabledAddons: bbrs_002%40blabbers.com:1.0.5 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=06311987-63FB-4024-9212-769F21BE9726&apn_ptnrs=&apn_sauid=9AFE8EC9-7E45-4510-A157-0F6D3849F425&apn_dtid=OSJ000&&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2013.06.13 13:41:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2013.06.13 13:41:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2013.06.13 13:41:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2013.06.13 13:41:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2013.06.13 13:41:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.02 15:48:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bandick\AppData\Roaming\mozilla\Extensions [2013.02.18 15:00:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bandick\AppData\Roaming\mozilla\Firefox\Profiles\bsn6v8jn.default\extensions [2013.06.12 20:06:39 | 000,000,000 | ---D | M] (Ginyas Browser Companion) -- C:\Users\Bandick\AppData\Roaming\mozilla\Firefox\Profiles\bsn6v8jn.default\extensions\bbrs_002@blabbers.com [2013.05.15 11:22:57 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bandick\AppData\Roaming\mozilla\firefox\profiles\bsn6v8jn.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire [2013.04.01 20:30:26 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bandick\AppData\Roaming\mozilla\firefox\profiles\bsn6v8jn.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\1048fa0383ec8c1a4365d4bd4fed1de5_expire [2013.06.13 15:44:26 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bandick\AppData\Roaming\mozilla\firefox\profiles\bsn6v8jn.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\10876caa9bcaa0af0fd1b75ae00f4aec_expire [2013.03.01 20:01:23 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bandick\AppData\Roaming\mozilla\firefox\profiles\bsn6v8jn.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\1d8715bd00dbafbff504a0b9666c85e1_expire [2013.06.12 16:08:27 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bandick\AppData\Roaming\mozilla\firefox\profiles\bsn6v8jn.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\1dd4a0fdeff86d7113af5bf9018092d1_expire [2013.03.25 15:44:55 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bandick\AppData\Roaming\mozilla\firefox\profiles\bsn6v8jn.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2328e1768b820b18ab2f301c9ff88e2c_expire [2013.06.12 16:08:24 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bandick\AppData\Roaming\mozilla\firefox\profiles\bsn6v8jn.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\24779e9d2de93d13d7e07b527a1684d4_expire [2013.04.01 12:47:24 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bandick\AppData\Roaming\mozilla\firefox\profiles\bsn6v8jn.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\292124057d00cb0fa73db6b90d079658_expire [2013.02.19 14:10:28 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bandick\AppData\Roaming\mozilla\firefox\profiles\bsn6v8jn.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2a86ac4f3322238b4f27d14a09839275_expire [2013.03.25 15:44:43 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bandick\AppData\Roaming\mozilla\firefox\profiles\bsn6v8jn.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\38126fd00e0eb9d5ca912a5939b4755d_expire [2013.03.22 13:03:18 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bandick\AppData\Roaming\mozilla\firefox\profiles\bsn6v8jn.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3d7ac6206caeabc3e5955ad4ede73a32_expire [2013.06.08 12:55:17 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bandick\AppData\Roaming\mozilla\firefox\profiles\bsn6v8jn.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4d3d10bd28ff623813254a49b26be41f_expire [2013.06.12 16:08:27 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bandick\AppData\Roaming\mozilla\firefox\profiles\bsn6v8jn.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\530e52021dc20843b1aa62957edeb9f8_expire [2013.06.12 16:08:22 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bandick\AppData\Roaming\mozilla\firefox\profiles\bsn6v8jn.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\5691d473cfba278d3447854176adcc42_expire [2013.03.25 15:44:41 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bandick\AppData\Roaming\mozilla\firefox\profiles\bsn6v8jn.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\5c07ce6ac7fa7b9ff2f3fd7a4d77eef8_expire [2013.06.12 16:08:27 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bandick\AppData\Roaming\mozilla\firefox\profiles\bsn6v8jn.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\5cdf8a7ef2ec84abac286c67587b78d9_expire [2013.03.29 20:31:30 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bandick\AppData\Roaming\mozilla\firefox\profiles\bsn6v8jn.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\72891ec935a3d247f2da6562ef29a005_expire [2013.02.19 14:10:29 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bandick\AppData\Roaming\mozilla\firefox\profiles\bsn6v8jn.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\9ef5e4c08312c8e6d81dfd42b7176e39_expire [2013.03.25 15:44:43 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bandick\AppData\Roaming\mozilla\firefox\profiles\bsn6v8jn.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a2853631512ec717cfd936b9a1f41b5c_expire [2013.03.29 20:31:30 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bandick\AppData\Roaming\mozilla\firefox\profiles\bsn6v8jn.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire [2013.03.29 20:31:29 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bandick\AppData\Roaming\mozilla\firefox\profiles\bsn6v8jn.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a7e0abb80dabcdbb6dbaec920aa126a0_expire [2013.03.01 20:01:23 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bandick\AppData\Roaming\mozilla\firefox\profiles\bsn6v8jn.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\addabc0e1349eebead03532357f33ad8_expire [2013.06.13 15:44:26 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bandick\AppData\Roaming\mozilla\firefox\profiles\bsn6v8jn.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\b4e6d346c3e211a88a4175dba0d9e052_expire [2013.03.29 18:33:21 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bandick\AppData\Roaming\mozilla\firefox\profiles\bsn6v8jn.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\bf73732e1f0b76bac435293ba3880579_expire [2013.06.13 15:44:26 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bandick\AppData\Roaming\mozilla\firefox\profiles\bsn6v8jn.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e440d29f88739418e905adc0a155a174_expire [2013.04.01 20:30:26 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bandick\AppData\Roaming\mozilla\firefox\profiles\bsn6v8jn.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e7d8325da90d91d3c4e7720f0e629e17_expire [2013.06.12 16:08:22 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bandick\AppData\Roaming\mozilla\firefox\profiles\bsn6v8jn.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e919434ec29526b28593c426e4264271_expire [2013.04.01 12:47:25 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bandick\AppData\Roaming\mozilla\firefox\profiles\bsn6v8jn.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f03527c67e08602d2e4c18ae7867300d_expire [2013.03.22 13:03:18 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bandick\AppData\Roaming\mozilla\firefox\profiles\bsn6v8jn.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f1586b879e32b889596b836c8855994f_expire [2013.06.13 15:00:41 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bandick\AppData\Roaming\mozilla\firefox\profiles\bsn6v8jn.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f6bac299a1c952b358a64e75e2e51dbd_expire [2013.06.08 12:55:17 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bandick\AppData\Roaming\mozilla\firefox\profiles\bsn6v8jn.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire [2013.03.22 13:03:18 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bandick\AppData\Roaming\mozilla\firefox\profiles\bsn6v8jn.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\fd884a02221ff58a33d44bd2b23a7ab9_expire [2013.06.08 12:55:17 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bandick\AppData\Roaming\mozilla\firefox\profiles\bsn6v8jn.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire [2013.06.13 13:43:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.06.05 15:11:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.06.05 15:11:52 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.06.13 13:41:51 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY PURE 3.0\FFEXT\ANTI_BANNER@KASPERSKY.COM ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SVEE_de CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://www.google.de/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\gcswf32.dll CHR - plugin: (Enabled) = C:\Users\Bandick\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej\1.0.5_0\chromeNPAPI.dll CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Bandick\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Bandick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.1_0\ CHR - Extension: YouTube = C:\Users\Bandick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Ginyas Browser Companion = C:\Users\Bandick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\ CHR - Extension: Browser Companion Helper = C:\Users\Bandick\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej\1.0.5_1\ CHR - Extension: Google-Suche = C:\Users\Bandick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Bandick\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.2.558_0\ CHR - Extension: Sicherer Zahlungsverkehr = C:\Users\Bandick\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.2.558_0\ CHR - Extension: Virtuelle Tastatur = C:\Users\Bandick\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.2.558_0\ CHR - Extension: Skype Click to Call = C:\Users\Bandick\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\ CHR - Extension: Google Mail = C:\Users\Bandick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ CHR - Extension: Anti-Banner = C:\Users\Bandick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.2.558_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (Ginyas Browser Companion) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll ( ) O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O2 - BHO: (Kaspersky Passsword Manager Toolbar) - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\PROGRA~2\KASPER~1\KASPER~1.0\KASPER~2\spIEBho.dll (Kaspersky Lab) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.) O2 - BHO: (Ginyas Browser Companion Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll (Blabbers Communications Ltd) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Kaspersky Passsword Manager Toolbar) - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\PROGRA~2\KASPER~1\KASPER~1.0\KASPER~2\spIEBho.dll (Kaspersky Lab) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [Browser companion helper] C:\Program Files (x86)\BrowserCompanion\BCHelper.exe (Blabbers Communications LTD) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [SHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe (Sony Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKCU..\Run: [CAHeadless] C:\Program Files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [HP Officejet Pro 8600 (NET)] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - Startup: C:\Users\Bandick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Game Alarm.lnk = C:\Games\Game Alarm\gamealarm.exe (Europe Support Ltd. N.V.) O4 - Startup: C:\Users\Bandick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm () O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://navigram.com/engine/v1026/Navigram.cab (Navigram Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.21.2) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.21.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{423D4F55-13A2-4D2E-BBDA-A1774A136043}: DhcpNameServer = 195.184.96.2 213.173.225.86 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3593B11-7940-4EF9-BF6F-C86A919D5698}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\base64 - No CLSID value found O18:64bit: - Protocol\Handler\chrome - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\prox - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 0 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - ActiveX:64bit: >{F65A5BD6-CBD5-44BB-92EE-7CD500DC5948} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {1CF85E3B-94DD-98BE-2745-CD83E96D0DAD} - Microsoft Windows Media Player ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {68CDBC7D-3B25-B622-3504-527BD5DF2B15} - Microsoft Windows Media Player ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error. ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.06.13 14:03:00 | 000,000,000 | ---D | C] -- C:\Users\Bandick\Desktop\Programmverknüpfungen [2013.06.13 13:43:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0 [2013.06.13 13:43:08 | 000,000,000 | --SD | C] -- C:\Users\Bandick\Documents\Passwords Database [2013.06.13 13:42:45 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll [2013.06.13 13:42:06 | 000,066,616 | ---- | C] (Infowatch) -- C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys [2013.06.13 13:42:01 | 000,084,536 | ---- | C] (Infowatch) -- C:\Windows\SysNative\drivers\CSCrySec.sys [2013.06.13 13:41:53 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP [2013.06.12 14:01:13 | 000,000,000 | ---D | C] -- C:\Users\Bandick\Desktop\Systemgeschichten [2013.06.12 10:52:16 | 000,000,000 | -HSD | C] -- C:\found.000 [2013.06.10 16:21:35 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump [2013.06.08 11:58:05 | 000,000,000 | ---D | C] -- C:\Users\Bandick\AppData\Local\{601B15EB-096C-4F37-AB46-86C1DAD9995D} [2013.06.06 22:44:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft [2013.06.06 22:43:27 | 000,000,000 | ---D | C] -- C:\Users\Bandick\AppData\Roaming\HpUpdate [2013.06.06 22:43:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2013.06.06 22:42:34 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2013.06.06 22:42:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP [2013.06.06 22:42:02 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2013.06.06 22:41:20 | 000,000,000 | ---D | C] -- C:\Users\Bandick\AppData\Local\HP [2013.06.06 14:26:43 | 000,000,000 | ---D | C] -- C:\Users\Bandick\AppData\Local\{8F0C5B3B-F0D4-4050-8143-C131C751AD00} [2013.06.05 15:11:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.06.04 09:15:02 | 000,103,448 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys [2013.06.04 09:15:00 | 000,203,672 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys [2013.03.25 22:34:46 | 220,912,408 | ---- | C] (Greentube GmbH) -- C:\Users\Bandick\DE-SkiChallenge13.exe [2012.07.25 08:44:09 | 009,226,440 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Bandick\install_flash_player_ax.exe [77 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\Users\Bandick\Desktop\*.tmp files -> C:\Users\Bandick\Desktop\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.13 16:00:00 | 000,000,994 | ---- | M] () -- C:\Windows\tasks\GinyasBrowserCompanion Runner.job [2013.06.13 15:36:05 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GinyasBrowserCompanion Stats Report.job [2013.06.13 15:31:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.13 15:24:25 | 000,361,664 | ---- | M] () -- C:\test.xml [2013.06.13 15:02:07 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.13 14:26:34 | 000,000,162 | -H-- | M] () -- C:\Users\Bandick\Desktop\~$ DO Liste aktuell.rtf [2013.06.13 14:25:43 | 000,000,700 | ---- | M] () -- C:\Users\Bandick\Desktop\TO DO Liste aktuell.rtf [2013.06.13 14:24:27 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.13 14:24:27 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.13 14:23:52 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.13 14:23:52 | 000,654,852 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.13 14:23:52 | 000,616,694 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.13 14:23:52 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.13 14:23:52 | 000,106,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.13 14:17:01 | 000,000,994 | ---- | M] () -- C:\Windows\tasks\GinyasBrowserCompanion Chrome Watcher.job [2013.06.13 14:17:00 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\GinyasBrowserCompanion Update Checker.job [2013.06.13 14:16:58 | 000,001,934 | ---- | M] () -- C:\Users\Bandick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk [2013.06.13 14:16:57 | 000,000,994 | ---- | M] () -- C:\Windows\tasks\GinyasBrowserCompanion FireFox Watcher.job [2013.06.13 14:16:55 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.13 14:16:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.13 14:16:15 | 3106,480,128 | -HS- | M] () -- C:\hiberfil.sys [2013.06.13 13:47:21 | 000,002,216 | ---- | M] () -- C:\Users\Bandick\Desktop\Sicherer Zahlungsverkehr.lnk [2013.06.13 13:42:46 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk [2013.06.06 22:43:25 | 000,002,200 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet Pro 8600.lnk [2013.06.06 22:43:25 | 000,001,152 | ---- | M] () -- C:\Users\Public\Desktop\Shop für Zubehör - HP Officejet Pro 8600.lnk [2013.06.06 22:41:56 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini [2013.06.04 09:15:02 | 000,103,448 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys [2013.06.04 09:15:00 | 000,203,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys [2013.06.01 03:24:25 | 000,402,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [77 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\Users\Bandick\Desktop\*.tmp files -> C:\Users\Bandick\Desktop\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.13 14:26:34 | 000,000,162 | -H-- | C] () -- C:\Users\Bandick\Desktop\~$ DO Liste aktuell.rtf [2013.06.13 14:25:43 | 000,000,700 | ---- | C] () -- C:\Users\Bandick\Desktop\TO DO Liste aktuell.rtf [2013.06.13 13:47:21 | 000,002,216 | ---- | C] () -- C:\Users\Bandick\Desktop\Sicherer Zahlungsverkehr.lnk [2013.06.13 13:43:38 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk [2013.06.06 22:50:30 | 000,001,934 | ---- | C] () -- C:\Users\Bandick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk [2013.06.06 22:43:40 | 000,000,968 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk [2013.06.06 22:43:25 | 000,002,200 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8600.lnk [2013.06.06 22:43:25 | 000,001,152 | ---- | C] () -- C:\Users\Public\Desktop\Shop für Zubehör - HP Officejet Pro 8600.lnk [2013.06.06 22:41:56 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2013.05.31 08:01:39 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.04.02 11:59:28 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2012.12.05 10:46:58 | 000,007,647 | ---- | C] () -- C:\Users\Bandick\AppData\Local\Resmon.ResmonCfg [2011.09.16 11:54:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.09.16 11:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.09.16 11:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.09.16 11:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.09.16 11:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.06.10 23:24:47 | 000,017,408 | ---- | C] () -- C:\Users\Bandick\AppData\Local\WebpageIcons.db [2011.05.11 23:07:53 | 000,000,040 | ---- | C] () -- C:\Users\Bandick\AppData\Roaming\cdr.ini [2011.04.09 13:26:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.01.19 13:34:42 | 003,003,392 | ---- | C] () -- C:\Program Files\openofficeorg33.msi [2011.01.19 13:33:04 | 000,475,016 | ---- | C] () -- C:\Program Files\setup.exe [2011.01.19 13:30:10 | 142,700,671 | ---- | C] () -- C:\Program Files\openofficeorg1.cab [2011.01.19 12:15:26 | 000,000,290 | ---- | C] () -- C:\Program Files\setup.ini [2007.03.12 19:59:00 | 000,299,008 | ---- | C] () -- C:\Program Files (x86)\navigram_register.exe ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.05.08 21:57:40 | 000,000,000 | ---D | M] -- C:\Users\Bandick\AppData\Roaming\Auslogics [2011.12.11 11:50:16 | 000,000,000 | ---D | M] -- C:\Users\Bandick\AppData\Roaming\Babylon [2011.08.10 09:56:59 | 000,000,000 | ---D | M] -- C:\Users\Bandick\AppData\Roaming\MAGIX [2011.07.24 22:00:43 | 000,000,000 | ---D | M] -- C:\Users\Bandick\AppData\Roaming\No Company Name [2012.03.11 17:16:25 | 000,000,000 | ---D | M] -- C:\Users\Bandick\AppData\Roaming\OpenOffice.org [2011.07.10 05:01:15 | 000,000,000 | ---D | M] -- C:\Users\Bandick\AppData\Roaming\SaalDesignSoftware [2013.02.10 20:25:07 | 000,000,000 | ---D | M] -- C:\Users\Bandick\AppData\Roaming\Samsung [2013.06.13 14:26:35 | 000,000,000 | ---D | M] -- C:\Users\Bandick\AppData\Roaming\SoftGrid Client [2011.12.11 13:02:48 | 000,000,000 | ---D | M] -- C:\Users\Bandick\AppData\Roaming\Stentec [2011.04.09 12:45:47 | 000,000,000 | ---D | M] -- C:\Users\Bandick\AppData\Roaming\TP [2012.04.22 07:40:59 | 000,000,000 | ---D | M] -- C:\Users\Bandick\AppData\Roaming\Windows Live Writer ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.03.11 12:37:02 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2013.06.13 13:44:58 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2010.11.25 09:24:18 | 000,000,000 | ---D | M] -- C:\Documentation [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.04.09 12:33:29 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2013.06.12 10:52:16 | 000,000,000 | -HSD | M] -- C:\found.000 [2013.03.25 22:41:22 | 000,000,000 | ---D | M] -- C:\Games [2010.10.12 18:56:10 | 000,000,000 | ---D | M] -- C:\Intel [2011.06.15 22:01:49 | 000,000,000 | ---D | M] -- C:\Macromedia [2012.12.02 15:46:58 | 000,000,000 | ---D | M] -- C:\Mozilla [2013.06.11 16:29:32 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.06.06 22:42:02 | 000,000,000 | R--D | M] -- C:\Program Files [2013.06.12 11:04:41 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2013.06.13 13:43:25 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.04.09 12:33:29 | 000,000,000 | -HSD | M] -- C:\Programme [2011.06.16 00:36:31 | 000,000,000 | ---D | M] -- C:\Sony Corporation [2010.11.25 09:49:58 | 000,000,000 | -H-D | M] -- C:\SPLASH.000 [2012.12.16 14:50:40 | 000,000,000 | -H-D | M] -- C:\SPLASH.SYS [2013.06.13 15:58:39 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.05.20 14:56:52 | 000,000,000 | ---D | M] -- C:\Temp [2013.06.07 11:31:00 | 000,000,000 | ---D | M] -- C:\Update [2011.04.09 12:33:42 | 000,000,000 | R--D | M] -- C:\Users [2011.04.10 16:38:21 | 000,000,000 | ---D | M] -- C:\VAIO Entertainment [2010.11.25 09:57:07 | 000,000,000 | ---D | M] -- C:\VAIO Sample Contents [2011.12.11 11:32:01 | 000,000,000 | ---D | M] -- C:\Virtual Sailor [2013.06.13 13:41:53 | 000,000,000 | ---D | M] -- C:\Windows [2010.11.25 09:24:20 | 000,000,000 | ---D | M] -- C:\_FS_SWRINFO < %PROGRAMFILES%\*.exe > [2007.03.12 19:59:00 | 000,299,008 | ---- | M] () -- C:\Program Files (x86)\navigram_register.exe < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2009.07.14 03:14:11 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [77 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] [2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2010.11.25 09:36:14 | 000,001,120 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2010.11.25 09:36:15 | 000,001,124 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2011.07.29 00:04:48 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.04.20 07:35:19 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [2013.02.18 15:00:11 | 000,000,994 | ---- | C] () -- C:\Windows\Tasks\GinyasBrowserCompanion FireFox Watcher.job [2013.02.18 15:00:22 | 000,000,994 | ---- | C] () -- C:\Windows\Tasks\GinyasBrowserCompanion Chrome Watcher.job [2013.02.18 15:00:24 | 000,001,042 | ---- | C] () -- C:\Windows\Tasks\GinyasBrowserCompanion Stats Report.job [2013.02.18 15:00:27 | 000,000,926 | ---- | C] () -- C:\Windows\Tasks\GinyasBrowserCompanion Update Checker.job [2013.02.18 15:00:27 | 000,000,994 | ---- | C] () -- C:\Windows\Tasks\GinyasBrowserCompanion Runner.job < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe [2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: IASTOR.SYS > [2010.03.04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\drivers\iaStor.sys [2010.03.04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_78ebae21a80aa2b4\iaStor.sys < MD5 for: IASTORV.SYS > [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll < MD5 for: USERINIT.EXE > [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe < MD5 for: WINLOGON.EXE > [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [77 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < %USERPROFILE%\*.* > [2013.03.25 22:37:04 | 220,912,408 | ---- | M] (Greentube GmbH) -- C:\Users\Bandick\DE-SkiChallenge13.exe [2012.07.25 08:44:19 | 009,226,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Bandick\install_flash_player_ax.exe [2013.06.13 16:12:18 | 003,407,872 | -HS- | M] () -- C:\Users\Bandick\ntuser.dat [2013.06.13 16:12:18 | 000,262,144 | -HS- | M] () -- C:\Users\Bandick\ntuser.dat.LOG1 [2011.04.09 12:33:45 | 000,000,000 | -HS- | M] () -- C:\Users\Bandick\ntuser.dat.LOG2 [2011.04.09 13:43:42 | 000,065,536 | -HS- | M] () -- C:\Users\Bandick\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2011.04.09 13:43:42 | 000,524,288 | -HS- | M] () -- C:\Users\Bandick\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2011.04.09 13:43:42 | 000,524,288 | -HS- | M] () -- C:\Users\Bandick\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2013.05.14 22:00:42 | 000,065,536 | -HS- | M] () -- C:\Users\Bandick\ntuser.dat{270a3bbd-bcc7-11e2-b295-90004ea9f275}.TM.blf [2013.05.14 22:00:42 | 000,524,288 | -HS- | M] () -- C:\Users\Bandick\ntuser.dat{270a3bbd-bcc7-11e2-b295-90004ea9f275}.TMContainer00000000000000000001.regtrans-ms [2013.05.14 22:00:42 | 000,524,288 | -HS- | M] () -- C:\Users\Bandick\ntuser.dat{270a3bbd-bcc7-11e2-b295-90004ea9f275}.TMContainer00000000000000000002.regtrans-ms [2013.06.12 21:52:00 | 000,065,536 | -HS- | M] () -- C:\Users\Bandick\ntuser.dat{8c1d7101-d378-11e2-b0cd-f0bf97127ca6}.TM.blf [2013.06.12 21:52:00 | 000,524,288 | -HS- | M] () -- C:\Users\Bandick\ntuser.dat{8c1d7101-d378-11e2-b0cd-f0bf97127ca6}.TMContainer00000000000000000001.regtrans-ms [2013.06.12 21:52:00 | 000,524,288 | -HS- | M] () -- C:\Users\Bandick\ntuser.dat{8c1d7101-d378-11e2-b0cd-f0bf97127ca6}.TMContainer00000000000000000002.regtrans-ms [2013.06.11 17:09:30 | 000,065,536 | -HS- | M] () -- C:\Users\Bandick\ntuser.dat{e025e6da-d2a1-11e2-917b-c201ccbdc9d4}.TM.blf [2013.06.11 17:09:30 | 000,524,288 | -HS- | M] () -- C:\Users\Bandick\ntuser.dat{e025e6da-d2a1-11e2-917b-c201ccbdc9d4}.TMContainer00000000000000000001.regtrans-ms [2013.06.11 17:09:30 | 000,524,288 | -HS- | M] () -- C:\Users\Bandick\ntuser.dat{e025e6da-d2a1-11e2-917b-c201ccbdc9d4}.TMContainer00000000000000000002.regtrans-ms [2011.04.09 12:33:45 | 000,000,020 | -HS- | M] () -- C:\Users\Bandick\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ========== Files - Unicode (All) ========== [2011.04.14 05:57:14 | 000,000,040 | ---- | M] ()(C:\Windows\SysNative\?Ä) -- C:\Windows\SysNative\ꋀÄ [2011.04.14 05:57:14 | 000,000,040 | ---- | C] ()(C:\Windows\SysNative\?Ä) -- C:\Windows\SysNative\ꋀÄ < End of report > |
13.06.2013, 16:50 | #2 |
/// Malware-holic | Stress mit "HEUR:Exploit.Java.CVE-2012-1723.gen" Hi,
__________________Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
13.06.2013, 17:22 | #3 |
| Stress mit "HEUR:Exploit.Java.CVE-2012-1723.gen" Der Scan mit dem TDSS-Killer ergab folgenden Report:
__________________18:13:55.0265 1192 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 18:13:55.0428 1192 ============================================================ 18:13:55.0428 1192 Current date / time: 2013/06/13 18:13:55.0428 18:13:55.0428 1192 SystemInfo: 18:13:55.0428 1192 18:13:55.0429 1192 OS Version: 6.1.7600 ServicePack: 0.0 18:13:55.0429 1192 Product type: Workstation 18:13:55.0429 1192 ComputerName: BANDICK-VAIO 18:13:55.0429 1192 UserName: Bandick 18:13:55.0429 1192 Windows directory: C:\Windows 18:13:55.0429 1192 System windows directory: C:\Windows 18:13:55.0429 1192 Running under WOW64 18:13:55.0429 1192 Processor architecture: Intel x64 18:13:55.0429 1192 Number of processors: 4 18:13:55.0429 1192 Page size: 0x1000 18:13:55.0429 1192 Boot type: Normal boot 18:13:55.0429 1192 ============================================================ 18:13:56.0289 1192 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 18:13:56.0291 1192 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 18:13:56.0295 1192 ============================================================ 18:13:56.0295 1192 \Device\Harddisk0\DR0: 18:13:56.0296 1192 MBR partitions: 18:13:56.0296 1192 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1ABF000, BlocksNum 0x32000 18:13:56.0296 1192 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1AF1000, BlocksNum 0x38894830 18:13:56.0296 1192 \Device\Harddisk1\DR1: 18:13:56.0296 1192 MBR partitions: 18:13:56.0297 1192 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x1000, BlocksNum 0x3A384800 18:13:56.0297 1192 ============================================================ 18:13:56.0392 1192 C: <-> \Device\Harddisk0\DR0\Partition2 18:13:56.0393 1192 D: <-> \Device\Harddisk1\DR1\Partition1 18:13:56.0394 1192 ============================================================ 18:13:56.0394 1192 Initialize success 18:13:56.0394 1192 ============================================================ 18:15:45.0403 5940 ============================================================ 18:15:45.0403 5940 Scan started 18:15:45.0403 5940 Mode: Manual; SigCheck; TDLFS; 18:15:45.0403 5940 ============================================================ 18:15:45.0668 5940 ================ Scan system memory ======================== 18:15:45.0668 5940 System memory - ok 18:15:45.0668 5940 ================ Scan services ============================= 18:15:45.0949 5940 [ 969C91060CBB5D17CB8440B5F78B4C51 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 18:15:46.0152 5940 1394ohci - ok 18:15:46.0261 5940 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe 18:15:46.0308 5940 ACDaemon - ok 18:15:46.0370 5940 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\drivers\ACPI.sys 18:15:46.0401 5940 ACPI - ok 18:15:46.0464 5940 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 18:15:46.0557 5940 AcpiPmi - ok 18:15:46.0682 5940 [ 34400005DE52842C4D6D4EE978B4D7CE ] AdobeActiveFileMonitor8.0 C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe 18:15:46.0698 5940 AdobeActiveFileMonitor8.0 - ok 18:15:46.0854 5940 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 18:15:46.0869 5940 AdobeARMservice - ok 18:15:47.0150 5940 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 18:15:47.0181 5940 AdobeFlashPlayerUpdateSvc - ok 18:15:47.0275 5940 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 18:15:47.0322 5940 adp94xx - ok 18:15:47.0368 5940 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 18:15:47.0415 5940 adpahci - ok 18:15:47.0478 5940 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 18:15:47.0524 5940 adpu320 - ok 18:15:47.0556 5940 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 18:15:47.0649 5940 AeLookupSvc - ok 18:15:47.0727 5940 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys 18:15:47.0821 5940 AFD - ok 18:15:47.0899 5940 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 18:15:47.0914 5940 agp440 - ok 18:15:48.0008 5940 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 18:15:48.0086 5940 ALG - ok 18:15:48.0148 5940 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 18:15:48.0180 5940 aliide - ok 18:15:48.0242 5940 [ 3F9B03B72577A6A7405BF30801CBD159 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 18:15:48.0351 5940 AMD External Events Utility - ok 18:15:48.0414 5940 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 18:15:48.0445 5940 amdide - ok 18:15:48.0492 5940 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 18:15:48.0570 5940 AmdK8 - ok 18:15:48.0850 5940 [ EA244A8B88DE8B5986BF3B7903B063AF ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 18:15:49.0084 5940 amdkmdag - ok 18:15:49.0162 5940 [ DCA6E341A4A7C31EA8A14C6166C9B249 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 18:15:49.0209 5940 amdkmdap - ok 18:15:49.0272 5940 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 18:15:49.0318 5940 AmdPPM - ok 18:15:49.0365 5940 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys 18:15:49.0396 5940 amdsata - ok 18:15:49.0459 5940 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 18:15:49.0474 5940 amdsbs - ok 18:15:49.0490 5940 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys 18:15:49.0506 5940 amdxata - ok 18:15:49.0568 5940 [ 2D45F2DFBC3D8F53DF7EBEFFA8C9BC38 ] ApfiltrService C:\Windows\system32\drivers\Apfiltr.sys 18:15:49.0599 5940 ApfiltrService - ok 18:15:49.0677 5940 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys 18:15:49.0786 5940 AppID - ok 18:15:49.0802 5940 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 18:15:49.0864 5940 AppIDSvc - ok 18:15:49.0942 5940 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll 18:15:50.0005 5940 Appinfo - ok 18:15:50.0067 5940 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 18:15:50.0098 5940 arc - ok 18:15:50.0130 5940 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 18:15:50.0145 5940 arcsas - ok 18:15:50.0208 5940 [ C130BC4A51B1382B2BE8E44579EC4C0A ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys 18:15:50.0239 5940 ArcSoftKsUFilter - ok 18:15:50.0286 5940 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 18:15:50.0379 5940 AsyncMac - ok 18:15:50.0442 5940 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 18:15:50.0473 5940 atapi - ok 18:15:50.0566 5940 [ CCA705CDF038D5BC243203CE4416B345 ] athr C:\Windows\system32\DRIVERS\athrx.sys 18:15:50.0707 5940 athr - ok 18:15:50.0941 5940 [ EA244A8B88DE8B5986BF3B7903B063AF ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys 18:15:51.0034 5940 atikmdag - ok 18:15:51.0097 5940 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 18:15:51.0222 5940 AudioEndpointBuilder - ok 18:15:51.0237 5940 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll 18:15:51.0284 5940 AudioSrv - ok 18:15:51.0440 5940 AVP - ok 18:15:51.0502 5940 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll 18:15:51.0612 5940 AxInstSV - ok 18:15:51.0721 5940 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 18:15:51.0830 5940 b06bdrv - ok 18:15:51.0908 5940 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 18:15:51.0970 5940 b57nd60a - ok 18:15:52.0095 5940 [ 4BEFF67C1775D353A16A62347E727874 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.exe 18:15:52.0126 5940 BBSvc - ok 18:15:52.0173 5940 [ A6DAAD3EA93DBDBD07FA821BCED133F6 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe 18:15:52.0189 5940 BBUpdate - ok 18:15:52.0282 5940 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 18:15:52.0360 5940 BDESVC - ok 18:15:52.0423 5940 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 18:15:52.0501 5940 Beep - ok 18:15:52.0610 5940 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll 18:15:52.0704 5940 BFE - ok 18:15:52.0797 5940 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll 18:15:52.0953 5940 BITS - ok 18:15:53.0016 5940 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 18:15:53.0062 5940 blbdrive - ok 18:15:53.0109 5940 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 18:15:53.0187 5940 bowser - ok 18:15:53.0234 5940 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 18:15:53.0296 5940 BrFiltLo - ok 18:15:53.0312 5940 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 18:15:53.0343 5940 BrFiltUp - ok 18:15:53.0421 5940 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll 18:15:53.0499 5940 Browser - ok 18:15:53.0530 5940 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 18:15:53.0624 5940 Brserid - ok 18:15:53.0640 5940 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 18:15:53.0702 5940 BrSerWdm - ok 18:15:53.0749 5940 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 18:15:53.0811 5940 BrUsbMdm - ok 18:15:53.0842 5940 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 18:15:53.0905 5940 BrUsbSer - ok 18:15:53.0967 5940 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys 18:15:54.0030 5940 BthEnum - ok 18:15:54.0092 5940 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 18:15:54.0139 5940 BTHMODEM - ok 18:15:54.0217 5940 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 18:15:54.0264 5940 BthPan - ok 18:15:54.0373 5940 [ D59773C7FDD3D795D6FE402EEEA8D71E ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys 18:15:54.0451 5940 BTHPORT - ok 18:15:54.0513 5940 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 18:15:54.0607 5940 bthserv - ok 18:15:54.0654 5940 [ 8504842634DD144C075B6B0C982CCEC4 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys 18:15:54.0700 5940 BTHUSB - ok 18:15:54.0778 5940 [ 59E3510784548C6939C1B3B985C232E3 ] btwampfl C:\Windows\system32\drivers\btwampfl.sys 18:15:54.0810 5940 btwampfl - ok 18:15:54.0856 5940 [ 1872074ED0A3FB22E3F1E3197B984BFA ] btwaudio C:\Windows\system32\drivers\btwaudio.sys 18:15:54.0872 5940 btwaudio - ok 18:15:54.0950 5940 [ 691CF076C33AB1C3A5B2FD5450300733 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys 18:15:54.0966 5940 btwavdt - ok 18:15:55.0106 5940 [ 8BA6E93A182126781952A7895EC1E4B2 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe 18:15:55.0168 5940 btwdins - ok 18:15:55.0184 5940 [ 07096D2BC22CCB6CEA5A532DF0BE8A75 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys 18:15:55.0200 5940 btwl2cap - ok 18:15:55.0262 5940 [ C9273B20DEC8CE38DBCE5D29DE63C907 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys 18:15:55.0278 5940 btwrchid - ok 18:15:55.0324 5940 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 18:15:55.0371 5940 cdfs - ok 18:15:55.0418 5940 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 18:15:55.0480 5940 cdrom - ok 18:15:55.0543 5940 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll 18:15:55.0636 5940 CertPropSvc - ok 18:15:55.0683 5940 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 18:15:55.0730 5940 circlass - ok 18:15:55.0777 5940 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 18:15:55.0808 5940 CLFS - ok 18:15:56.0011 5940 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 18:15:56.0026 5940 clr_optimization_v2.0.50727_32 - ok 18:15:56.0073 5940 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 18:15:56.0089 5940 clr_optimization_v2.0.50727_64 - ok 18:15:56.0229 5940 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 18:15:56.0260 5940 clr_optimization_v4.0.30319_32 - ok 18:15:56.0448 5940 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 18:15:56.0479 5940 clr_optimization_v4.0.30319_64 - ok 18:15:56.0541 5940 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 18:15:56.0588 5940 CmBatt - ok 18:15:56.0619 5940 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 18:15:56.0635 5940 cmdide - ok 18:15:56.0697 5940 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys 18:15:56.0760 5940 CNG - ok 18:15:56.0838 5940 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 18:15:56.0853 5940 Compbatt - ok 18:15:56.0916 5940 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 18:15:56.0978 5940 CompositeBus - ok 18:15:56.0994 5940 COMSysApp - ok 18:15:57.0025 5940 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 18:15:57.0040 5940 crcdisk - ok 18:15:57.0118 5940 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll 18:15:57.0196 5940 CryptSvc - ok 18:15:57.0259 5940 [ 04199CA5C4A6F6E935906A74EAFCA8E7 ] CSCrySec C:\Windows\system32\DRIVERS\CSCrySec.sys 18:15:57.0274 5940 CSCrySec - ok 18:15:57.0586 5940 [ 0F9FE82E229C039F0AC1996E44059653 ] CSObjectsSrv C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe 18:15:57.0664 5940 CSObjectsSrv - ok 18:15:57.0774 5940 [ 7D7F90460F1309B5205BF8CDFAD63E42 ] CSVirtualDiskDrv C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys 18:15:57.0789 5940 CSVirtualDiskDrv - ok 18:15:58.0008 5940 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE 18:15:58.0070 5940 cvhsvc - ok 18:15:58.0148 5940 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll 18:15:58.0242 5940 DcomLaunch - ok 18:15:58.0304 5940 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 18:15:58.0382 5940 defragsvc - ok 18:15:58.0444 5940 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 18:15:58.0522 5940 DfsC - ok 18:15:58.0569 5940 [ 0B3F6C8F93C5C25977EA5A8B2E656357 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys 18:15:58.0616 5940 dg_ssudbus - ok 18:15:58.0678 5940 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll 18:15:58.0819 5940 Dhcp - ok 18:15:58.0834 5940 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 18:15:58.0912 5940 discache - ok 18:15:58.0975 5940 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 18:15:59.0006 5940 Disk - ok 18:15:59.0053 5940 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll 18:15:59.0115 5940 Dnscache - ok 18:15:59.0146 5940 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll 18:15:59.0240 5940 dot3svc - ok 18:15:59.0271 5940 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll 18:15:59.0318 5940 DPS - ok 18:15:59.0380 5940 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 18:15:59.0412 5940 drmkaud - ok 18:15:59.0474 5940 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 18:15:59.0521 5940 DXGKrnl - ok 18:15:59.0568 5940 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 18:15:59.0646 5940 EapHost - ok 18:15:59.0802 5940 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 18:15:59.0973 5940 ebdrv - ok 18:16:00.0004 5940 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe 18:16:00.0051 5940 EFS - ok 18:16:00.0192 5940 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe 18:16:00.0285 5940 ehRecvr - ok 18:16:00.0348 5940 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 18:16:00.0379 5940 ehSched - ok 18:16:00.0441 5940 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 18:16:00.0519 5940 elxstor - ok 18:16:00.0550 5940 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 18:16:00.0613 5940 ErrDev - ok 18:16:00.0691 5940 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 18:16:00.0784 5940 EventSystem - ok 18:16:00.0816 5940 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 18:16:00.0894 5940 exfat - ok 18:16:00.0987 5940 Fabs - ok 18:16:01.0018 5940 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 18:16:01.0096 5940 fastfat - ok 18:16:01.0206 5940 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe 18:16:01.0315 5940 Fax - ok 18:16:01.0330 5940 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 18:16:01.0377 5940 fdc - ok 18:16:01.0424 5940 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 18:16:01.0486 5940 fdPHost - ok 18:16:01.0518 5940 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 18:16:01.0564 5940 FDResPub - ok 18:16:01.0580 5940 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 18:16:01.0596 5940 FileInfo - ok 18:16:01.0611 5940 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 18:16:01.0658 5940 Filetrace - ok 18:16:02.0017 5940 [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe 18:16:02.0157 5940 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning 18:16:02.0157 5940 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1) 18:16:02.0266 5940 [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 18:16:02.0329 5940 FLEXnet Licensing Service - ok 18:16:02.0360 5940 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 18:16:02.0376 5940 flpydisk - ok 18:16:02.0438 5940 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 18:16:02.0469 5940 FltMgr - ok 18:16:02.0532 5940 [ BC00505CFDA789ED3BE95D2FF38C4875 ] FontCache C:\Windows\system32\FntCache.dll 18:16:02.0641 5940 FontCache - ok 18:16:02.0703 5940 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 18:16:02.0734 5940 FontCache3.0.0.0 - ok 18:16:02.0750 5940 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 18:16:02.0766 5940 FsDepends - ok 18:16:02.0812 5940 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 18:16:02.0844 5940 Fs_Rec - ok 18:16:02.0906 5940 [ 1F44F8559E61A8306ECC67BB1E168B7C ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 18:16:02.0953 5940 fvevol - ok 18:16:03.0000 5940 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 18:16:03.0031 5940 gagp30kx - ok 18:16:03.0093 5940 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll 18:16:03.0156 5940 gpsvc - ok 18:16:03.0234 5940 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 18:16:03.0265 5940 gupdate - ok 18:16:03.0280 5940 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 18:16:03.0296 5940 gupdatem - ok 18:16:03.0343 5940 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 18:16:03.0374 5940 gusvc - ok 18:16:03.0405 5940 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 18:16:03.0468 5940 hcw85cir - ok 18:16:03.0546 5940 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 18:16:03.0608 5940 HdAudAddService - ok 18:16:03.0686 5940 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 18:16:03.0733 5940 HDAudBus - ok 18:16:03.0826 5940 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\drivers\HECIx64.sys 18:16:03.0842 5940 HECIx64 - ok 18:16:03.0873 5940 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 18:16:03.0904 5940 HidBatt - ok 18:16:03.0936 5940 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 18:16:03.0998 5940 HidBth - ok 18:16:04.0014 5940 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 18:16:04.0060 5940 HidIr - ok 18:16:04.0107 5940 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 18:16:04.0201 5940 hidserv - ok 18:16:04.0279 5940 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 18:16:04.0326 5940 HidUsb - ok 18:16:04.0388 5940 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll 18:16:04.0466 5940 hkmsvc - ok 18:16:04.0528 5940 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 18:16:04.0560 5940 HomeGroupListener - ok 18:16:04.0591 5940 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll 18:16:04.0622 5940 HomeGroupProvider - ok 18:16:04.0669 5940 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 18:16:04.0700 5940 HpSAMD - ok 18:16:04.0778 5940 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys 18:16:04.0856 5940 HTTP - ok 18:16:04.0872 5940 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 18:16:04.0887 5940 hwpolicy - ok 18:16:04.0934 5940 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 18:16:04.0950 5940 i8042prt - ok 18:16:04.0965 5940 [ ABBF174CB394F5C437410A788B7E404A ] iaStor C:\Windows\system32\drivers\iaStor.sys 18:16:04.0981 5940 iaStor - ok 18:16:05.0074 5940 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 18:16:05.0090 5940 IAStorDataMgrSvc - ok 18:16:05.0137 5940 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 18:16:05.0168 5940 iaStorV - ok 18:16:05.0308 5940 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 18:16:05.0371 5940 idsvc - ok 18:16:05.0886 5940 [ 2A22AB054F4630D2EF4BAB2853F6D5F6 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 18:16:06.0229 5940 igfx ( UnsignedFile.Multi.Generic ) - warning 18:16:06.0229 5940 igfx - detected UnsignedFile.Multi.Generic (1) 18:16:06.0307 5940 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 18:16:06.0338 5940 iirsp - ok 18:16:06.0400 5940 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll 18:16:06.0525 5940 IKEEXT - ok 18:16:06.0588 5940 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\drivers\Impcd.sys 18:16:06.0650 5940 Impcd - ok 18:16:06.0868 5940 [ 526E482AFB586CB1CDD687869DECF686 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 18:16:06.0962 5940 IntcAzAudAddService - ok 18:16:07.0071 5940 [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys 18:16:07.0180 5940 IntcDAud ( UnsignedFile.Multi.Generic ) - warning 18:16:07.0180 5940 IntcDAud - detected UnsignedFile.Multi.Generic (1) 18:16:07.0212 5940 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 18:16:07.0227 5940 intelide - ok 18:16:07.0274 5940 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys 18:16:07.0321 5940 intelppm - ok 18:16:07.0368 5940 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 18:16:07.0414 5940 IPBusEnum - ok 18:16:07.0430 5940 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 18:16:07.0477 5940 IpFilterDriver - ok 18:16:07.0508 5940 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 18:16:07.0570 5940 iphlpsvc - ok 18:16:07.0586 5940 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 18:16:07.0633 5940 IPMIDRV - ok 18:16:07.0680 5940 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 18:16:07.0773 5940 IPNAT - ok 18:16:07.0804 5940 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 18:16:07.0836 5940 IRENUM - ok 18:16:07.0898 5940 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 18:16:07.0992 5940 isapnp - ok 18:16:08.0054 5940 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 18:16:08.0101 5940 iScsiPrt - ok 18:16:08.0132 5940 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 18:16:08.0163 5940 kbdclass - ok 18:16:08.0210 5940 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 18:16:08.0272 5940 kbdhid - ok 18:16:08.0288 5940 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe 18:16:08.0319 5940 KeyIso - ok 18:16:08.0506 5940 [ 8B5219318DF5895ABD230C373F2DF18A ] Kl1 C:\Windows\system32\DRIVERS\kl1.sys 18:16:08.0553 5940 Kl1 - ok 18:16:08.0662 5940 [ 65F3B81FA285EAB641F5E6EF7AEB984D ] KLIF C:\Windows\system32\DRIVERS\klif.sys 18:16:08.0725 5940 KLIF - ok 18:16:08.0787 5940 [ 630F22545379437737CF4172F09FE449 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys 18:16:08.0803 5940 KLIM6 - ok 18:16:08.0912 5940 [ 2C43FD500522EF3B8C283A5846B7FC41 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys 18:16:08.0943 5940 klkbdflt - ok 18:16:08.0990 5940 [ 70A6D2E292017EC47949696F51ABE18D ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys 18:16:09.0006 5940 klmouflt - ok 18:16:09.0068 5940 [ A8081ED8D48FA611D11DB97F49A5343D ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys 18:16:09.0084 5940 kltdi - ok 18:16:09.0162 5940 [ 185D21CB8F10CFB351FF65DA88C18BC9 ] kneps C:\Windows\system32\DRIVERS\kneps.sys 18:16:09.0193 5940 kneps - ok 18:16:09.0271 5940 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 18:16:09.0349 5940 KSecDD - ok 18:16:09.0474 5940 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 18:16:09.0505 5940 KSecPkg - ok 18:16:09.0552 5940 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 18:16:09.0614 5940 ksthunk - ok 18:16:09.0645 5940 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 18:16:09.0723 5940 KtmRm - ok 18:16:09.0786 5940 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll 18:16:09.0864 5940 LanmanServer - ok 18:16:09.0926 5940 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 18:16:10.0020 5940 LanmanWorkstation - ok 18:16:10.0066 5940 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 18:16:10.0144 5940 lltdio - ok 18:16:10.0176 5940 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 18:16:10.0238 5940 lltdsvc - ok 18:16:10.0269 5940 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 18:16:10.0316 5940 lmhosts - ok 18:16:10.0394 5940 [ 3D23191672D83E90D1CF63927EE98136 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 18:16:10.0425 5940 LMS - ok 18:16:10.0488 5940 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 18:16:10.0519 5940 LSI_FC - ok 18:16:10.0550 5940 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 18:16:10.0566 5940 LSI_SAS - ok 18:16:10.0597 5940 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 18:16:10.0612 5940 LSI_SAS2 - ok 18:16:10.0644 5940 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 18:16:10.0659 5940 LSI_SCSI - ok 18:16:10.0706 5940 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 18:16:10.0784 5940 luafv - ok 18:16:10.0862 5940 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 18:16:10.0878 5940 MBAMProtector - ok 18:16:11.0002 5940 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe 18:16:11.0034 5940 MBAMScheduler - ok 18:16:11.0112 5940 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 18:16:11.0158 5940 MBAMService - ok 18:16:11.0221 5940 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 18:16:11.0268 5940 Mcx2Svc - ok 18:16:11.0299 5940 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 18:16:11.0314 5940 megasas - ok 18:16:11.0330 5940 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 18:16:11.0361 5940 MegaSR - ok 18:16:11.0408 5940 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 18:16:11.0486 5940 MMCSS - ok 18:16:11.0502 5940 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 18:16:11.0548 5940 Modem - ok 18:16:11.0564 5940 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 18:16:11.0595 5940 monitor - ok 18:16:11.0658 5940 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 18:16:11.0689 5940 mouclass - ok 18:16:11.0736 5940 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 18:16:11.0767 5940 mouhid - ok 18:16:11.0782 5940 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 18:16:11.0798 5940 mountmgr - ok 18:16:11.0907 5940 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 18:16:11.0938 5940 MozillaMaintenance - ok 18:16:11.0954 5940 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\drivers\mpio.sys 18:16:11.0985 5940 mpio - ok 18:16:12.0001 5940 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 18:16:12.0032 5940 mpsdrv - ok 18:16:12.0157 5940 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll 18:16:12.0266 5940 MpsSvc - ok 18:16:12.0297 5940 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 18:16:12.0406 5940 MRxDAV - ok 18:16:12.0438 5940 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 18:16:12.0484 5940 mrxsmb - ok 18:16:12.0531 5940 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 18:16:12.0578 5940 mrxsmb10 - ok 18:16:12.0594 5940 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 18:16:12.0640 5940 mrxsmb20 - ok 18:16:12.0703 5940 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\drivers\msahci.sys 18:16:12.0734 5940 msahci - ok 18:16:12.0781 5940 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\drivers\msdsm.sys 18:16:12.0812 5940 msdsm - ok 18:16:12.0828 5940 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 18:16:12.0874 5940 MSDTC - ok 18:16:12.0921 5940 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 18:16:12.0968 5940 Msfs - ok 18:16:13.0015 5940 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 18:16:13.0093 5940 mshidkmdf - ok 18:16:13.0108 5940 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 18:16:13.0124 5940 msisadrv - ok 18:16:13.0155 5940 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 18:16:13.0233 5940 MSiSCSI - ok 18:16:13.0233 5940 msiserver - ok 18:16:13.0296 5940 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 18:16:13.0358 5940 MSKSSRV - ok 18:16:13.0374 5940 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 18:16:13.0467 5940 MSPCLOCK - ok 18:16:13.0498 5940 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 18:16:13.0545 5940 MSPQM - ok 18:16:13.0576 5940 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 18:16:13.0623 5940 MsRPC - ok 18:16:13.0654 5940 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 18:16:13.0670 5940 mssmbios - ok 18:16:13.0717 5940 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 18:16:13.0795 5940 MSTEE - ok 18:16:13.0826 5940 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 18:16:13.0873 5940 MTConfig - ok 18:16:13.0920 5940 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 18:16:13.0951 5940 Mup - ok 18:16:14.0060 5940 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll 18:16:14.0169 5940 napagent - ok 18:16:14.0216 5940 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 18:16:14.0278 5940 NativeWifiP - ok 18:16:14.0356 5940 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys 18:16:14.0419 5940 NDIS - ok 18:16:14.0466 5940 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 18:16:14.0497 5940 NdisCap - ok 18:16:14.0575 5940 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 18:16:14.0653 5940 NdisTapi - ok 18:16:14.0700 5940 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 18:16:14.0762 5940 Ndisuio - ok 18:16:14.0809 5940 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 18:16:14.0887 5940 NdisWan - ok 18:16:14.0902 5940 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 18:16:14.0934 5940 NDProxy - ok 18:16:14.0980 5940 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 18:16:15.0058 5940 NetBIOS - ok 18:16:15.0074 5940 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 18:16:15.0136 5940 NetBT - ok 18:16:15.0152 5940 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe 18:16:15.0168 5940 Netlogon - ok 18:16:15.0230 5940 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 18:16:15.0308 5940 Netman - ok 18:16:15.0386 5940 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 18:16:15.0495 5940 netprofm - ok 18:16:15.0526 5940 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 18:16:15.0558 5940 NetTcpPortSharing - ok 18:16:15.0604 5940 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 18:16:15.0636 5940 nfrd960 - ok 18:16:15.0729 5940 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll 18:16:15.0823 5940 NlaSvc - ok 18:16:15.0948 5940 [ 5839A8027D6D324A7CD494051A96628C ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe 18:16:16.0072 5940 NOBU - ok 18:16:16.0104 5940 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 18:16:16.0150 5940 Npfs - ok 18:16:16.0182 5940 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 18:16:16.0244 5940 nsi - ok 18:16:16.0244 5940 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 18:16:16.0291 5940 nsiproxy - ok 18:16:16.0462 5940 [ 9A6089B056EA1B83B36424FC9D0A300E ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 18:16:16.0556 5940 Ntfs - ok 18:16:16.0603 5940 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 18:16:16.0634 5940 Null - ok 18:16:16.0696 5940 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys 18:16:16.0728 5940 nvraid - ok 18:16:16.0759 5940 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys 18:16:16.0774 5940 nvstor - ok 18:16:16.0821 5940 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 18:16:16.0852 5940 nv_agp - ok 18:16:16.0884 5940 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 18:16:16.0930 5940 ohci1394 - ok 18:16:16.0962 5940 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 18:16:16.0993 5940 ose - ok 18:16:17.0508 5940 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 18:16:17.0679 5940 osppsvc - ok 18:16:17.0742 5940 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 18:16:17.0804 5940 p2pimsvc - ok 18:16:17.0820 5940 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 18:16:17.0851 5940 p2psvc - ok 18:16:17.0851 5940 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys 18:16:17.0882 5940 Parport - ok 18:16:17.0929 5940 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys 18:16:17.0960 5940 partmgr - ok 18:16:18.0007 5940 [ 9665402B7FA59302D520AD845DDFC026 ] Partner Service C:\ProgramData\Partner\Partner.exe 18:16:18.0038 5940 Partner Service - ok 18:16:18.0085 5940 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 18:16:18.0147 5940 PcaSvc - ok 18:16:18.0178 5940 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\drivers\pci.sys 18:16:18.0194 5940 pci - ok 18:16:18.0256 5940 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 18:16:18.0288 5940 pciide - ok 18:16:18.0319 5940 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 18:16:18.0334 5940 pcmcia - ok 18:16:18.0350 5940 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 18:16:18.0366 5940 pcw - ok 18:16:18.0412 5940 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 18:16:18.0568 5940 PEAUTH - ok 18:16:18.0896 5940 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 18:16:18.0927 5940 PerfHost - ok 18:16:19.0005 5940 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll 18:16:19.0130 5940 pla - ok 18:16:19.0208 5940 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 18:16:19.0255 5940 PlugPlay - ok 18:16:19.0426 5940 [ 63694C307273062A2167AE4CE80730EF ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe 18:16:19.0458 5940 PMBDeviceInfoProvider - ok 18:16:19.0489 5940 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 18:16:19.0520 5940 PNRPAutoReg - ok 18:16:19.0551 5940 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 18:16:19.0582 5940 PNRPsvc - ok 18:16:19.0614 5940 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 18:16:19.0738 5940 PolicyAgent - ok 18:16:19.0785 5940 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 18:16:19.0816 5940 Power - ok 18:16:19.0879 5940 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 18:16:19.0957 5940 PptpMiniport - ok 18:16:19.0988 5940 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 18:16:20.0035 5940 Processor - ok 18:16:20.0113 5940 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll 18:16:20.0191 5940 ProfSvc - ok 18:16:20.0206 5940 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe 18:16:20.0222 5940 ProtectedStorage - ok 18:16:20.0269 5940 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys 18:16:20.0331 5940 Psched - ok 18:16:20.0378 5940 [ FBF4DB6D53585437E41A113300002A2B ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys 18:16:20.0394 5940 PxHlpa64 - ok 18:16:20.0456 5940 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 18:16:20.0550 5940 ql2300 - ok 18:16:20.0581 5940 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 18:16:20.0596 5940 ql40xx - ok 18:16:20.0612 5940 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 18:16:20.0643 5940 QWAVE - ok 18:16:20.0659 5940 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 18:16:20.0721 5940 QWAVEdrv - ok 18:16:20.0737 5940 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 18:16:20.0815 5940 RasAcd - ok 18:16:20.0862 5940 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 18:16:20.0893 5940 RasAgileVpn - ok 18:16:20.0924 5940 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 18:16:20.0986 5940 RasAuto - ok 18:16:21.0018 5940 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 18:16:21.0049 5940 Rasl2tp - ok 18:16:21.0080 5940 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll 18:16:21.0127 5940 RasMan - ok 18:16:21.0205 5940 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 18:16:21.0283 5940 RasPppoe - ok 18:16:21.0314 5940 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 18:16:21.0361 5940 RasSstp - ok 18:16:21.0408 5940 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 18:16:21.0486 5940 rdbss - ok 18:16:21.0501 5940 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys 18:16:21.0548 5940 rdpbus - ok 18:16:21.0564 5940 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 18:16:21.0595 5940 RDPCDD - ok 18:16:21.0657 5940 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 18:16:21.0720 5940 RDPENCDD - ok 18:16:21.0766 5940 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 18:16:21.0798 5940 RDPREFMP - ok 18:16:21.0844 5940 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 18:16:21.0891 5940 RDPWD - ok 18:16:21.0969 5940 [ E5DC9BA9E439D6DBDD79F8CAACB5BF01 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 18:16:22.0000 5940 rdyboost - ok 18:16:22.0078 5940 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 18:16:22.0141 5940 RemoteAccess - ok 18:16:22.0172 5940 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 18:16:22.0234 5940 RemoteRegistry - ok 18:16:22.0266 5940 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 18:16:22.0312 5940 RFCOMM - ok 18:16:22.0406 5940 [ FA6ABC06B629DA29634D31F1FE0347BD ] rimspci C:\Windows\system32\drivers\rimssne64.sys 18:16:22.0437 5940 rimspci - ok 18:16:22.0484 5940 [ 8F8539A7F5C117D4407B2985995671F2 ] risdsnpe C:\Windows\system32\drivers\risdsne64.sys 18:16:22.0546 5940 risdsnpe - ok 18:16:22.0593 5940 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 18:16:22.0671 5940 RpcEptMapper - ok 18:16:22.0702 5940 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 18:16:22.0718 5940 RpcLocator - ok 18:16:22.0734 5940 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll 18:16:22.0780 5940 RpcSs - ok 18:16:22.0843 5940 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 18:16:22.0921 5940 rspndr - ok 18:16:22.0968 5940 [ C8D0CA461D647165DD5C8DE1FF5EA822 ] rsvcdwdr C:\Windows\system32\DRIVERS\rsvcdwdr.sys 18:16:22.0999 5940 rsvcdwdr - ok 18:16:23.0077 5940 [ D6D381B76056C668679723938F06F16C ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys 18:16:23.0108 5940 RTHDMIAzAudService - ok 18:16:23.0155 5940 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe 18:16:23.0170 5940 SamSs - ok 18:16:23.0202 5940 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 18:16:23.0217 5940 sbp2port - ok 18:16:23.0233 5940 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 18:16:23.0280 5940 SCardSvr - ok 18:16:23.0311 5940 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 18:16:23.0358 5940 scfilter - ok 18:16:23.0436 5940 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll 18:16:23.0576 5940 Schedule - ok 18:16:23.0623 5940 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll 18:16:23.0654 5940 SCPolicySvc - ok 18:16:23.0748 5940 [ 2C8D162EFAF73ABD36D8BCBB6340CAE7 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys 18:16:23.0794 5940 sdbus - ok 18:16:23.0841 5940 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll 18:16:23.0919 5940 SDRSVC - ok 18:16:23.0966 5940 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 18:16:24.0044 5940 secdrv - ok 18:16:24.0060 5940 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll 18:16:24.0122 5940 seclogon - ok 18:16:24.0138 5940 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 18:16:24.0200 5940 SENS - ok 18:16:24.0231 5940 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 18:16:24.0294 5940 SensrSvc - ok 18:16:24.0340 5940 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys 18:16:24.0372 5940 Serenum - ok 18:16:24.0387 5940 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys 18:16:24.0418 5940 Serial - ok 18:16:24.0450 5940 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 18:16:24.0496 5940 sermouse - ok 18:16:24.0543 5940 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll 18:16:24.0590 5940 SessionEnv - ok 18:16:24.0668 5940 [ 286D3889E6AB5589646FF8A63CB928AE ] SFEP C:\Windows\system32\drivers\SFEP.sys 18:16:24.0699 5940 SFEP - ok 18:16:24.0715 5940 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 18:16:24.0762 5940 sffdisk - ok 18:16:24.0808 5940 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 18:16:24.0840 5940 sffp_mmc - ok 18:16:24.0855 5940 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 18:16:24.0902 5940 sffp_sd - ok 18:16:24.0902 5940 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 18:16:24.0949 5940 sfloppy - ok 18:16:25.0011 5940 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys 18:16:25.0074 5940 Sftfs - ok 18:16:25.0152 5940 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe 18:16:25.0198 5940 sftlist - ok 18:16:25.0214 5940 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys 18:16:25.0230 5940 Sftplay - ok 18:16:25.0245 5940 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys 18:16:25.0261 5940 Sftredir - ok 18:16:25.0308 5940 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys 18:16:25.0323 5940 Sftvol - ok 18:16:25.0339 5940 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe 18:16:25.0354 5940 sftvsa - ok 18:16:25.0401 5940 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 18:16:25.0464 5940 SharedAccess - ok 18:16:25.0510 5940 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll 18:16:25.0573 5940 ShellHWDetection - ok 18:16:25.0620 5940 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 18:16:25.0651 5940 SiSRaid2 - ok 18:16:25.0666 5940 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 18:16:25.0682 5940 SiSRaid4 - ok 18:16:25.0791 5940 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 18:16:25.0822 5940 SkypeUpdate - ok 18:16:25.0885 5940 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 18:16:25.0963 5940 Smb - ok 18:16:26.0010 5940 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 18:16:26.0056 5940 SNMPTRAP - ok 18:16:26.0150 5940 [ C3E69DB0A4E59564230E053232F39AC7 ] SOHCImp C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe 18:16:26.0181 5940 SOHCImp - ok 18:16:26.0212 5940 [ 65CC4779A29C3E82B987BD4961790DFF ] SOHDms C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe 18:16:26.0244 5940 SOHDms - ok 18:16:26.0244 5940 [ F47D75CEE1844EEF4A9EA6EE768828FB ] SOHDs C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe 18:16:26.0259 5940 SOHDs - ok 18:16:26.0337 5940 [ C03E480E63A80D73FABE28D24D3B6B47 ] SpfService C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe 18:16:26.0368 5940 SpfService - ok 18:16:26.0400 5940 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 18:16:26.0415 5940 spldr - ok 18:16:26.0509 5940 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe 18:16:26.0587 5940 Spooler - ok 18:16:26.0930 5940 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe 18:16:27.0086 5940 sppsvc - ok 18:16:27.0133 5940 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 18:16:27.0180 5940 sppuinotify - ok 18:16:27.0258 5940 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys 18:16:27.0336 5940 srv - ok 18:16:27.0351 5940 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 18:16:27.0382 5940 srv2 - ok 18:16:27.0398 5940 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 18:16:27.0445 5940 srvnet - ok 18:16:27.0507 5940 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys 18:16:27.0585 5940 ssadbus - ok 18:16:27.0632 5940 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys 18:16:27.0694 5940 ssadmdfl - ok 18:16:27.0710 5940 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys 18:16:27.0741 5940 ssadmdm - ok 18:16:27.0819 5940 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 18:16:27.0897 5940 SSDPSRV - ok 18:16:27.0928 5940 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 18:16:27.0960 5940 SstpSvc - ok 18:16:28.0022 5940 [ EA8F41484CCC5BA6A1455C2AD3D1BE3C ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys 18:16:28.0038 5940 ssudmdm - ok 18:16:28.0069 5940 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 18:16:28.0084 5940 stexstor - ok 18:16:28.0162 5940 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys 18:16:28.0209 5940 StillCam - ok 18:16:28.0318 5940 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll 18:16:28.0381 5940 stisvc - ok 18:16:28.0412 5940 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 18:16:28.0428 5940 swenum - ok 18:16:28.0474 5940 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 18:16:28.0537 5940 swprv - ok 18:16:28.0584 5940 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll 18:16:28.0677 5940 SysMain - ok 18:16:28.0708 5940 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll 18:16:28.0740 5940 TabletInputService - ok 18:16:28.0755 5940 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll 18:16:28.0818 5940 TapiSrv - ok 18:16:28.0849 5940 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 18:16:28.0927 5940 TBS - ok 18:16:29.0005 5940 [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] Tcpip C:\Windows\system32\drivers\tcpip.sys 18:16:29.0114 5940 Tcpip - ok 18:16:29.0208 5940 [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 18:16:29.0270 5940 TCPIP6 - ok 18:16:29.0286 5940 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 18:16:29.0379 5940 tcpipreg - ok 18:16:29.0410 5940 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 18:16:29.0488 5940 TDPIPE - ok 18:16:29.0535 5940 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 18:16:29.0613 5940 TDTCP - ok 18:16:29.0660 5940 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys 18:16:29.0738 5940 tdx - ok 18:16:29.0769 5940 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\drivers\termdd.sys 18:16:29.0785 5940 TermDD - ok 18:16:29.0910 5940 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll 18:16:30.0034 5940 TermService - ok 18:16:30.0066 5940 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 18:16:30.0128 5940 Themes - ok 18:16:30.0175 5940 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 18:16:30.0237 5940 THREADORDER - ok 18:16:30.0284 5940 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 18:16:30.0362 5940 TrkWks - ok 18:16:30.0409 5940 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 18:16:30.0471 5940 TrustedInstaller - ok 18:16:30.0502 5940 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 18:16:30.0580 5940 tssecsrv - ok 18:16:30.0612 5940 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 18:16:30.0658 5940 tunnel - ok 18:16:30.0690 5940 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 18:16:30.0705 5940 uagp35 - ok 18:16:30.0752 5940 [ 63F6D08C54D5B3C1B12A6172032055C7 ] uCamMonitor C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe 18:16:30.0768 5940 uCamMonitor - ok 18:16:30.0799 5940 [ 0E5E962B5649D544BE54E8C90761EA2B ] udfs C:\Windows\system32\DRIVERS\udfs.sys 18:16:30.0861 5940 udfs - ok 18:16:30.0877 5940 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 18:16:30.0908 5940 UI0Detect - ok 18:16:30.0970 5940 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 18:16:30.0986 5940 uliagpkx - ok 18:16:31.0048 5940 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 18:16:31.0126 5940 umbus - ok 18:16:31.0158 5940 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 18:16:31.0204 5940 UmPass - ok 18:16:31.0485 5940 [ 11A559E0F10CC5E788984023DF400A6F ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 18:16:31.0579 5940 UNS - ok 18:16:31.0626 5940 Update-Service - ok 18:16:31.0704 5940 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 18:16:31.0813 5940 upnphost - ok 18:16:31.0906 5940 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 18:16:31.0984 5940 usbccgp - ok 18:16:32.0031 5940 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 18:16:32.0094 5940 usbcir - ok 18:16:32.0125 5940 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\drivers\usbehci.sys 18:16:32.0156 5940 usbehci - ok 18:16:32.0172 5940 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 18:16:32.0203 5940 usbhub - ok 18:16:32.0250 5940 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\drivers\usbohci.sys 18:16:32.0281 5940 usbohci - ok 18:16:32.0328 5940 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 18:16:32.0374 5940 usbprint - ok 18:16:32.0406 5940 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 18:16:32.0468 5940 USBSTOR - ok 18:16:32.0515 5940 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 18:16:32.0562 5940 usbuhci - ok 18:16:32.0624 5940 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 18:16:32.0686 5940 usbvideo - ok 18:16:32.0718 5940 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 18:16:32.0764 5940 UxSms - ok 18:16:32.0842 5940 [ A60605FC66552B421EE1F3D4EBB9A4E0 ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe 18:16:32.0874 5940 VAIO Event Service - ok 18:16:32.0952 5940 [ D469BE2723F79CF4B384680B1FDC577D ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe 18:16:33.0014 5940 VAIO Power Management - ok 18:16:33.0030 5940 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe 18:16:33.0045 5940 VaultSvc - ok 18:16:33.0279 5940 [ ADD5A5BA64D0710E1C764A8D4DAD510E ] VCFw C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe 18:16:33.0310 5940 VCFw - ok 18:16:33.0404 5940 [ EEE5AD6FB40B35F7867C3A49B98BB4EF ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe 18:16:33.0435 5940 VcmIAlzMgr - ok 18:16:33.0498 5940 [ E005B04DFCA99F5880C5111933194CA9 ] VcmINSMgr C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe 18:16:33.0529 5940 VcmINSMgr - ok 18:16:33.0591 5940 [ 9BC1F203C5604C24F345BCFCD6956BAE ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe 18:16:33.0622 5940 VcmXmlIfHelper - ok 18:16:33.0700 5940 [ D347D3ABE070AA09C22FC37121555D52 ] VCService C:\Program Files\Sony\VAIO Care\VCService.exe 18:16:33.0716 5940 VCService - ok 18:16:33.0794 5940 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 18:16:33.0841 5940 vdrvroot - ok 18:16:33.0872 5940 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe 18:16:33.0903 5940 vds - ok 18:16:33.0966 5940 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 18:16:33.0997 5940 vga - ok 18:16:34.0012 5940 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 18:16:34.0059 5940 VgaSave - ok 18:16:34.0106 5940 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 18:16:34.0137 5940 vhdmp - ok 18:16:34.0153 5940 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 18:16:34.0168 5940 viaide - ok 18:16:34.0200 5940 Virtual CDAudio Service - ok 18:16:34.0246 5940 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\drivers\volmgr.sys 18:16:34.0278 5940 volmgr - ok 18:16:34.0293 5940 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 18:16:34.0324 5940 volmgrx - ok 18:16:34.0387 5940 [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap C:\Windows\system32\drivers\volsnap.sys 18:16:34.0418 5940 volsnap - ok 18:16:34.0465 5940 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 18:16:34.0512 5940 vsmraid - ok 18:16:34.0605 5940 [ A7EB62C664A03901165290A714BD48D0 ] VSNService C:\Program Files\Sony\VAIO Smart Network\VSNService.exe 18:16:34.0683 5940 VSNService ( UnsignedFile.Multi.Generic ) - warning 18:16:34.0683 5940 VSNService - detected UnsignedFile.Multi.Generic (1) 18:16:34.0746 5940 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe 18:16:34.0855 5940 VSS - ok 18:16:35.0042 5940 [ D2D646D4D686C6996BA1FF96E11BE570 ] VUAgent C:\Program Files\Sony\VAIO Update\VUAgent.exe 18:16:35.0073 5940 VUAgent - ok 18:16:35.0167 5940 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 18:16:35.0182 5940 vwifibus - ok 18:16:35.0198 5940 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 18:16:35.0245 5940 vwififlt - ok 18:16:35.0354 5940 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 18:16:35.0385 5940 vwifimp - ok 18:16:35.0401 5940 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 18:16:35.0463 5940 W32Time - ok 18:16:35.0510 5940 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 18:16:35.0557 5940 WacomPen - ok 18:16:35.0635 5940 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 18:16:35.0728 5940 WANARP - ok 18:16:35.0728 5940 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 18:16:35.0760 5940 Wanarpv6 - ok 18:16:35.0869 5940 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 18:16:35.0931 5940 WatAdminSvc - ok 18:16:36.0040 5940 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe 18:16:36.0118 5940 wbengine - ok 18:16:36.0150 5940 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 18:16:36.0181 5940 WbioSrvc - ok 18:16:36.0212 5940 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll 18:16:36.0259 5940 wcncsvc - ok 18:16:36.0274 5940 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 18:16:36.0306 5940 WcsPlugInService - ok 18:16:36.0337 5940 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 18:16:36.0368 5940 Wd - ok 18:16:36.0415 5940 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 18:16:36.0508 5940 Wdf01000 - ok 18:16:36.0524 5940 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 18:16:36.0555 5940 WdiServiceHost - ok 18:16:36.0571 5940 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 18:16:36.0586 5940 WdiSystemHost - ok 18:16:36.0633 5940 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll 18:16:36.0696 5940 WebClient - ok 18:16:36.0727 5940 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 18:16:36.0789 5940 Wecsvc - ok 18:16:36.0820 5940 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 18:16:36.0898 5940 wercplsupport - ok 18:16:36.0930 5940 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 18:16:36.0961 5940 WerSvc - ok 18:16:37.0023 5940 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 18:16:37.0101 5940 WfpLwf - ok 18:16:37.0148 5940 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 18:16:37.0179 5940 WIMMount - ok 18:16:37.0195 5940 WinDefend - ok 18:16:37.0195 5940 WinHttpAutoProxySvc - ok 18:16:37.0273 5940 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 18:16:37.0335 5940 Winmgmt - ok 18:16:37.0554 5940 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll 18:16:37.0694 5940 WinRM - ok 18:16:37.0803 5940 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 18:16:37.0834 5940 WinUsb - ok 18:16:37.0897 5940 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 18:16:37.0975 5940 Wlansvc - ok 18:16:38.0193 5940 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 18:16:38.0287 5940 wlidsvc - ok 18:16:38.0302 5940 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 18:16:38.0318 5940 WmiAcpi - ok 18:16:38.0349 5940 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 18:16:38.0380 5940 wmiApSrv - ok 18:16:38.0474 5940 WMPNetworkSvc - ok 18:16:38.0505 5940 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 18:16:38.0536 5940 WPCSvc - ok 18:16:38.0552 5940 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 18:16:38.0599 5940 WPDBusEnum - ok 18:16:38.0614 5940 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 18:16:38.0661 5940 ws2ifsl - ok 18:16:38.0692 5940 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\System32\wscsvc.dll 18:16:38.0724 5940 wscsvc - ok 18:16:38.0724 5940 WSearch - ok 18:16:38.0942 5940 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 18:16:39.0036 5940 wuauserv - ok 18:16:39.0082 5940 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 18:16:39.0114 5940 WudfPf - ok 18:16:39.0176 5940 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 18:16:39.0238 5940 WUDFRd - ok 18:16:39.0270 5940 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 18:16:39.0316 5940 wudfsvc - ok 18:16:39.0363 5940 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 18:16:39.0394 5940 WwanSvc - ok 18:16:39.0535 5940 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe 18:16:39.0582 5940 YahooAUService - ok 18:16:39.0706 5940 [ 5250193EF8E173AA7491250F00EB367F ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys 18:16:39.0738 5940 yukonw7 - ok 18:16:39.0738 5940 ================ Scan global =============================== 18:16:39.0816 5940 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 18:16:39.0878 5940 [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll 18:16:39.0894 5940 [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll 18:16:39.0925 5940 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 18:16:39.0956 5940 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 18:16:39.0972 5940 [Global] - ok 18:16:39.0972 5940 ================ Scan MBR ================================== 18:16:39.0987 5940 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 18:16:40.0674 5940 \Device\Harddisk0\DR0 - ok 18:16:40.0674 5940 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1 18:16:41.0188 5940 \Device\Harddisk1\DR1 - ok 18:16:41.0188 5940 ================ Scan VBR ================================== 18:16:41.0204 5940 [ 7D4AE33E9D84F6D6153EBDECECA63ED5 ] \Device\Harddisk0\DR0\Partition1 18:16:41.0204 5940 \Device\Harddisk0\DR0\Partition1 - ok 18:16:41.0220 5940 [ 28D667B0C2107FCE1073698932CFDECE ] \Device\Harddisk0\DR0\Partition2 18:16:41.0220 5940 \Device\Harddisk0\DR0\Partition2 - ok 18:16:41.0220 5940 [ D4B6FF28C84C3077677D38010241A70E ] \Device\Harddisk1\DR1\Partition1 18:16:41.0220 5940 \Device\Harddisk1\DR1\Partition1 - ok 18:16:41.0220 5940 ============================================================ 18:16:41.0220 5940 Scan finished 18:16:41.0220 5940 ============================================================ 18:16:41.0235 4412 Detected object count: 4 18:16:41.0235 4412 Actual detected object count: 4 18:17:35.0243 4412 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user 18:17:35.0243 4412 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:17:35.0243 4412 igfx ( UnsignedFile.Multi.Generic ) - skipped by user 18:17:35.0243 4412 igfx ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:17:35.0243 4412 IntcDAud ( UnsignedFile.Multi.Generic ) - skipped by user 18:17:35.0243 4412 IntcDAud ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:17:35.0243 4412 VSNService ( UnsignedFile.Multi.Generic ) - skipped by user 18:17:35.0243 4412 VSNService ( UnsignedFile.Multi.Generic ) - User select action: Skip |
13.06.2013, 17:44 | #4 |
/// Malware-holic | Stress mit "HEUR:Exploit.Java.CVE-2012-1723.gen" Hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
14.06.2013, 14:36 | #5 |
| Stress mit "HEUR:Exploit.Java.CVE-2012-1723.gen" Combofix Logfile: Code:
ATTFilter ComboFix 13-06-13.01 - Bandick 14.06.2013 15:21:45.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3950.1897 [GMT 2:00] ausgeführt von:: c:\users\Bandick\Desktop\ComboFix.exe AV: Kaspersky PURE 3.0 *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} FW: Kaspersky PURE 3.0 *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} SP: Kaspersky PURE 3.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\BrowserCompanion c:\program files (x86)\BrowserCompanion\ack.end c:\program files (x86)\BrowserCompanion\BCHelper.exe c:\program files (x86)\BrowserCompanion\blabbers-ch.crx c:\program files (x86)\BrowserCompanion\blabbers-ff-full.xpi c:\program files (x86)\BrowserCompanion\jsloader.dll c:\program files (x86)\BrowserCompanion\logo.ico c:\program files (x86)\BrowserCompanion\sqlite3.dll c:\program files (x86)\BrowserCompanion\tdataprotocol.dll c:\program files (x86)\BrowserCompanion\terms.lnk.url c:\program files (x86)\BrowserCompanion\toolbar.dll c:\program files (x86)\BrowserCompanion\uninstall.exe c:\program files (x86)\BrowserCompanion\updatebhoWin32.dll c:\program files (x86)\BrowserCompanion\updatebhoWin32.dll_1 c:\program files (x86)\BrowserCompanion\updater.ini c:\program files (x86)\BrowserCompanion\widgetserv.exe c:\programdata\ntuser.dat c:\users\Bandick\Desktop\Setup.exe c:\windows\security\Database\tmp.edb c:\windows\SysWow64\muzapp.exe . . ((((((((((((((((((((((( Dateien erstellt von 2013-05-14 bis 2013-06-14 )))))))))))))))))))))))))))))) . . 2013-06-14 13:30 . 2013-06-14 13:30 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-06-14 13:23 . 2013-06-14 13:23 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{95716791-6D1C-424E-B564-76A8DC1ACD6A}\offreg.dll 2013-06-14 12:49 . 2013-05-13 23:48 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{95716791-6D1C-424E-B564-76A8DC1ACD6A}\mpengine.dll 2013-06-13 14:47 . 2013-06-13 14:47 -------- d-----w- c:\users\Bandick\AppData\Roaming\Malwarebytes 2013-06-13 14:47 . 2013-06-13 14:47 -------- d-----w- c:\programdata\Malwarebytes 2013-06-13 14:47 . 2013-06-13 14:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-06-13 14:47 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-06-13 11:42 . 2012-07-11 15:09 64856 ----a-w- c:\windows\system32\klfphc.dll 2013-06-13 11:42 . 2011-06-02 12:39 66616 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys 2013-06-13 11:42 . 2011-06-02 12:39 84536 ----a-w- c:\windows\system32\drivers\CSCrySec.sys 2013-06-13 11:41 . 2013-06-13 11:41 -------- d-----w- c:\windows\ELAMBKUP 2013-06-12 08:52 . 2013-06-12 08:52 -------- d-----w- C:\found.000 2013-06-06 22:08 . 2013-06-06 22:08 0 ----a-w- c:\windows\SysWow64\sho396B.tmp 2013-06-06 20:44 . 2013-06-06 20:44 -------- d-----w- c:\program files (x86)\Microsoft 2013-06-06 20:43 . 2013-06-14 12:49 -------- d-----w- c:\users\Bandick\AppData\Roaming\HpUpdate 2013-06-06 20:43 . 2012-10-17 02:31 741480 ------w- c:\windows\system32\HPDiscoPM5912.dll 2013-06-06 20:42 . 2013-06-06 20:42 -------- d-----w- c:\programdata\HP 2013-06-06 20:42 . 2013-06-06 20:43 -------- d-----w- c:\program files (x86)\HP 2013-06-06 20:42 . 2013-06-06 20:42 -------- d-----w- c:\program files\HP 2013-06-06 20:41 . 2013-06-06 20:49 -------- d-----w- c:\users\Bandick\AppData\Local\HP 2013-06-04 07:15 . 2013-06-04 07:15 103448 ----a-w- c:\windows\system32\drivers\ssudbus.sys 2013-06-04 07:15 . 2013-06-04 07:15 203672 ----a-w- c:\windows\system32\drivers\ssudmdm.sys 2013-05-31 06:14 . 2013-03-19 06:19 5497688 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-05-31 06:14 . 2013-03-19 05:06 3902312 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-05-31 06:14 . 2013-03-19 05:06 3958120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-05-31 06:14 . 2013-03-19 05:54 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-05-31 06:14 . 2013-03-19 04:53 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-05-31 06:14 . 2013-03-19 03:19 112640 ----a-w- c:\windows\system32\smss.exe 2013-05-31 06:13 . 2013-04-12 14:36 1653096 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-05-31 06:12 . 2013-02-12 15:37 3138048 ----a-w- c:\windows\system32\mstscax.dll 2013-05-31 06:12 . 2013-02-12 15:13 2691072 ----a-w- c:\windows\SysWow64\mstscax.dll 2013-05-31 06:12 . 2013-02-12 15:42 44032 ----a-w- c:\windows\system32\tsgqec.dll 2013-05-31 06:12 . 2013-02-12 15:31 158208 ----a-w- c:\windows\system32\aaclient.dll 2013-05-31 06:12 . 2013-02-12 15:07 131072 ----a-w- c:\windows\SysWow64\aaclient.dll 2013-05-31 06:12 . 2013-02-12 13:59 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll 2013-05-31 06:12 . 2013-03-01 03:32 3150848 ----a-w- c:\windows\system32\win32k.sys 2013-05-31 06:12 . 2013-01-24 05:41 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys 2013-05-31 06:04 . 2013-05-31 06:04 0 ----a-w- c:\windows\SysWow64\sho9B83.tmp . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-12 19:50 . 2011-04-11 19:12 75825640 ----a-w- c:\windows\system32\MRT.exe 2013-06-12 12:02 . 2012-04-20 05:34 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-06-12 12:02 . 2011-06-06 05:41 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-31 05:57 . 2011-03-28 16:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-02 00:06 . 2011-06-10 21:04 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-04-13 13:28 . 2011-04-09 11:08 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2013-04-13 13:22 . 2011-04-09 11:07 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2013-04-13 13:22 . 2011-04-27 12:44 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2013-04-04 03:35 . 2013-05-15 09:29 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-03-31 14:00 . 2011-06-18 20:00 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2013-03-31 13:59 . 2011-06-18 20:00 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2013-03-30 18:19 . 2013-03-30 18:19 0 ----a-w- c:\windows\SysWow64\shoE7E0.tmp 2013-03-30 14:31 . 2013-03-30 14:31 0 ----a-w- c:\windows\SysWow64\sho605B.tmp 2013-03-25 20:37 . 2013-03-25 20:34 220912408 ----a-w- c:\users\Bandick\DE-SkiChallenge13.exe 2013-03-21 10:40 . 2012-07-16 18:57 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2013-03-21 10:40 . 2010-11-25 07:51 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-03-20 18:43 . 2013-03-20 18:43 0 ----a-w- c:\windows\SysWow64\sho66CA.tmp 2011-01-19 11:34 . 2011-01-19 11:34 3003392 ----a-w- c:\program files\openofficeorg33.msi 2011-01-19 11:33 . 2011-01-19 11:33 475016 ----a-w- c:\program files\setup.exe 2007-03-12 17:59 . 2007-03-12 17:59 299008 ----a-w- c:\program files (x86)\navigram_register.exe . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-02-08 1520776] . [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}] 2010-11-25 07:36 433648 ----a-w- c:\programdata\Partner\Partner.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2013-02-08 13:55 1520776 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-02-08 1520776] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon] @="{dd230880-495a-11d1-b064-008048ec2fc5}" [HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}] 2012-12-20 16:20 459784 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CAHeadless"="c:\program files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe" [2009-10-09 615808] "KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2013-01-10 844144] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-25 39408] "KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-01-10 1475952] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664] "HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696] "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-05-31 673136] "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928] "PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-26 648032] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-20 102400] "SHTtray.exe"="c:\program files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe" [2010-06-20 99696] "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-01-10 310128] "ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2013-02-08 1644680] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208] "AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe" [2012-12-20 356968] . c:\users\Bandick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Game Alarm.lnk - c:\games\Game Alarm\gamealarm.exe -silent 2 [2013-3-25 19721728] OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet Pro 8600\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN31ABVHFC05KC;CONNECTION=NW;MONITOR=1; [2009-7-14 45568] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-9 1128224] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R2 Update-Service;Update-Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] R2 Virtual CDAudio Service;Virtual CDAudio Service;f:\audials_8_0_46302_200_portable\VCDWriter\64\VCDAudioService.exe;f:\audials_8_0_46302_200_portable\VCDWriter\64\VCDAudioService.exe [x] R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x] R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x] R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe;c:\programdata\Partner\Partner.exe [x] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x] R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x] R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys;c:\windows\SYSNATIVE\DRIVERS\CSCrySec.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys;c:\windows\SYSNATIVE\DRIVERS\CSVirtualDiskDrv.sys [x] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x] S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x] S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x] S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 CSObjectsSrv;Verwaltungsservice vom CryproStorage-System;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x] S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys;c:\windows\SYSNATIVE\drivers\rimssne64.sys [x] S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys;c:\windows\SYSNATIVE\drivers\risdsne64.sys [x] S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S2 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x] S2 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x] S2 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x] S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x] S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x] S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x] S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x] S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x] S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x] S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe [x] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys;c:\windows\SYSNATIVE\drivers\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x] S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x] S3 rsvcdwdr;rsvcdwdr;c:\windows\system32\DRIVERS\rsvcdwdr.sys;c:\windows\SYSNATIVE\DRIVERS\rsvcdwdr.sys [x] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys;c:\windows\SYSNATIVE\drivers\SFEP.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x] S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x] S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe;c:\program files\Sony\VAIO Update\VUAgent.exe [x] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Update-Service-Installer-Service REG_MULTI_SZ Update-Service-Installer-Service Update-Service REG_MULTI_SZ Update-Service . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-06-06 09:31 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe . Inhalt des "geplante Tasks" Ordners . 2013-06-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 12:02] . 2013-06-14 c:\windows\Tasks\GinyasBrowserCompanion Chrome Watcher.job - c:\programdata\GinyasBrowserCompanion\tbhcn.exe [2013-02-18 10:50] . 2013-06-14 c:\windows\Tasks\GinyasBrowserCompanion FireFox Watcher.job - c:\programdata\GinyasBrowserCompanion\tbhcn.exe [2013-02-18 10:50] . 2013-06-14 c:\windows\Tasks\GinyasBrowserCompanion Runner.job - c:\programdata\GinyasBrowserCompanion\tbhcn.exe [2013-02-18 10:50] . 2013-06-14 c:\windows\Tasks\GinyasBrowserCompanion Stats Report.job - c:\programdata\GinyasBrowserCompanion\tbhcn.exe [2013-02-18 10:50] . 2013-06-14 c:\windows\Tasks\GinyasBrowserCompanion Update Checker.job - c:\programdata\GinyasBrowserCompanion\tbhcn.exe [2013-02-18 10:50] . 2013-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-25 07:36] . 2013-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-25 07:36] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}] 2010-11-25 07:36 750064 ----a-w- c:\programdata\Partner\Partner64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon] @="{dd230880-495a-11d1-b064-008048ec2fc5}" [HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}] 2012-12-20 16:22 492040 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-31 10775584] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-05-31 2040352] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.de/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html IE: Hinzufügen zu Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm TCP: DhcpNameServer = 192.168.1.1 Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - FF - ProfilePath - c:\users\Bandick\AppData\Roaming\Mozilla\Firefox\Profiles\bsn6v8jn.default\ FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=06311987-63FB-4024-9212-769F21BE9726&apn_ptnrs=&apn_sauid=9AFE8EC9-7E45-4510-A157-0F6D3849F425&apn_dtid=OSJ000&&q= FF - ExtSQL: 2013-06-12 16:01; anti_banner@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com FF - ExtSQL: 2013-06-12 16:01; content_blocker@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com FF - ExtSQL: 2013-06-12 16:01; online_banking@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com FF - ExtSQL: 2013-06-12 16:01; url_advisor@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com FF - ExtSQL: 2013-06-12 16:01; virtual_keyboard@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com . - - - - Entfernte verwaiste Registrierungseinträge - - - - . BHO-{00cbb66b-1d3b-46d3-9577-323a336acb50} - c:\program files (x86)\BrowserCompanion\jsloader.dll Wow6432Node-HKLM-Run-<NO NAME> - (no file) Wow6432Node-HKLM-Run-Browser companion helper - c:\program files (x86)\BrowserCompanion\BCHelper.exe HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe AddRemove-BrowserCompanion - c:\program files (x86)\BrowserCompanion\uninstall.exe AddRemove-GinyasBrowserCompanion - c:\program files (x86)\BrowserCompanion\uninstall.exe AddRemove-InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3} - c:\program files (x86)\InstallShield Installation Information\{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}\setup.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector] "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\"" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-2047115178-1967158156-820026315-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-2047115178-1967158156-820026315-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Philips] @DACL=(02 0000) . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-06-14 15:33:37 ComboFix-quarantined-files.txt 2013-06-14 13:33 . Vor Suchlauf: 18 Verzeichnis(se), 299.360.202.752 Bytes frei Nach Suchlauf: 25 Verzeichnis(se), 299.385.315.328 Bytes frei . - - End Of File - - 0EA3818E619A0A9D70DEDB856CEBC6DD D41D8CD98F00B204E9800998ECF8427E |
14.06.2013, 19:08 | #6 |
/// Malware-holic | Stress mit "HEUR:Exploit.Java.CVE-2012-1723.gen" poste alle bisherigen Malwarebytes Logs mit funden: http://www.trojaner-board.de/125889-...en-posten.html
__________________ --> Stress mit "HEUR:Exploit.Java.CVE-2012-1723.gen" |
17.06.2013, 11:00 | #7 |
| Stress mit "HEUR:Exploit.Java.CVE-2012-1723.gen" hi, ich habe nur diese Logdatei (gerade eben Scan durchgeführt mit Malwarebytes Anti-Malware): Malwarebytes Anti-Malware (Test) 1.75.0.1300 Malwarebytes : Free Anti-Malware download Datenbank Version: v2013.06.16.04 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Bandick :: BANDICK-VAIO [Administrator] Schutz: Aktiviert 17.06.2013 09:51:36 MBAM-log-2013-06-17 (11-57-46).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 409967 Laufzeit: 1 Stunde(n), 17 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 14 HKCR\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\updatebho.TimerBHO.1 (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\updatebho.TimerBHO (PUP.Blabbers) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 3 HKCR\protocols\Handler\base64|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt. HKCR\protocols\Handler\chrome|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt. HKCR\protocols\Handler\prox|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 3 C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache (PUP.Blabbers) -> Keine Aktion durchgeführt. Infizierte Dateien: 198 C:\Qoobox\Quarantine\C\Program Files (x86)\BrowserCompanion\BCHelper.exe.vir (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cmpguid.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\fix2.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\fix3.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\fix4.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\fix5.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\fixJQ163.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\fixJQ1_71.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\fixJQ1_71_2.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\fixJQ1_83.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\fix_IE9_ger.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\icon.png (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar183.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\lock.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\witapi.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\witmain.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\wittoolbar.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\witwidgetapi.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\xcodechange.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\003acba40adbfde226f740f147868a55_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\0227dd5d240c9bdfb9504999e66c665b_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\0984d4fababb5d92394dc5b39b700075_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\1048fa0383ec8c1a4365d4bd4fed1de5 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\1048fa0383ec8c1a4365d4bd4fed1de5_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\10876caa9bcaa0af0fd1b75ae00f4aec (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\10876caa9bcaa0af0fd1b75ae00f4aec_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\150b7566b7871fb6e0ef44753d0c6dc3_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\1ba8dcb77ad3084a8e9c7b8837e6b859 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\1ba8dcb77ad3084a8e9c7b8837e6b859_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\1bb25568f8455e74906142466f792c87_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\1d8715bd00dbafbff504a0b9666c85e1 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\1d8715bd00dbafbff504a0b9666c85e1_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\1dd4a0fdeff86d7113af5bf9018092d1 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\1dd4a0fdeff86d7113af5bf9018092d1_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\231785d024a11371bfc94ffff0a4b741_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\2328e1768b820b18ab2f301c9ff88e2c (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\2328e1768b820b18ab2f301c9ff88e2c_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\24779e9d2de93d13d7e07b527a1684d4 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\24779e9d2de93d13d7e07b527a1684d4_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\24c75ee12874b5775f0bdc6920d078a8_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\253712f62fa354f36c490a3f42ba9bfc_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\26a71d2848ed1a14bc99ea658961ed06 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\26a71d2848ed1a14bc99ea658961ed06_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\277a8fa54e28ecd52962c65ae09f7923 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\277a8fa54e28ecd52962c65ae09f7923_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\286965653b415f505622ea74d2bd3bbe_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\29885a00fc20421354db5b581d6fb9c7 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\29885a00fc20421354db5b581d6fb9c7_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\29885a00fc20421354db5b581d6fb9c7_gb (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\2a86ac4f3322238b4f27d14a09839275 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\2a86ac4f3322238b4f27d14a09839275_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\2d468ab97ca7b06a3c21e9e97b353a62_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\2e0dda2d2281da01c330dc3e12b45a9d_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\2e699bb621ffe89ade68eaef9df0d2d9 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\2e699bb621ffe89ade68eaef9df0d2d9_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\2e699bb621ffe89ade68eaef9df0d2d9_gb (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\3518e1eac042730aa1274618984462b3_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\38126fd00e0eb9d5ca912a5939b4755d (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\38126fd00e0eb9d5ca912a5939b4755d_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\38207d71d9cc86fb6daebc118ce6286c_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\3d7ac6206caeabc3e5955ad4ede73a32 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\3d7ac6206caeabc3e5955ad4ede73a32_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\3fb584595510ffd42fa9866ce0f84f32_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\4713e82e27fb9719d76577d1585acb00_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\477f5134e73f0099219c494cb23f6657_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\4c3f63645c68db469df209c2dc3a46aa_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\5255295b09bde52fbbf7e2a55d7a13f6 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\5255295b09bde52fbbf7e2a55d7a13f6_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\530e52021dc20843b1aa62957edeb9f8 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\530e52021dc20843b1aa62957edeb9f8_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\530e52021dc20843b1aa62957edeb9f8_version (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\5691d473cfba278d3447854176adcc42 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\5691d473cfba278d3447854176adcc42_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\5c07ce6ac7fa7b9ff2f3fd7a4d77eef8 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\5c07ce6ac7fa7b9ff2f3fd7a4d77eef8_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\5cdf8a7ef2ec84abac286c67587b78d9 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\5cdf8a7ef2ec84abac286c67587b78d9_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\5cdf8a7ef2ec84abac286c67587b78d9_version (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\62cce7d26ab5636bceb113b988d56c59_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\6496a43cad388e4b78f1ecce8fcffc27_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\64fb2f1cc9977e0b100dbab874b3b89c_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\656bf02a99a3ba2fbf237f6152b7f3de (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\656bf02a99a3ba2fbf237f6152b7f3de_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\658987e48ed8b4a20fa71afdd0c84454_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\6d091eb0bf44b762a039ee138e6b165c_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\6d4100dc97e9abad47303e5e0d38b2b6_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\6f8b3140943075f95ae0c74c1a13b752_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\72891ec935a3d247f2da6562ef29a005 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\72891ec935a3d247f2da6562ef29a005_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\7c0022298b948a99e406a6310bffea7f (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\7c0022298b948a99e406a6310bffea7f_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\7c0022298b948a99e406a6310bffea7f_gb (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\867f10e9a70010ef71d15c41fd2874be (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\867f10e9a70010ef71d15c41fd2874be_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\8a8dc36effa0a0300d6fb1a383936a49 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\8a8dc36effa0a0300d6fb1a383936a49_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\8f43b50088266b9870b42ce6ef7ffbde (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\8f43b50088266b9870b42ce6ef7ffbde_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\8f43b50088266b9870b42ce6ef7ffbde_gb (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\8fd0e5f2c42f56c41599ca329ef70350_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\8ffbb13aa6f702b0cafab391f90d1db7 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\8ffbb13aa6f702b0cafab391f90d1db7_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\9c2afdb0a6d9bf59b300144154b58c67_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\9c3a4c3f7d10f85147fa09d19f610015_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\9c86b973456448ae01f1cbc0d6cf607a_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\9cfd009e43704006e16e06f004decbd5 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\9cfd009e43704006e16e06f004decbd5_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\9e2a87a5ca3184adbfe91e3b37186dbd (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\9e2a87a5ca3184adbfe91e3b37186dbd_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\9ef5e4c08312c8e6d81dfd42b7176e39 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\9ef5e4c08312c8e6d81dfd42b7176e39_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\9fde1e4ac93162562a3cb3a2ca4a207d_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\a227f4517bd7937e697182f46906a6b4_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\a2853631512ec717cfd936b9a1f41b5c (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\a2853631512ec717cfd936b9a1f41b5c_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\a38dbdd1af07f4236d43e8fd995f57a6 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\a4978ceb564459d3d64682b37d89bbe3 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\a4978ceb564459d3d64682b37d89bbe3_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\a4978ceb564459d3d64682b37d89bbe3_gb (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\a6d4447986c4e442d92ed00b149c14f3_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\a7e0abb80dabcdbb6dbaec920aa126a0 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\a7e0abb80dabcdbb6dbaec920aa126a0_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\a95092a9bd34f5cfc98f78ca74502f36_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\aa36bceec49c832079e270icmc219ats (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\aaff3303cdd7526dcb9cd1bc7f49fa7a (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\aaff3303cdd7526dcb9cd1bc7f49fa7a_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\adbb013efd3fd71cf048206629fae313_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\addabc0e1349eebead03532357f33ad8 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\addabc0e1349eebead03532357f33ad8_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\b1ee91b2ef2163f40d85f38713cdc027 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\b1ee91b2ef2163f40d85f38713cdc027_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\b1ee91b2ef2163f40d85f38713cdc027_gb (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\b3688636ecfdc491aea728939c15f43e_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\b4e6d346c3e211a88a4175dba0d9e052 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\b4e6d346c3e211a88a4175dba0d9e052_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\b5080fd498f4580cd85cbf8ff41766c5_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\bdd26d3b7ab2292048466bbb3ec4a74d_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\bf73732e1f0b76bac435293ba3880579 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\bf73732e1f0b76bac435293ba3880579_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\c75261e846ce457d11060410767952c4 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\c75261e846ce457d11060410767952c4_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\c75261e846ce457d11060410767952c4_gb (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\cbb647c72e5b13b52d1392c603dcfde6 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\cbb647c72e5b13b52d1392c603dcfde6_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\cf28706faad49b5cccfc9e9e3ebbd818 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\cf28706faad49b5cccfc9e9e3ebbd818_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\cf28706faad49b5cccfc9e9e3ebbd818_gb (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\d5747e13728fd7df356bc13545143ea6_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\d5baae4ef839769f8eb7e9f9d82d8a40_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\d6418e300158fb16d8396d122d4b423b_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\d89bfd841403290d610bcf662008b443 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\d89bfd841403290d610bcf662008b443_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\d965aead622233a60676ef2349956f38_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\d9fe5d2850f1ed167451b193e8bd0e0c_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\dc9dc7eec614c4f09b8f012e4660cea0_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\ddedfe6ede02f148caf19a2dec7f877d_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\df4525cd4117d8ae1c7453b139759242 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\df4525cd4117d8ae1c7453b139759242_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\e1d6a45168e5bc9270ef03b4d2ccfd57 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\e1d6a45168e5bc9270ef03b4d2ccfd57_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\e3cd5b2c64ca319aadec7c28c6c6feba_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\e440d29f88739418e905adc0a155a174 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\e440d29f88739418e905adc0a155a174_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\e6c109bf52ef89fe99f9a9379617ab0e_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\e7395ccc0c22b2cca7bf3e0c7db4d8a6_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\e7d8325da90d91d3c4e7720f0e629e17 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\e7d8325da90d91d3c4e7720f0e629e17_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\e7d8325da90d91d3c4e7720f0e629e17_version (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\e9e14a99847657c53e1cc29cc55ab7af_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\ece5f266221b5245c6e3d7e27ddee963 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\ece5f266221b5245c6e3d7e27ddee963_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\ee2135fec207a636822e2513020c079a (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\ee2135fec207a636822e2513020c079a_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\ee2135fec207a636822e2513020c079a_gb (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\eeab68dd74d26245087956fb3caf6937_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\f1586b879e32b889596b836c8855994f (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\f1586b879e32b889596b836c8855994f_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\f6bac299a1c952b358a64e75e2e51dbd (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\f6bac299a1c952b358a64e75e2e51dbd_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\fd884a02221ff58a33d44bd2b23a7ab9 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\fd884a02221ff58a33d44bd2b23a7ab9_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Bandick\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. (Ende) |
17.06.2013, 11:07 | #8 |
/// Malware-holic | Stress mit "HEUR:Exploit.Java.CVE-2012-1723.gen" Funde gelöscht, falls nein, tu dies bitte. Dann: lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
18.06.2013, 09:33 | #9 |
| Stress mit "HEUR:Exploit.Java.CVE-2012-1723.gen" Adobe AIR Adobe Systems Incorporated 13.06.2013 2.7.0.19530 unbekannt Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 13.06.2013 6,00MB 11.7.700.224 notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 13.06.2013 6,00MB 11.7.700.224 notwendig Adobe Photoshop Elements 8.0 Adobe Systems Incorporated 13.06.2013 1,54GB 8.0 unnötig Adobe Premiere Elements 8.0 Adobe Systems Incorporated 13.06.2013 1,23GB 8.0 unbekannt Adobe Reader XI (11.0.03) - Deutsch Adobe Systems Incorporated 04.06.2013 133MB 11.0.03 notwendig Alps Pointing-device for VAIO ALPS ELECTRIC CO., LTD. 25.11.2010 unbekannt ArcSoft Magic-i Visual Effects 2 ArcSoft 13.06.2013 38,0MB 2.0.1.115 notwendig ArcSoft WebCam Companion 3 ArcSoft 13.06.2013 3.0.21.368 notwendig Ask Toolbar Ask.com 15.02.2013 5,40MB 1.15.15.0 unnötig Ask Toolbar Updater Ask.com 15.02.2013 1.2.4.36191 unnötig ATI Catalyst Install Manager ATI Technologies, Inc. 17.04.2011 22,2MB 3.0.769.0 notwendig Audials USB RapidSolution Software AG 11.05.2011 4,33MB 8.0.46302.200 unbekannt Bing Bar Microsoft Corporation 06.06.2013 464KB 7.1.355.0 unnötig BrowserCompanion 13.06.2013 unnötig CCleaner Piriform 25.03.2013 4.00 notwendig Evernote Evernote Corp. 25.11.2010 80,9MB 3.5.4.2224 unbekannt Firebird SQL Server - MAGIX Edition MAGIX AG 24.07.2011 10,1MB 2.1.27.0 unbekannt Game Alarm 25.03.2013 unnötig GinyasBrowserCompanion Ginyas 13.06.2013 unbekannt Google Chrome Google Inc. 25.11.2010 27.0.1453.110 notwendig Google Earth Google 28.03.2013 173MB 7.0.3.8542 notwendig Google Toolbar for Internet Explorer Google Inc. 13.06.2013 7.4.3607.2246 notwendig HP Officejet Pro 8600 - Grundlegende Software für das Gerät Hewlett-Packard Co. 06.06.2013 159MB 28.0.1315.0 notwendig HP Officejet Pro 8600 Hilfe Hewlett Packard 06.06.2013 22,6MB 28.0.0 notwendig HP Update Hewlett-Packard 06.06.2013 3,98MB 5.003.003.001 notwendig I.R.I.S. OCR HP 06.06.2013 68,9MB 12.3.4.0 notwendig Intel(R) Control Center Intel Corporation 25.11.2010 1.2.1.1007 notwendig Intel(R) Management Engine Components Intel Corporation 25.11.2010 6.0.0.1179 notwendig Intel(R) Rapid Storage Technology Intel Corporation 25.11.2010 9.6.0.1014 notwendig Intel(R) Turbo Boost Technology Driver Intel Corporation 25.11.2010 01.02.00.1002 notwendig Java 7 Update 21 Oracle 21.03.2013 129MB 7.0.210 notwendig Java(TM) 6 Update 20 (64-bit) Sun Microsystems, Inc. 25.11.2010 90,5MB 6.0.200 notwendig Java(TM) 6 Update 22 Oracle 11.03.2012 97,0MB 6.0.220 notwendig Java(TM) 6 Update 33 Oracle 16.07.2012 95,6MB 6.0.330 notwendig Kaspersky PURE 3.0 Kaspersky Lab 13.06.2013 13.0.2.558 notwendig MAGIX Screenshare MAGIX AG 10.08.2011 1,42MB 4.3.6.1987 notwendig MAGIX Speed burnR (MSI) MAGIX AG 10.08.2011 51,1MB 7.0.2.6 notwendig MAGIX Video deluxe 17 MAGIX AG 13.06.2013 10.0.11.0 notwendig Malwarebytes Anti-Malware Version 1.75.0.1300 Malwarebytes Corporation 13.06.2013 19,2MB 1.75.0.1300 notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 17.07.2012 38,8MB 4.0.30320 notwendig Microsoft Office 2010 Microsoft Corporation 25.11.2010 6,31MB 14.0.4763.1000 notwendig Microsoft Office Klick-und-Los 2010 Microsoft Corporation 13.06.2013 14.0.4763.1000 notwendig Microsoft Office Starter 2010 - Deutsch Microsoft Corporation 13.06.2013 14.0.4763.1000 notwendig Microsoft Silverlight Microsoft Corporation 13.03.2013 50,6MB 5.1.20125.0 notwendig Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 25.11.2010 1,72MB 3.1.0000 notwendig Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Corporation 10.04.2011 258KB 8.0.50727.4053 notwendig Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 15.06.2011 300KB 8.0.56336 notwendig Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 25.11.2010 708KB 8.0.61000 notwendig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 17.04.2011 784KB 9.0.30729.4148 notwendig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 15.06.2011 788KB 9.0.30729.6161 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 24.07.2011 590KB 9.0.30729 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 11.03.2012 224KB 9.0.30729.4148 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 25.07.2011 600KB 9.0.30729.6161 notwendig Mozilla Firefox 21.0 (x86 de) Mozilla 13.06.2013 44,7MB 21.0 notwendig Mozilla Maintenance Service Mozilla 13.06.2013 333KB 21.0 unbekannt MSXML 4.0 SP3 Parser Microsoft Corporation 25.11.2010 1,47MB 4.30.2100.0 unbekannt MSXML 4.0 SP3 Parser (KB2721691) Microsoft Corporation 13.07.2012 1,53MB 4.30.2114.0 unbekannt MSXML 4.0 SP3 Parser (KB2758694) Microsoft Corporation 12.01.2013 1,54MB 4.30.2117.0 unbekannt MSXML 4.0 SP3 Parser (KB973685) Microsoft Corporation 11.04.2011 1,53MB 4.30.2107.0 unbekannt MyFreeCodec 10.02.2013 unbekannt Norton Online Backup Symantec Corporation 25.11.2010 6,19MB 2.1.17869 unnötig OpenOffice.org 3.3 OpenOffice.org 11.03.2012 414MB 3.3.9567 notwendig PMB Sony Corporation 10.04.2011 287MB 5.5.02.12220 unbekannt Quick Web Access Sony Corporation 16.12.2012 350MB 1.4.7.0 notwendig Realtek HDMI Audio Driver for ATI Realtek Semiconductor Corp. 13.06.2013 6.0.1.6034 notwendig Realtek High Definition Audio Driver Realtek Semiconductor Corp. 25.11.2010 6.0.1.6098 notwendig Remote Play mit PlayStation®3 Sony Corporation 25.11.2010 1.0.2.06210 unbekannt Remote-Tastatur mit PlayStation 3 Sony Corporation 25.11.2010 1.0.2.06170 unbekannt Saal Design Software SSW Software GmbH 13.06.2013 2.5 unnötig Sail Simulator 5 v5.2.2.0 11.12.2011 1,14GB notwendig Samsung Kies Samsung Electronics Co., Ltd. 21.10.2011 193MB 2.0.3.11082_152 notwendig SAMSUNG USB Driver for Mobile Phones SAMSUNG Electronics Co., Ltd. 10.02.2013 42,9MB 1.5.16.0 notwendig Ski Challenge 13 (DE) 25.03.2013 notwendig Skype Click to Call Skype Technologies S.A. 22.05.2012 10,6MB 5.10.9560 notwendig Skype™ 6.1 Skype Technologies S.A. 10.03.2013 21,1MB 6.1.129 notwendig SmartSound Quicktracks for Premiere Elements 8.0 SmartSound Software Inc 25.11.2010 25,4MB 3.11.3090 unbekannt Studie zur Verbesserung von HP Officejet Pro 8600 Produkten Hewlett-Packard Co. 06.06.2013 8,31MB 28.0.1315.0 unnötig Uhr SoWoSoft 26.01.2013 464KB 1.00.0000 notwendig VAIO - Media Gallery Sony Corporation 25.11.2010 1.3.0.06230 notwendig VAIO - PlayMemories Home Plug-in Sony Corporation 03.02.2013 200MB 2.2.00.18250 unbekannt VAIO - PMB VAIO Edition Guide Sony Corporation 05.07.2011 72,3MB 1.5.00.03020 unbekannt VAIO Care Sony Corporation 27.11.2011 6.4.2.11150 notwendig VAIO Control Center Sony Corporation 25.11.2010 4.3.0.05310 notwendig VAIO Data Restore Tool Sony Corporation 25.11.2010 1.4.0.05240 notwendig VAIO DVD Menu Data Sony Corporation 25.11.2010 3.1.00.16130 notwendig VAIO Gate Sony Corporation 02.02.2012 2.4.1.09230 notwendig VAIO Gate Default Sony Corporation 25.11.2010 2.2.0.07020 notwendig VAIO Media plus Sony Corporation 25.11.2010 2.1.0.18210 notwendig VAIO Media plus Opening Movie Sony Corporation 25.11.2010 2.1.0.13220 notwendig VAIO Movie Story Template Data Sony Corporation 25.11.2010 438MB 3.1.00.16130 notwendig VAIO Sample Contents Sony Corporation 25.11.2010 1.3.0.06041 notwendig VAIO screensaver Sony Europe 13.06.2013 1.0.0.0 notwendig VAIO Smart Network Sony Corporation 25.11.2010 3.3.0.06080 notwendig VAIO Update Sony Corporation 14.06.2013 6.2.1.03260 notwendig VAIO-Handbuch Sony Corporation 25.11.2010 1.1.0.05280 notwendig VAIO-Support für Übertragungen Sony Corporation 25.11.2010 1.2.0.06230 notwendig WIDCOMM Bluetooth Software Broadcom Corporation 25.11.2010 183MB 6.3.0.5600 notwendig Windows Live Essentials Microsoft Corporation 05.04.2012 15.4.3555.0308 notwendig Windows Live Sync Microsoft Corporation 25.11.2010 2,79MB 14.0.8117.416 notwendig Yahoo! Messenger Yahoo! Inc. 13.06.2013 notwendig Yahoo! Software Update 13.06.2013 notwendig Yahoo! Toolbar 13.06.2013 unnötig |
18.06.2013, 16:04 | #10 |
/// Malware-holic | Stress mit "HEUR:Exploit.Java.CVE-2012-1723.gen" Hi, deinstaliere: Adobe Photoshop Adobe Premiere bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Ask : beide Bing BrowserCompanion Evernote Game GinyasBrowserCompanion Google Toolbar : bitte verzichte auf Toolbars, sind nur ein zusatz Risiko, verlangsamen den Browser. Java(TM) 6 : alle Norton Saal Studie Yahoo! Toolbar Öffne CCleaner, analysieren, starten, PC neustarten Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
18.06.2013, 22:10 | #11 |
| Stress mit "HEUR:Exploit.Java.CVE-2012-1723.gen" AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.303 - Datei am 18/06/2013 um 23:02:06 erstellt # Aktualisiert am 08/06/2013 von Xplode # Betriebssystem : Windows 7 Home Premium (64 bits) # Benutzer : Bandick - BANDICK-VAIO # Bootmodus : Normal # Ausgeführt unter : C:\Users\Bandick\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\user.js Datei Gelöscht : C:\Windows\Tasks\GinyasBrowserCompanion Chrome Watcher.job Datei Gelöscht : C:\Windows\Tasks\GinyasBrowserCompanion FireFox Watcher.job Datei Gelöscht : C:\Windows\Tasks\GinyasBrowserCompanion Runner.job Datei Gelöscht : C:\Windows\Tasks\GinyasBrowserCompanion Stats Report.job Datei Gelöscht : C:\Windows\Tasks\GinyasBrowserCompanion Update Checker.job Gelöscht mit Neustart : C:\ProgramData\GinyasBrowserCompanion Ordner Gelöscht : C:\Program Files (x86)\Ask.com Ordner Gelöscht : C:\ProgramData\Ask Ordner Gelöscht : C:\ProgramData\Babylon Ordner Gelöscht : C:\ProgramData\Partner Ordner Gelöscht : C:\Users\Bandick\AppData\Local\Babylon Ordner Gelöscht : C:\Users\Bandick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf Ordner Gelöscht : C:\Users\Bandick\AppData\LocalLow\BabylonToolbar Ordner Gelöscht : C:\Users\Bandick\AppData\Roaming\Babylon Ordner Gelöscht : C:\Users\Bandick\AppData\Roaming\Mozilla\Firefox\Profiles\bsn6v8jn.default\extensions\bbrs_002@blabbers.com Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\BrowserCompanion Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gelöscht : HKLM\Software\Babylon Schlüssel Gelöscht : HKLM\Software\BrowserCompanion Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Schlüssel Gelöscht : HKLM\Software\DeviceVM Schlüssel Gelöscht : HKLM\Software\GinyasBrowserCompanion Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\clbfjfbnelcflpgpklppgplejolacbej Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16476 Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?babsrc=NT_ss&mntrId=a0c9eb5600000000000090004ea9f275&tlver=1.4.19.19&ss=1&affID=17395 --> hxxp://www.google.com -\\ Mozilla Firefox v21.0 (de) Datei : C:\Users\Bandick\AppData\Roaming\Mozilla\Firefox\Profiles\bsn6v8jn.default\prefs.js Gelöscht : user_pref("browser.search.order.1", "Ask.com"); Gelöscht : user_pref("browser.search.selectedEngine", "Ask.com"); -\\ Google Chrome v27.0.1453.110 Datei : C:\Users\Bandick\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[S1].txt - [7197 octets] - [18/06/2013 23:02:06] ########## EOF - C:\AdwCleaner[S1].txt - [7257 octets] ########## |
18.06.2013, 22:15 | #12 |
/// Malware-holic | Stress mit "HEUR:Exploit.Java.CVE-2012-1723.gen" Hi, Bitte beginne damit, Windows Updates zu instalieren. Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst. Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist: - Updates automatisch Instalieren, - Täglich - Uhrzeit wählen - Bitte den gesammten rest anhaken, außer: - detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist. Klicke jetzt die Schaltfläche "OK" Klicke jetzt "nach Updates suchen". Bitte instaliere zunächst wichtige Updates. Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren. Mache das selbe bitte mit den optionalen Updates. Wenn du denkst, fertig zu sein, klicke auf computer, eigenschaften, prüfe, ob das Servicepack1 (SP1) instaliert ist, wenn fertig, gib bescheid, bzw bei Problemen melden
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
18.06.2013, 22:56 | #13 |
| Stress mit "HEUR:Exploit.Java.CVE-2012-1723.gen" hab alles erledigt. windows update war aktuell. ob Servicepack SP1 installiert ist, konnte ich nicht herausfinden. wo kann man das noch sehen? |
18.06.2013, 22:58 | #14 |
/// Malware-holic | Stress mit "HEUR:Exploit.Java.CVE-2012-1723.gen" rechtsklick, computer, eigenschaften
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
18.06.2013, 23:02 | #15 |
| Stress mit "HEUR:Exploit.Java.CVE-2012-1723.gen" auf "Computer" in Startmenü Rechtsklick? Nach Klicken von Eigenschaften finde ich da nichts zum SP1 |
Themen zu Stress mit "HEUR:Exploit.Java.CVE-2012-1723.gen" |
adobe, bho, bingbar, desktop, ebanking, error, explorer, firefox, format, google, heur, heur:exploit.java.cve-2012-1723.gen, home, infizierte, logfile, malware, mozilla, netzwerk, nvidia, officejet, plug-in, programme, realtek, registry, required, rundll, scan, symantec, tastatur, trojaner, virus, windows, winlogon.exe |