| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Systemüberprüfung evtl. VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.06.2013, 20:33
| #1 |
 |  Systemüberprüfung evtl. Virus Hallo, ich habe hier ein Compaq Presario CQ71 also schon ein wenig in die Tage gekommenes Model von meinem Vater hier stehen der sich nicht besonders gut damit auskennt. der Lappi hat nach Downloads den WLan Treiber rausgeworfen und findet diesen nicht mehr es sind einige toolbars installiert die sich eigenständig wieder nach einer deinstallation installieren und irgend so ein tune programm das man kaufen soll das bei jedem start automatisch durchläuft. es gibt keine CD oder sonstiges ist ein Recovery System aber auch hier haben wir keine CD davon. Ich möchte nun eine System überrüfung durchführen und die registry bereinigen. weiß nicht wie ich vorgehen soll und benötige hilfe das der wieder störungsfrei läuft. |
|
13.06.2013, 21:46
| #2 |
| /// Malware-holic   | Systemüberprüfung evtl. Virus hi
__________________schau mal ob das klappt, wenn nich neustarten und im abgesicherten modus die logs bzw programme hin und her kopieren, abges ,pdis ost bei neustart via f8 zu erreichen. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
14.06.2013, 17:24
| #3 |
| | Systemüberprüfung evtl. Virus txt otl
__________________Code:
ATTFilter OTL logfile created on: 14.06.2013 17:27:23 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gerhard\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,91 Gb Total Physical Memory | 2,56 Gb Available Physical Memory | 65,50% Memory free 7,81 Gb Paging File | 6,26 Gb Available in Paging File | 80,21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 453,04 Gb Total Space | 248,79 Gb Free Space | 54,92% Space Free | Partition Type: NTFS Drive D: | 12,52 Gb Total Space | 2,08 Gb Free Space | 16,64% Space Free | Partition Type: NTFS Computer Name: LABTOP | User Name: Gerhard | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.14 17:24:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gerhard\Desktop\OTL.exe PRC - [2013.06.07 10:59:54 | 001,074,736 | ---- | M] (Iminent) -- C:\Program Files (x86)\Iminent\Iminent.exe PRC - [2013.06.07 10:59:54 | 000,884,784 | ---- | M] (Iminent) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe PRC - [2013.06.06 08:17:28 | 002,715,176 | ---- | M] (Iminent) -- C:\Program Files (x86)\Common Files\Umbrella\Umbrella.exe PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.05.09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.12.05 14:22:40 | 000,092,632 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe PRC - [2012.12.05 14:22:38 | 000,247,768 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe PRC - [2012.05.05 19:14:47 | 004,701,120 | ---- | M] (SlySoft, Inc.) -- C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe PRC - [2012.03.20 14:08:50 | 000,069,632 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe PRC - [2012.03.20 14:08:30 | 000,008,704 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe PRC - [2011.05.24 11:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2010.04.03 01:27:32 | 001,234,216 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe PRC - [2010.03.25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2009.01.30 00:20:49 | 000,057,344 | ---- | M] (SlySoft, Inc.) -- C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe ========== Modules (No Company Name) ========== MOD - [2013.06.13 19:55:58 | 017,965,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a7f572c13f2f8ba3faf7cc2025e78bf3\PresentationFramework.ni.dll MOD - [2013.06.13 19:55:35 | 011,403,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\43193cce8a3ff46aeb98d407aaa6632a\PresentationCore.ni.dll MOD - [2013.06.13 19:55:23 | 003,842,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a84c2e8113b5a372c6bc86d2557540bb\WindowsBase.ni.dll MOD - [2013.06.13 19:28:24 | 006,760,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\57eebf4fcfd7e2ec84feadd61df89e5b\System.Data.ni.dll MOD - [2013.06.13 19:28:14 | 007,030,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\7d25d3d995ec9ddda115a92e6f49f822\System.Core.ni.dll MOD - [2013.06.13 19:28:14 | 005,577,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a97e5233faff4a524ac95c2db60f542b\System.Xml.ni.dll MOD - [2013.06.13 19:28:09 | 000,977,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\1f2a789d8beed74cfaf7d9e598b0e002\System.Configuration.ni.dll MOD - [2013.06.13 19:28:05 | 013,179,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\671146421e8acb9c75fac007c03b85ad\System.Windows.Forms.ni.dll MOD - [2013.06.13 19:27:54 | 001,664,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\7ee8f50a44a88e61762011039a43ee4d\System.Drawing.ni.dll MOD - [2013.06.13 19:27:50 | 009,033,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\9cbc1a8d10cbedc6579cefc6b22c3a10\System.ni.dll MOD - [2013.06.13 19:27:41 | 014,415,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b3b0fe07ee30471c9740485981250152\mscorlib.ni.dll MOD - [2013.05.15 08:55:15 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\3c2ed368e1f3889997dfb42a5ca77284\System.Core.ni.dll MOD - [2013.05.15 08:54:18 | 000,644,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Data\7a7006564c7d5d3bd2fff91c651f4d68\Vodafone.Data.ni.dll MOD - [2013.05.15 08:54:18 | 000,177,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Common\ccc6c1d07da6f7b99c496b800927a57e\Vodafone.Common.ni.dll MOD - [2013.05.15 08:49:20 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll MOD - [2013.05.15 08:49:06 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll MOD - [2013.05.15 08:48:48 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll MOD - [2013.05.15 08:48:43 | 000,687,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\23673bbebe3c0ca7c894e614bb3ffd1a\System.Security.ni.dll MOD - [2013.05.15 08:48:40 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll MOD - [2013.03.28 20:17:19 | 000,218,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.FNCClient11#\3b21f0b55f7c0dc1fe2295613c3cb921\Interop.FNCClient11Lib.ni.dll MOD - [2013.03.28 20:17:18 | 000,198,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Model.Conn#\498f810fb1b2f2bc8dcd283d3a5b237c\Vodafone.Model.Connection.ni.dll MOD - [2013.03.28 20:17:18 | 000,050,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.UpdateMana#\ceafd0efdd035a69d91e5293a9050334\Vodafone.UpdateManager.ni.dll MOD - [2013.03.28 20:17:16 | 000,542,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.View.Secon#\4e3463fd2bbbeb9256e5fdb2d5f52309\Vodafone.View.SecondaryWindows.ni.dll MOD - [2013.03.28 20:17:14 | 000,081,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Core.Remot#\4842322586980e2aa662b7b1e88c7e11\Vodafone.Core.Remoting.ni.dll MOD - [2013.03.28 20:17:13 | 000,544,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Inter#\badb7308337bf7e4916b97fc5fab14e4\Vodafone.Base.Internals.ni.dll MOD - [2013.03.28 20:17:11 | 000,044,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Facto#\ef5c16d705265f3e1efda0e658d4fae6\Vodafone.Base.Factory.ni.dll MOD - [2013.03.28 20:17:10 | 000,302,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DeviceAcce#\78fd63281a3894fad4b847d5b37ec2ac\Vodafone.DeviceAccess.Internals.ni.dll MOD - [2013.03.28 20:17:10 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DeviceAcce#\c35bd15dc0b6e6d6fa60b925a4542c1a\Vodafone.DeviceAccess.Interfaces.ni.dll MOD - [2013.03.28 20:17:09 | 000,136,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DeviceAcce#\77db3555a86b9fa682686be458737bf7\Vodafone.DeviceAccess.Factory.ni.dll MOD - [2013.03.28 20:17:08 | 000,070,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.VpnApiLib\db3ad96a4eabdaf8c6d3621dfbef2379\Interop.VpnApiLib.ni.dll MOD - [2013.03.28 20:17:08 | 000,022,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.INSTALLERCO#\f52d12a80cd22baf114cbe6c178ea653\Interop.INSTALLERCONTROLLib.ni.dll MOD - [2013.03.28 20:17:07 | 000,031,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.FCCOMINTDLL#\d22f87b0c2a72cb67b2171f9ae12c46c\Interop.FCCOMINTDLLLib.ni.dll MOD - [2013.03.28 20:17:06 | 000,125,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Vpn\6653c516cf79030823afb794d6dde501\Vodafone.Vpn.ni.dll MOD - [2013.03.28 20:17:05 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.LanWlanMan#\060c0ac8d4a84bc5233a7773f45064b4\Vodafone.LanWlanManager.ni.dll MOD - [2013.03.28 20:17:04 | 001,125,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.BusinessLo#\dd237c12e95b0181e4babc764b00fa87\Vodafone.BusinessLogic.ni.dll MOD - [2013.03.28 20:17:01 | 000,046,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Core.CoreI#\4764415b160349e224381abcf909ff8b\Vodafone.Core.CoreInstanceProvider.ni.dll MOD - [2013.03.28 20:17:01 | 000,041,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\0689c3c6ac3ea81d940c65afd8b4ecb4\Vodafone.Contracts.Adapter.ni.dll MOD - [2013.03.28 20:16:59 | 000,037,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Core.Inter#\cf1b7fc71fb53371ec391991c805dde9\Vodafone.Core.Interfaces.ni.dll MOD - [2013.03.28 20:16:59 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.OutlookCon#\85393d8e6f700dd1f061b2040dba5bbc\Vodafone.OutlookConnector.ni.dll MOD - [2013.03.28 20:16:57 | 000,353,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.ReportingM#\263e08b0b299c349d06cb0638e921045\Vodafone.ReportingManager.ni.dll MOD - [2013.03.28 20:16:55 | 000,193,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.SmsContact#\20c2dcf386a08f64041005525342a067\Vodafone.SmsContactManager.ni.dll MOD - [2013.03.28 20:16:53 | 000,047,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Common.Logging\0c5008375abad2d7074f91953acd7158\Common.Logging.ni.dll MOD - [2013.03.28 20:16:52 | 002,104,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Spring.Core\4a69d3bfa1111bcd9328e15165ee78ad\Spring.Core.ni.dll MOD - [2013.03.28 20:16:48 | 000,042,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.InstancePr#\f803724c450d42cb1d36346bd3d0ef8e\Vodafone.InstanceProvider.Impl.ni.dll MOD - [2013.03.28 20:16:46 | 000,025,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.View.Manag#\8affa779c99360666e2ff34dd6200af6\Vodafone.View.ManagedToolTip.ni.dll MOD - [2013.03.28 20:16:45 | 000,035,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\320b44967a9659206b4c119dcd92426f\Vodafone.Contracts.Presenter.ni.dll MOD - [2013.03.28 20:16:41 | 001,304,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.U#\f4ca72c3d9638d73b47c35ca730b0381\Infragistics2.Win.UltraWinEditors.v9.2.ni.dll MOD - [2013.03.28 20:16:39 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.M#\75298ac9b1442d682eb275e0af55c54a\Infragistics2.Win.Misc.v9.2.ni.dll MOD - [2013.03.28 20:16:33 | 011,055,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.v#\b100ea9c0606c9e1f265c1f610c3ca88\Infragistics2.Win.v9.2.ni.dll MOD - [2013.03.28 20:16:16 | 000,871,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Share#\1ebe24369c92a181b263b1426fce18f2\Infragistics2.Shared.v9.2.ni.dll MOD - [2013.03.28 20:16:11 | 007,140,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.U#\1bd47dc0e94ca0b2e7834b697cef6d59\Infragistics2.Win.UltraWinToolbars.v9.2.ni.dll MOD - [2013.03.28 20:16:01 | 000,125,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Core.Contr#\40d9b4fd9aa5185380728e8e25fead3d\Vodafone.Core.Contracts.ni.dll MOD - [2013.03.28 20:16:00 | 000,133,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\37f784df34babce5ddcdc7936b093a9f\Vodafone.Contracts.Model.ni.dll MOD - [2013.03.28 20:15:58 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\4f06cf3bc06b386432fb3d22811c5c85\Vodafone.Contracts.Common.ni.dll MOD - [2013.03.28 20:15:58 | 000,091,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DeviceAcce#\97620001ca244e1a1883348509a0f979\Vodafone.DeviceAccess.Contracts.ni.dll MOD - [2013.03.28 20:15:56 | 000,104,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\ac9cc773167d821f9b2ad35d5f78f506\Vodafone.Contracts.View.ni.dll MOD - [2013.03.28 20:15:55 | 000,966,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.View.Shared\8c1e9acd7d06f03da6020674841333b7\Vodafone.View.Shared.ni.dll MOD - [2013.03.28 20:15:53 | 000,386,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.CommonDial#\98b06a0470661c0ca7f27268291df700\Vodafone.CommonDialogs.ni.dll MOD - [2013.03.28 20:15:51 | 000,963,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Applicatio#\7f7972527318c23593853e0e32f9f400\Vodafone.ApplicationHost.Impl.ni.dll MOD - [2013.03.28 20:15:48 | 000,080,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.SmsProfile#\36e387b90a491ecb46ada06a083095b8\Vodafone.SmsProfileManager.ni.dll MOD - [2013.03.28 20:15:48 | 000,059,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.SettingsMa#\ac758964260e310e9daccc00378d2cc3\Vodafone.SettingsManager.ni.dll MOD - [2013.03.28 20:15:47 | 000,363,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DataAccess#\0c70025aa442a7fc103d6ff8b16f5f60\Vodafone.DataAccessor.ni.dll MOD - [2013.03.28 20:15:47 | 000,119,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.Shell32\d65e3892ff3bfd90b6b37f7ef0c8761c\Interop.Shell32.ni.dll MOD - [2013.03.28 20:15:45 | 002,035,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MobileBroadbandReso#\09bac272a8e4df4cf5d05f068727c29e\MobileBroadbandResources.ni.dll MOD - [2013.03.28 20:15:44 | 000,357,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Win32\60002c018d20905664e6960de36ba224\Vodafone.Base.Win32.ni.dll MOD - [2013.03.28 20:15:44 | 000,022,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Mondrian\b22412ccf92415424f7ed3f0b863e173\Vodafone.Mondrian.ni.dll MOD - [2013.03.28 20:15:43 | 000,184,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Contr#\556853b3c47beaf7c0bba81fffeb9d97\Vodafone.Base.Contracts.ni.dll MOD - [2013.03.28 20:15:43 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.MobileBroa#\f2a56f70c738d6761b0227e626687aea\Vodafone.MobileBroadband.CallbackHandler.ni.dll MOD - [2013.03.28 20:15:41 | 001,418,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Platform\c5618f40d80c1529f9f79c2005435a0e\Vodafone.Platform.ni.dll MOD - [2013.03.28 20:15:38 | 000,101,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.LogEngine\afd43e26657df3ed79a0a9523dc24808\Vodafone.LogEngine.ni.dll MOD - [2013.03.28 20:15:37 | 000,057,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MobileBroadband\8f36041b15493523ede18ec2f817b86a\MobileBroadband.ni.exe MOD - [2013.02.14 08:54:35 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll MOD - [2013.01.10 12:56:44 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll MOD - [2013.01.10 12:53:21 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.01.10 12:53:19 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll MOD - [2013.01.10 12:53:18 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll MOD - [2013.01.10 12:52:42 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.10 12:52:40 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll MOD - [2013.01.10 12:52:20 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.10 12:52:15 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.10 12:52:03 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012.03.20 14:08:46 | 000,396,800 | ---- | M] () -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\Vodafone.View.Taskbar.dll MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.05 03:58:50 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2010.11.05 03:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2009.07.14 03:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll MOD - [2009.06.17 11:40:16 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll MOD - [2009.06.17 11:40:16 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll MOD - [2009.06.17 11:40:16 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2009.06.10 23:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ========== Services (SafeList) ========== SRV:64bit: - [2009.07.22 03:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe -- (STacSV) SRV:64bit: - [2009.03.02 23:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters) SRV - [2013.06.12 15:16:44 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.06.06 08:17:28 | 002,715,176 | ---- | M] (Iminent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Umbrella\Umbrella.exe -- (SProtection) SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.12.05 14:22:40 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2012.09.27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2012.03.20 14:08:30 | 000,008,704 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService) SRV - [2011.05.24 11:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2011.04.26 14:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2010.10.12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010.03.25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.07.22 03:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe -- (STacSV) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.02 23:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters) SRV - [2009.02.22 12:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.05.09 10:59:07 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2013.05.09 10:59:07 | 000,378,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2013.05.09 10:59:07 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm) DRV:64bit: - [2013.05.09 10:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2013.05.09 10:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt) DRV:64bit: - [2013.05.09 10:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2013.05.09 10:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2013.05.09 10:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012.08.20 12:48:22 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rrnetcap.sys -- (RRNetCapMP) DRV:64bit: - [2012.08.20 12:48:22 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rrnetcap.sys -- (RRNetCap) DRV:64bit: - [2012.03.16 15:55:26 | 000,227,840 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys -- (huawei_wwanecm) DRV:64bit: - [2012.03.16 15:55:26 | 000,098,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm) DRV:64bit: - [2012.03.16 15:55:26 | 000,087,040 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV:64bit: - [2012.03.16 15:55:26 | 000,028,672 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl) DRV:64bit: - [2012.03.16 15:55:24 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.11.16 13:02:21 | 000,047,208 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd) DRV:64bit: - [2010.11.23 11:45:55 | 000,040,616 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 15:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.09.14 15:16:15 | 000,125,888 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD) DRV:64bit: - [2010.08.25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010.03.04 21:00:20 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin) DRV:64bit: - [2009.07.25 03:22:18 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.07.22 03:33:32 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.24 21:00:18 | 000,216,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.26 14:13:10 | 000,138,752 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) DRV:64bit: - [2009.05.22 16:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.04.29 08:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV:64bit: - [2007.02.16 02:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL) DRV - [2010.09.14 15:16:15 | 000,125,888 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2007.02.16 02:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B1E2DA6F-80F2-4481-BF9B-27FDA9B8B6C0} IE:64bit: - HKLM\..\SearchScopes\{1276CCB3-169D-4E6A-8AA7-245C91B39EE0}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE:64bit: - HKLM\..\SearchScopes\{A6AEB138-D263-484A-8A11-D0DC14A16F0F}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE:64bit: - HKLM\..\SearchScopes\{B1E2DA6F-80F2-4481-BF9B-27FDA9B8B6C0}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {3efefe31-d81e-4bd7-918f-d588cb409f39} - C:\Program Files (x86)\NCH_DE\prxtbNCH_.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {217E150D-878F-4281-BF0B-1D5E0CE10C3F} IE - HKLM\..\SearchScopes\{1276CCB3-169D-4E6A-8AA7-245C91B39EE0}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKLM\..\SearchScopes\{A6AEB138-D263-484A-8A11-D0DC14A16F0F}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKLM\..\SearchScopes\{B1E2DA6F-80F2-4481-BF9B-27FDA9B8B6C0}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Presario&pf=cnnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.holasearch.com/?affID=121962&babsrc=HP_ss&mntrId=06AB0CEEE69D3510 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {3efefe31-d81e-4bd7-918f-d588cb409f39} - C:\Program Files (x86)\NCH_DE\prxtbNCH_.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {217E150D-878F-4281-BF0B-1D5E0CE10C3F} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.holasearch.com/?q={searchTerms}&affID=121962&babsrc=SP_ss&mntrId=06AB0CEEE69D3510 IE - HKCU\..\SearchScopes\{1276CCB3-169D-4E6A-8AA7-245C91B39EE0}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKCU\..\SearchScopes\{217E150D-878F-4281-BF0B-1D5E0CE10C3F}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3282494&CUI=UN23694838691444047&UM=1 IE - HKCU\..\SearchScopes\{23EA8AC5-A42E-4A60-BC95-7D2B82C7CA78}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=D5C973A0-795E-4EC7-8C2E-AD86BCBF901A&apn_sauid=D717E538-DAC9-4EEA-A03A-44C0C76B572E IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{A6AEB138-D263-484A-8A11-D0DC14A16F0F}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKCU\..\SearchScopes\{B1E2DA6F-80F2-4481-BF9B-27FDA9B8B6C0}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Gerhard\AppData\Roaming\Move Networks\plugins\071803000001\npqmp071803000001.dll (Move Networks) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Gerhard\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Gerhard\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) [2013.02.19 16:44:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gerhard\AppData\Roaming\mozilla\Extensions [2013.02.19 16:44:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gerhard\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2013.06.13 14:47:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions ========== Chrome ========== CHR - default_search_provider: Ask (Enabled) CHR - default_search_provider: search_url = hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=D5C973A0-795E-4EC7-8C2E-AD86BCBF901A&apn_ptnrs=U3&apn_sauid=D717E538-DAC9-4EEA-A03A-44C0C76B572E&apn_dtid=OSJ000YYDE&q={searchTerms} CHR - default_search_provider: suggest_url = hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms} CHR - homepage: hxxp://www.holasearch.com/?affID=121962&babsrc=HP_ss&mntrId=06AB0CEEE69D3510 CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Gerhard\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Gerhard\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Gerhard\AppData\Local\Google\Chrome\Application\27.0.1453.110\gcswf32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL CHR - plugin: Move Media Player 7 (Enabled) = C:\Users\Gerhard\AppData\Roaming\Move Networks\plugins\071803000001\npqmp071803000001.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Gerhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\Gerhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: avast! Online Security = C:\Users\Gerhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\ CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Gerhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\ CHR - Extension: Google Mail = C:\Users\Gerhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) O2 - BHO: (NCH_DE Toolbar) - {3efefe31-d81e-4bd7-918f-d588cb409f39} - C:\Program Files (x86)\NCH_DE\prxtbNCH_.dll (Conduit Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (NCH_DE Toolbar) - {3efefe31-d81e-4bd7-918f-d588cb409f39} - C:\Program Files (x86)\NCH_DE\prxtbNCH_.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKCU\..\Toolbar\WebBrowser: (NCH_DE Toolbar) - {3EFEFE31-D81E-4BD7-918F-D588CB409F39} - C:\Program Files (x86)\NCH_DE\prxtbNCH_.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.) O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS) O4 - HKLM..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe (Iminent) O4 - HKLM..\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent) O4 - HKLM..\Run: [MobileBroadband] C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone) O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.) O4 - HKCU..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW File not found O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm () O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm () O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (CDownloadCtrl Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FB07AD4-1CC7-4527-916B-E0D7D1376944}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{404369CD-61E2-405C-994B-537460E0DB44}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{c98e2ae2-97d2-11e2-acb2-00269e632596}\Shell - "" = AutoRun O33 - MountPoints2\{c98e2ae2-97d2-11e2-acb2-00269e632596}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.06.14 17:24:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Gerhard\Desktop\OTL.exe [2013.06.13 15:17:56 | 000,000,000 | ---D | C] -- C:\Users\Gerhard\AppData\Roaming\Iminent [2013.06.13 15:17:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Iminent [2013.06.13 14:56:24 | 000,000,000 | ---D | C] -- C:\60059b2d24c08fa54c [2013.06.13 14:48:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions [2013.06.13 14:48:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins [2013.06.13 14:47:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.06.13 14:47:35 | 000,000,000 | ---D | C] -- C:\Users\Gerhard\AppData\Roaming\PerformerSoft [2013.06.13 14:47:27 | 000,019,632 | ---- | C] (PerformerSoft LLC) -- C:\Windows\SysNative\roboot64.exe [2013.06.13 14:47:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Performer [2013.06.13 14:47:24 | 000,000,000 | ---D | C] -- C:\ProgramData\IBUpdaterService [2013.06.13 14:47:22 | 000,000,000 | ---D | C] -- C:\Users\Gerhard\AppData\Roaming\File Scout [2013.06.13 14:47:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Performer [2013.06.13 14:47:08 | 000,000,000 | ---D | C] -- C:\Users\Gerhard\AppData\Roaming\Babylon [2013.06.13 14:47:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013.06.13 14:46:46 | 000,000,000 | ---D | C] -- C:\Users\Gerhard\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl [2013.06.13 14:46:44 | 000,000,000 | ---D | C] -- C:\7068c354e53e5f026c [2013.06.13 14:46:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent [2013.06.13 14:46:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Umbrella [2013.06.13 14:46:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Iminent [2013.06.13 14:27:40 | 170,172,360 | ---- | C] (Sony Creative Software Inc.) -- C:\Users\Gerhard\Desktop\soundforgepro10.exe [2013.06.13 14:19:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit [2013.06.13 14:19:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH_DE [2013.06.13 14:19:42 | 000,000,000 | ---D | C] -- C:\Users\Gerhard\AppData\Local\Conduit [2013.06.13 14:19:08 | 000,000,000 | ---D | C] -- C:\Users\Gerhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette [2013.06.13 14:19:07 | 000,000,000 | ---D | C] -- C:\Users\Gerhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Audioverwandte Programme [2013.06.13 14:19:06 | 000,000,000 | ---D | C] -- C:\Users\Gerhard\Documents\Mixpad Projects [2013.06.13 14:19:00 | 000,000,000 | ---D | C] -- C:\Users\Gerhard\AppData\Roaming\NCH Software [2013.06.13 14:19:00 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software [2013.06.13 14:18:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette [2013.06.13 14:18:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audioverwandte Programme [2013.06.13 14:18:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Software [2013.06.13 14:16:44 | 000,000,000 | ---D | C] -- C:\Users\Gerhard\AppData\Roaming\Sony [2013.06.11 15:52:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\nn-NO [2013.06.11 15:52:53 | 000,439,808 | ---- | C] (Atheros) -- C:\Windows\SysNative\athihvs.dll [2013.06.11 15:52:53 | 000,060,416 | ---- | C] (Atheros) -- C:\Windows\SysNative\athihvui.dll [2013.06.11 09:58:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simfy [2013.06.11 09:58:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\simfy [2013.05.28 09:10:13 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2013.05.28 09:09:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2010.03.04 21:00:20 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Gerhard\AppData\Roaming\pcouffin.sys ========== Files - Modified Within 30 Days ========== [2013.06.14 17:24:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gerhard\Desktop\OTL.exe [2013.06.14 17:16:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.14 17:11:50 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.14 17:11:50 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.14 17:11:02 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-139721644-1476678736-2208258675-1001UA.job [2013.06.14 16:53:36 | 000,000,292 | ---- | M] () -- C:\ProgramData\hpqp.ini [2013.06.14 16:52:46 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.14 16:52:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.14 16:52:23 | 3144,880,128 | -HS- | M] () -- C:\hiberfil.sys [2013.06.13 19:53:29 | 001,519,874 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.13 19:53:29 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.13 19:53:29 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.13 19:53:29 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.13 19:53:29 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.13 19:50:01 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.13 17:30:46 | 000,000,635 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog [2013.06.13 17:29:36 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\PC Performer_UPDATES.job [2013.06.13 17:29:36 | 000,000,280 | ---- | M] () -- C:\Windows\tasks\PC Performer_DEFAULT.job [2013.06.13 14:40:57 | 170,172,360 | ---- | M] (Sony Creative Software Inc.) -- C:\Users\Gerhard\Desktop\soundforgepro10.exe [2013.06.13 14:20:03 | 000,000,009 | ---- | M] () -- C:\END [2013.06.13 14:19:06 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\MixPad Audiodatei-Mixer.lnk [2013.06.13 14:18:44 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\WavePad Audio-Editor.lnk [2013.06.12 10:11:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-139721644-1476678736-2208258675-1001Core.job [2013.06.07 09:17:08 | 000,002,372 | ---- | M] () -- C:\Users\Gerhard\Desktop\Google Chrome.lnk [2013.05.28 21:26:47 | 000,004,608 | ---- | M] () -- C:\Users\Gerhard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.05.28 09:04:41 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt ========== Files Created - No Company Name ========== [2013.06.13 17:30:36 | 000,000,635 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog [2013.06.13 14:47:55 | 000,000,280 | ---- | C] () -- C:\Windows\tasks\PC Performer_DEFAULT.job [2013.06.13 14:47:47 | 000,000,288 | ---- | C] () -- C:\Windows\tasks\PC Performer_UPDATES.job [2013.06.13 14:19:12 | 000,000,009 | ---- | C] () -- C:\END [2013.06.13 14:19:06 | 000,001,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MixPad Audiodatei-Mixer.lnk [2013.06.13 14:19:06 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\MixPad Audiodatei-Mixer.lnk [2013.06.13 14:18:44 | 000,001,112 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WavePad Audio-Editor.lnk [2013.06.13 14:18:44 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\WavePad Audio-Editor.lnk [2013.05.28 21:26:45 | 000,004,608 | ---- | C] () -- C:\Users\Gerhard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.11 15:05:46 | 000,000,032 | ---- | C] () -- C:\Users\Gerhard\.simfy [2012.03.20 19:42:48 | 000,001,057 | ---- | C] () -- C:\Users\Gerhard\AppData\Roaming\vso_ts_preview.xml [2012.03.16 15:55:44 | 000,286,678 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2011.05.31 12:47:07 | 000,000,355 | ---- | C] () -- C:\Users\Gerhard\Computer - Verknüpfung.lnk [2011.05.30 18:19:39 | 000,000,043 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.03.08 16:10:40 | 000,001,854 | ---- | C] () -- C:\Users\Gerhard\AppData\Roaming\GhostObjGAFix.xml [2010.03.04 21:00:20 | 000,099,384 | ---- | C] () -- C:\Users\Gerhard\AppData\Roaming\inst.exe [2010.03.04 21:00:20 | 000,007,859 | ---- | C] () -- C:\Users\Gerhard\AppData\Roaming\pcouffin.cat [2010.03.04 21:00:20 | 000,001,167 | ---- | C] () -- C:\Users\Gerhard\AppData\Roaming\pcouffin.inf [2010.01.28 12:00:01 | 000,000,804 | ---- | C] () -- C:\Users\Gerhard\AppData\Roaming\wklnhst.dat [2009.09.25 01:51:53 | 000,000,292 | ---- | C] () -- C:\ProgramData\hpqp.ini ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.06.13 14:47:08 | 000,000,000 | ---D | M] -- C:\Users\Gerhard\AppData\Roaming\Babylon [2012.03.29 12:06:25 | 000,000,000 | ---D | M] -- C:\Users\Gerhard\AppData\Roaming\biu software [2010.08.07 09:40:53 | 000,000,000 | ---D | M] -- C:\Users\Gerhard\AppData\Roaming\concept design [2013.02.25 16:23:05 | 000,000,000 | ---D | M] -- C:\Users\Gerhard\AppData\Roaming\DVDVideoSoft [2012.04.30 19:12:03 | 000,000,000 | ---D | M] -- C:\Users\Gerhard\AppData\Roaming\DVDVideoSoftIEHelpers [2010.02.16 14:50:17 | 000,000,000 | ---D | M] -- C:\Users\Gerhard\AppData\Roaming\EA [2012.02.04 18:19:16 | 000,000,000 | ---D | M] -- C:\Users\Gerhard\AppData\Roaming\Epson [2013.06.13 14:47:23 | 000,000,000 | ---D | M] -- C:\Users\Gerhard\AppData\Roaming\File Scout [2010.01.28 18:48:02 | 000,000,000 | ---D | M] -- C:\Users\Gerhard\AppData\Roaming\Gamelab [2013.06.13 21:13:14 | 000,000,000 | ---D | M] -- C:\Users\Gerhard\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl [2013.06.13 15:17:56 | 000,000,000 | ---D | M] -- C:\Users\Gerhard\AppData\Roaming\Iminent [2012.02.25 15:41:59 | 000,000,000 | ---D | M] -- C:\Users\Gerhard\AppData\Roaming\MAGIX [2012.03.09 11:25:21 | 000,000,000 | ---D | M] -- C:\Users\Gerhard\AppData\Roaming\muvee Technologies [2013.06.13 14:47:35 | 000,000,000 | ---D | M] -- C:\Users\Gerhard\AppData\Roaming\PerformerSoft [2010.11.14 12:08:14 | 000,000,000 | ---D | M] -- C:\Users\Gerhard\AppData\Roaming\PlayFirst [2012.11.11 15:05:45 | 000,000,000 | ---D | M] -- C:\Users\Gerhard\AppData\Roaming\Simfy [2013.06.13 14:16:44 | 000,000,000 | ---D | M] -- C:\Users\Gerhard\AppData\Roaming\Sony [2011.12.27 16:01:21 | 000,000,000 | ---D | M] -- C:\Users\Gerhard\AppData\Roaming\streamWriter [2010.01.28 20:54:48 | 000,000,000 | ---D | M] -- C:\Users\Gerhard\AppData\Roaming\Template [2011.11.25 14:56:08 | 000,000,000 | ---D | M] -- C:\Users\Gerhard\AppData\Roaming\Tobit [2013.02.19 16:44:00 | 000,000,000 | ---D | M] -- C:\Users\Gerhard\AppData\Roaming\TomTom [2013.03.28 20:16:24 | 000,000,000 | ---D | M] -- C:\Users\Gerhard\AppData\Roaming\Vodafone [2012.11.13 12:08:29 | 000,000,000 | ---D | M] -- C:\Users\Gerhard\AppData\Roaming\Vso [2012.05.18 07:33:23 | 000,000,000 | ---D | M] -- C:\Users\Gerhard\AppData\Roaming\WildTangent [2011.10.18 08:55:58 | 000,000,000 | ---D | M] -- C:\Users\Gerhard\AppData\Roaming\Windows Live Writer [2010.01.28 11:23:08 | 000,000,000 | ---D | M] -- C:\Users\Gerhard\AppData\Roaming\_MDLogs ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.08.05 23:28:28 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2013.06.13 17:28:22 | 000,000,000 | ---D | M] -- C:\60059b2d24c08fa54c [2013.06.13 17:28:23 | 000,000,000 | ---D | M] -- C:\7068c354e53e5f026c [2009.08.20 03:32:59 | 000,000,000 | -HSD | M] -- C:\boot [2011.06.01 11:21:56 | 000,000,000 | ---D | M] -- C:\CloneDVDTemp [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.01.28 10:38:19 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2013.06.13 19:08:10 | 000,000,000 | ---D | M] -- C:\Firefox [2009.09.25 01:57:01 | 000,000,000 | -H-D | M] -- C:\HP [2011.02.04 14:02:14 | 000,000,000 | ---D | M] -- C:\Intel [2009.08.19 15:20:54 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2010.12.05 08:30:11 | 000,000,000 | ---D | M] -- C:\phenomedia [2010.12.05 08:36:46 | 000,000,000 | ---D | M] -- C:\Phenomedia AG [2013.05.28 09:10:13 | 000,000,000 | R--D | M] -- C:\Program Files [2013.06.13 19:11:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86) [2013.06.14 16:53:14 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010.01.28 10:38:19 | 000,000,000 | -HSD | M] -- C:\Programme [2010.01.28 10:39:08 | 000,000,000 | -HSD | M] -- C:\Recovery [2013.06.11 15:52:03 | 000,000,000 | ---D | M] -- C:\SwSetup [2013.06.14 17:32:27 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.01.28 10:39:17 | 000,000,000 | -H-D | M] -- C:\SYSTEM.SAV [2010.12.04 23:41:45 | 000,000,000 | ---D | M] -- C:\UnrealTournament [2010.01.28 10:38:32 | 000,000,000 | R--D | M] -- C:\Users [2013.06.13 17:29:12 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 07:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.06.09 15:56:49 | 000,001,108 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2011.06.09 15:56:50 | 000,001,112 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2012.03.29 14:08:10 | 000,001,076 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-139721644-1476678736-2208258675-1001Core.job [2012.03.29 14:08:11 | 000,001,128 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-139721644-1476678736-2208258675-1001UA.job [2012.04.28 15:51:28 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [2013.06.13 14:47:47 | 000,000,288 | ---- | C] () -- C:\Windows\Tasks\PC Performer_UPDATES.job [2013.06.13 14:47:55 | 000,000,280 | ---- | C] () -- C:\Windows\Tasks\PC Performer_DEFAULT.job < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007.05.17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll < MD5 for: EXPLORER.EXE > [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe [2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2013.04.21 12:15:55 | 000,051,928 | ---- | M] () MD5=E887F98CD5B28446E6D51A88336F68C8 -- C:\Windows\Temp\73166b69-203e-488d-8c76-5bc40a5b0efe\explorer.exe [2013.04.21 12:17:18 | 000,051,928 | ---- | M] () MD5=E887F98CD5B28446E6D51A88336F68C8 -- C:\Windows\Temp\8e2282cf-9f75-47ea-a9e1-4ab0146e4a3a\explorer.exe [2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\drivers\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\drivers\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe [2013.04.21 12:17:16 | 000,051,928 | ---- | M] () MD5=E887F98CD5B28446E6D51A88336F68C8 -- C:\Windows\Temp\7e3fd059-0004-4dcd-99d1-5348ebdd1bba\winlogon.exe [2013.04.21 12:15:52 | 000,051,928 | ---- | M] () MD5=E887F98CD5B28446E6D51A88336F68C8 -- C:\Windows\Temp\d3121e13-683e-4cf4-9061-1aea7a3a1654\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [2013.05.17 03:25:26 | 013,760,512 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll < %USERPROFILE%\*.* > [2012.11.11 15:05:46 | 000,000,032 | ---- | M] () -- C:\Users\Gerhard\.simfy [2011.05.31 12:47:07 | 000,000,355 | ---- | M] () -- C:\Users\Gerhard\Computer - Verknüpfung.lnk [2013.06.14 18:04:22 | 004,718,592 | -HS- | M] () -- C:\Users\Gerhard\ntuser.dat [2013.06.14 18:04:22 | 000,262,144 | -HS- | M] () -- C:\Users\Gerhard\ntuser.dat.LOG1 [2010.01.28 10:38:35 | 000,000,000 | -HS- | M] () -- C:\Users\Gerhard\ntuser.dat.LOG2 [2010.01.28 17:23:52 | 000,065,536 | -HS- | M] () -- C:\Users\Gerhard\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2010.01.28 17:23:52 | 000,524,288 | -HS- | M] () -- C:\Users\Gerhard\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2010.01.28 17:23:52 | 000,524,288 | -HS- | M] () -- C:\Users\Gerhard\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2013.06.13 19:14:27 | 000,065,536 | -HS- | M] () -- C:\Users\Gerhard\ntuser.dat{5df64b24-d420-11e2-8818-00269e632596}.TM.blf [2013.06.13 19:14:27 | 000,524,288 | -HS- | M] () -- C:\Users\Gerhard\ntuser.dat{5df64b24-d420-11e2-8818-00269e632596}.TMContainer00000000000000000001.regtrans-ms [2013.06.13 19:14:27 | 000,524,288 | -HS- | M] () -- C:\Users\Gerhard\ntuser.dat{5df64b24-d420-11e2-8818-00269e632596}.TMContainer00000000000000000002.regtrans-ms [2010.08.14 12:14:54 | 000,065,536 | -HS- | M] () -- C:\Users\Gerhard\ntuser.dat{d36383e4-a78a-11df-b815-00269e632596}.TM.blf [2010.08.14 12:14:54 | 000,524,288 | -HS- | M] () -- C:\Users\Gerhard\ntuser.dat{d36383e4-a78a-11df-b815-00269e632596}.TMContainer00000000000000000001.regtrans-ms [2010.08.14 12:14:54 | 000,524,288 | -HS- | M] () -- C:\Users\Gerhard\ntuser.dat{d36383e4-a78a-11df-b815-00269e632596}.TMContainer00000000000000000002.regtrans-ms [2010.12.10 09:04:01 | 000,065,536 | -HS- | M] () -- C:\Users\Gerhard\ntuser.dat{ea5b0d04-042a-11e0-af66-00269e632596}.TM.blf [2010.12.10 09:04:01 | 000,524,288 | -HS- | M] () -- C:\Users\Gerhard\ntuser.dat{ea5b0d04-042a-11e0-af66-00269e632596}.TMContainer00000000000000000001.regtrans-ms [2010.12.10 09:04:01 | 000,524,288 | -HS- | M] () -- C:\Users\Gerhard\ntuser.dat{ea5b0d04-042a-11e0-af66-00269e632596}.TMContainer00000000000000000002.regtrans-ms [2010.01.28 10:38:35 | 000,000,020 | -HS- | M] () -- C:\Users\Gerhard\ntuser.ini [2010.10.23 10:24:08 | 000,000,000 | ---- | M] () -- C:\Users\Gerhard\Sti_Trace.log < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > ========== Alternate Data Streams ========== @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:302A9871 < End of report > |
|
14.06.2013, 17:50
| #4 |
| /// Malware-holic | Systemüberprüfung evtl. Virus Hi, Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet Geändert von markusg (14.06.2013 um 18:00 Uhr) |
|
15.06.2013, 06:55
| #5 |
| | Systemüberprüfung evtl. Virus hier die gewünschte Log Datei Code:
ATTFilter 07:50:04.0165 3188 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
07:50:04.0459 3188 ============================================================
07:50:04.0459 3188 Current date / time: 2013/06/15 07:50:04.0459
07:50:04.0459 3188 SystemInfo:
07:50:04.0459 3188
07:50:04.0459 3188 OS Version: 6.1.7601 ServicePack: 1.0
07:50:04.0459 3188 Product type: Workstation
07:50:04.0459 3188 ComputerName: LABTOP
07:50:04.0460 3188 UserName: Gerhard
07:50:04.0460 3188 Windows directory: C:\Windows
07:50:04.0460 3188 System windows directory: C:\Windows
07:50:04.0460 3188 Running under WOW64
07:50:04.0460 3188 Processor architecture: Intel x64
07:50:04.0460 3188 Number of processors: 2
07:50:04.0460 3188 Page size: 0x1000
07:50:04.0460 3188 Boot type: Normal boot
07:50:04.0460 3188 ============================================================
07:50:17.0229 3188 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:50:17.0276 3188 ============================================================
07:50:17.0276 3188 \Device\Harddisk0\DR0:
07:50:17.0276 3188 MBR partitions:
07:50:17.0291 3188 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
07:50:17.0291 3188 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x38A17000
07:50:17.0291 3188 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38A7B000, BlocksNum 0x190A800
07:50:17.0291 3188 ============================================================
07:50:17.0338 3188 C: <-> \Device\Harddisk0\DR0\Partition2
07:50:19.0194 3188 D: <-> \Device\Harddisk0\DR0\Partition3
07:50:19.0194 3188 ============================================================
07:50:19.0194 3188 Initialize success
07:50:19.0194 3188 ============================================================
07:50:23.0999 5092 ============================================================
07:50:23.0999 5092 Scan started
07:50:23.0999 5092 Mode: Manual;
07:50:23.0999 5092 ============================================================
07:50:45.0714 5092 ================ Scan system memory ========================
07:50:45.0714 5092 System memory - ok
07:50:45.0714 5092 ================ Scan services =============================
07:50:49.0115 5092 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
07:50:49.0271 5092 1394ohci - ok
07:50:49.0552 5092 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
07:50:49.0568 5092 ACPI - ok
07:50:49.0817 5092 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
07:50:49.0833 5092 AcpiPmi - ok
07:50:50.0800 5092 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
07:50:50.0894 5092 AdobeARMservice - ok
07:50:53.0889 5092 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
07:50:53.0889 5092 AdobeFlashPlayerUpdateSvc - ok
07:50:54.0060 5092 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
07:50:54.0092 5092 adp94xx - ok
07:50:54.0185 5092 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
07:50:54.0201 5092 adpahci - ok
07:50:54.0294 5092 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
07:50:54.0294 5092 adpu320 - ok
07:50:54.0622 5092 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
07:50:54.0622 5092 AeLookupSvc - ok
07:50:55.0652 5092 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
07:50:55.0652 5092 AESTFilters - ok
07:50:55.0948 5092 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
07:50:56.0010 5092 AFD - ok
07:50:56.0291 5092 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
07:50:56.0354 5092 AgereSoftModem - ok
07:50:56.0650 5092 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
07:50:56.0666 5092 agp440 - ok
07:50:57.0102 5092 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
07:50:57.0102 5092 ALG - ok
07:50:57.0274 5092 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
07:50:57.0290 5092 aliide - ok
07:50:57.0305 5092 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
07:50:57.0305 5092 amdide - ok
07:50:57.0414 5092 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
07:50:57.0430 5092 AmdK8 - ok
07:50:57.0492 5092 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
07:50:57.0492 5092 AmdPPM - ok
07:50:57.0633 5092 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
07:50:57.0648 5092 amdsata - ok
07:50:57.0789 5092 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
07:50:57.0804 5092 amdsbs - ok
07:50:57.0882 5092 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
07:50:57.0882 5092 amdxata - ok
07:50:58.0148 5092 [ AA10A90AF32BA0682820A51FBC4ACE90 ] AnyDVD C:\Windows\system32\Drivers\AnyDVD.sys
07:50:58.0148 5092 AnyDVD - ok
07:50:58.0506 5092 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
07:50:58.0506 5092 AppID - ok
07:50:58.0694 5092 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
07:50:58.0709 5092 AppIDSvc - ok
07:50:58.0943 5092 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
07:50:58.0943 5092 Appinfo - ok
07:50:59.0630 5092 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
07:50:59.0630 5092 arc - ok
07:50:59.0895 5092 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
07:50:59.0895 5092 arcsas - ok
07:51:00.0051 5092 [ 0BAEFD3F648C6E7AB52990DD9565E4E2 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
07:51:00.0051 5092 aswFsBlk - ok
07:51:00.0285 5092 [ FA562F34ED6633C66170B09182B4C049 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
07:51:00.0285 5092 aswMonFlt - ok
07:51:00.0378 5092 [ 64E2BAB4096C13D2342BC4661C967E07 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
07:51:00.0394 5092 aswRdr - ok
07:51:00.0675 5092 [ 5573AA70993A2BB81525B1C704B88763 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
07:51:00.0675 5092 aswRvrt - ok
07:51:00.0878 5092 [ 10ED1CAB84AA65983C41A11F60294C9B ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
07:51:00.0893 5092 aswSnx - ok
07:51:00.0971 5092 [ 00E5253353717D3CA12A0F5A6F9991EC ] aswSP C:\Windows\system32\drivers\aswSP.sys
07:51:00.0971 5092 aswSP - ok
07:51:01.0080 5092 [ 29DD8E458A84171202AA4979364C30C0 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
07:51:01.0080 5092 aswTdi - ok
07:51:01.0221 5092 [ 6359B99C955DB9F40B653159A0EED261 ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
07:51:01.0236 5092 aswVmm - ok
07:51:01.0314 5092 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
07:51:01.0314 5092 AsyncMac - ok
07:51:01.0361 5092 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
07:51:01.0361 5092 atapi - ok
07:51:01.0782 5092 [ 5D4529AC4156E16BEDB01441AE0CF984 ] athr C:\Windows\system32\DRIVERS\athrx.sys
07:51:01.0923 5092 athr - ok
07:51:02.0048 5092 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
07:51:02.0063 5092 AudioEndpointBuilder - ok
07:51:02.0110 5092 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
07:51:02.0110 5092 AudioSrv - ok
07:51:02.0344 5092 [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
07:51:02.0344 5092 avast! Antivirus - ok
07:51:02.0547 5092 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
07:51:02.0562 5092 AxInstSV - ok
07:51:02.0718 5092 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
07:51:02.0781 5092 b06bdrv - ok
07:51:03.0077 5092 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
07:51:03.0077 5092 b57nd60a - ok
07:51:03.0311 5092 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
07:51:03.0358 5092 BDESVC - ok
07:51:03.0545 5092 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
07:51:03.0545 5092 Beep - ok
07:51:03.0857 5092 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
07:51:03.0982 5092 BFE - ok
07:51:04.0434 5092 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
07:51:04.0918 5092 BITS - ok
07:51:05.0012 5092 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
07:51:05.0027 5092 blbdrive - ok
07:51:05.0230 5092 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
07:51:05.0246 5092 bowser - ok
07:51:05.0277 5092 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
07:51:05.0277 5092 BrFiltLo - ok
07:51:05.0370 5092 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
07:51:05.0370 5092 BrFiltUp - ok
07:51:05.0542 5092 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
07:51:05.0542 5092 Browser - ok
07:51:05.0667 5092 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
07:51:05.0667 5092 Brserid - ok
07:51:05.0854 5092 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
07:51:05.0854 5092 BrSerWdm - ok
07:51:06.0026 5092 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
07:51:06.0026 5092 BrUsbMdm - ok
07:51:06.0104 5092 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
07:51:06.0119 5092 BrUsbSer - ok
07:51:06.0228 5092 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
07:51:06.0228 5092 BTHMODEM - ok
07:51:06.0353 5092 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
07:51:06.0384 5092 bthserv - ok
07:51:08.0069 5092 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
07:51:08.0085 5092 cdfs - ok
07:51:08.0210 5092 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
07:51:08.0210 5092 cdrom - ok
07:51:08.0288 5092 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
07:51:08.0303 5092 CertPropSvc - ok
07:51:08.0334 5092 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
07:51:08.0350 5092 circlass - ok
07:51:08.0584 5092 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
07:51:08.0693 5092 CLFS - ok
07:51:08.0990 5092 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:51:08.0990 5092 clr_optimization_v2.0.50727_32 - ok
07:51:09.0380 5092 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
07:51:09.0380 5092 clr_optimization_v2.0.50727_64 - ok
07:51:11.0080 5092 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:51:11.0080 5092 clr_optimization_v4.0.30319_32 - ok
07:51:12.0047 5092 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
07:51:12.0063 5092 clr_optimization_v4.0.30319_64 - ok
07:51:12.0141 5092 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
07:51:12.0141 5092 CmBatt - ok
07:51:12.0156 5092 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
07:51:12.0156 5092 cmdide - ok
07:51:12.0593 5092 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
07:51:12.0624 5092 CNG - ok
07:51:13.0701 5092 [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
07:51:13.0716 5092 Com4QLBEx - ok
07:51:13.0997 5092 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
07:51:13.0997 5092 Compbatt - ok
07:51:14.0169 5092 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
07:51:14.0184 5092 CompositeBus - ok
07:51:14.0200 5092 COMSysApp - ok
07:51:14.0278 5092 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
07:51:14.0278 5092 crcdisk - ok
07:51:14.0418 5092 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\Windows\system32\cryptsvc.dll
07:51:14.0434 5092 CryptSvc - ok
07:51:14.0746 5092 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
07:51:14.0840 5092 DcomLaunch - ok
07:51:14.0996 5092 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
07:51:15.0027 5092 defragsvc - ok
07:51:15.0074 5092 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
07:51:15.0089 5092 DfsC - ok
07:51:15.0198 5092 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
07:51:15.0245 5092 Dhcp - ok
07:51:15.0276 5092 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
07:51:15.0339 5092 discache - ok
07:51:15.0510 5092 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
07:51:15.0510 5092 Disk - ok
07:51:15.0604 5092 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
07:51:15.0635 5092 Dnscache - ok
07:51:15.0698 5092 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
07:51:15.0698 5092 dot3svc - ok
07:51:15.0744 5092 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
07:51:15.0744 5092 DPS - ok
07:51:15.0822 5092 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
07:51:15.0822 5092 drmkaud - ok
07:51:15.0963 5092 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
07:51:15.0978 5092 DXGKrnl - ok
07:51:16.0041 5092 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
07:51:16.0056 5092 EapHost - ok
07:51:16.0649 5092 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
07:51:16.0758 5092 ebdrv - ok
07:51:17.0008 5092 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
07:51:17.0024 5092 EFS - ok
07:51:17.0632 5092 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
07:51:17.0679 5092 ehRecvr - ok
07:51:17.0835 5092 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
07:51:17.0835 5092 ehSched - ok
07:51:18.0084 5092 [ 9387A484D31209D7FC3F795A787294DB ] ElbyCDFL C:\Windows\system32\Drivers\ElbyCDFL.sys
07:51:18.0084 5092 ElbyCDFL - ok
07:51:18.0724 5092 [ 65E0EC00C209D4F2618F8FF0DD4EA444 ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
07:51:18.0724 5092 ElbyCDIO - ok
07:51:18.0974 5092 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
07:51:19.0020 5092 elxstor - ok
07:51:19.0130 5092 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
07:51:19.0145 5092 ErrDev - ok
07:51:19.0473 5092 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
07:51:19.0504 5092 EventSystem - ok
07:51:19.0644 5092 [ 55E0EDA185869F7EA67EA97FD0655B39 ] ew_usbenumfilter C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys
07:51:19.0644 5092 ew_usbenumfilter - ok
07:51:19.0722 5092 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
07:51:19.0738 5092 exfat - ok
07:51:19.0910 5092 ezSharedSvc - ok
07:51:21.0189 5092 Fabs - ok
07:51:21.0438 5092 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
07:51:21.0454 5092 fastfat - ok
07:51:21.0984 5092 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
07:51:22.0031 5092 Fax - ok
07:51:22.0078 5092 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
07:51:22.0125 5092 fdc - ok
07:51:22.0265 5092 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
07:51:22.0296 5092 fdPHost - ok
07:51:22.0343 5092 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
07:51:22.0359 5092 FDResPub - ok
07:51:22.0421 5092 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
07:51:22.0421 5092 FileInfo - ok
07:51:22.0577 5092 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
07:51:22.0577 5092 Filetrace - ok
07:51:23.0030 5092 [ 5BD96D8C5411ACE71A7EAACAF0EF2903 ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
07:51:23.0357 5092 FirebirdServerMAGIXInstance - ok
07:51:23.0529 5092 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
07:51:23.0529 5092 flpydisk - ok
07:51:23.0810 5092 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
07:51:23.0825 5092 FltMgr - ok
07:51:24.0231 5092 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
07:51:24.0402 5092 FontCache - ok
07:51:24.0668 5092 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
07:51:24.0683 5092 FontCache3.0.0.0 - ok
07:51:24.0714 5092 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
07:51:24.0714 5092 FsDepends - ok
07:51:24.0777 5092 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
07:51:24.0777 5092 Fs_Rec - ok
07:51:24.0917 5092 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
07:51:24.0933 5092 fvevol - ok
07:51:24.0964 5092 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
07:51:24.0964 5092 gagp30kx - ok
07:51:25.0229 5092 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
07:51:25.0245 5092 GamesAppService - ok
07:51:25.0432 5092 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
07:51:25.0479 5092 gpsvc - ok
07:51:25.0744 5092 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:51:25.0760 5092 gupdate - ok
07:51:25.0853 5092 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:51:25.0853 5092 gupdatem - ok
07:51:27.0710 5092 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
07:51:27.0710 5092 gusvc - ok
07:51:29.0316 5092 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
07:51:29.0316 5092 hcw85cir - ok
07:51:29.0566 5092 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
07:51:29.0597 5092 HdAudAddService - ok
07:51:29.0769 5092 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
07:51:29.0784 5092 HDAudBus - ok
07:51:29.0816 5092 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
07:51:29.0816 5092 HidBatt - ok
07:51:29.0987 5092 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
07:51:30.0003 5092 HidBth - ok
07:51:30.0050 5092 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
07:51:30.0050 5092 HidIr - ok
07:51:30.0112 5092 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
07:51:30.0112 5092 hidserv - ok
07:51:30.0221 5092 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
07:51:30.0221 5092 HidUsb - ok
07:51:30.0315 5092 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
07:51:30.0315 5092 hkmsvc - ok
07:51:30.0830 5092 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
07:51:30.0845 5092 HomeGroupListener - ok
07:51:31.0220 5092 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
07:51:31.0235 5092 HomeGroupProvider - ok
07:51:31.0578 5092 [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
07:51:31.0578 5092 HP Support Assistant Service - ok
07:51:31.0672 5092 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
07:51:31.0688 5092 HpqKbFiltr - ok
07:51:32.0078 5092 [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
07:51:32.0140 5092 hpqwmiex - ok
07:51:32.0202 5092 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
07:51:32.0218 5092 HpSAMD - ok
07:51:32.0390 5092 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
07:51:32.0421 5092 HTTP - ok
07:51:32.0670 5092 [ 91971BCD780D6063DF90DE4F1DF10C2F ] huawei_cdcacm C:\Windows\system32\DRIVERS\ew_jucdcacm.sys
07:51:32.0686 5092 huawei_cdcacm - ok
07:51:32.0920 5092 [ CCE3DB0BA3C615CAA321EB1301532688 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
07:51:32.0920 5092 huawei_enumerator - ok
07:51:32.0998 5092 [ C4BC37B9E5E54A50B2AA458F1FCA428C ] huawei_ext_ctrl C:\Windows\system32\DRIVERS\ew_juextctrl.sys
07:51:32.0998 5092 huawei_ext_ctrl - ok
07:51:33.0092 5092 [ EB56B9EF6B7FC87BF57AF7EDF0487F4A ] huawei_wwanecm C:\Windows\system32\DRIVERS\ew_juwwanecm.sys
07:51:33.0107 5092 huawei_wwanecm - ok
07:51:33.0170 5092 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
07:51:33.0170 5092 hwpolicy - ok
07:51:33.0263 5092 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
07:51:33.0263 5092 i8042prt - ok
07:51:33.0372 5092 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
07:51:33.0372 5092 iaStorV - ok
07:51:33.0560 5092 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
07:51:33.0606 5092 idsvc - ok
07:51:35.0026 5092 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
07:51:35.0338 5092 igfx - ok
07:51:35.0432 5092 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
07:51:35.0432 5092 iirsp - ok
07:51:35.0603 5092 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
07:51:35.0666 5092 IKEEXT - ok
07:51:35.0759 5092 [ D485D3BD3E2179AA86853A182F70699F ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
07:51:35.0759 5092 IntcHdmiAddService - ok
07:51:35.0837 5092 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
07:51:35.0837 5092 intelide - ok
07:51:35.0962 5092 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
07:51:35.0962 5092 intelppm - ok
07:51:36.0024 5092 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
07:51:36.0024 5092 IPBusEnum - ok
07:51:36.0071 5092 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:51:36.0071 5092 IpFilterDriver - ok
07:51:36.0196 5092 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
07:51:36.0258 5092 iphlpsvc - ok
07:51:36.0383 5092 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
07:51:36.0508 5092 IPMIDRV - ok
07:51:36.0773 5092 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
07:51:36.0804 5092 IPNAT - ok
07:51:36.0929 5092 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
07:51:36.0929 5092 IRENUM - ok
07:51:37.0163 5092 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
07:51:37.0179 5092 isapnp - ok
07:51:37.0272 5092 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
07:51:37.0304 5092 iScsiPrt - ok
07:51:37.0428 5092 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
07:51:37.0428 5092 kbdclass - ok
07:51:37.0538 5092 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
07:51:37.0553 5092 kbdhid - ok
07:51:37.0616 5092 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
07:51:37.0631 5092 KeyIso - ok
07:51:37.0694 5092 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
07:51:37.0694 5092 KSecDD - ok
07:51:38.0193 5092 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
07:51:38.0193 5092 KSecPkg - ok
07:51:38.0302 5092 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
07:51:38.0302 5092 ksthunk - ok
07:51:38.0411 5092 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
07:51:38.0474 5092 KtmRm - ok
07:51:38.0708 5092 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
07:51:38.0801 5092 LanmanServer - ok
07:51:38.0895 5092 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
07:51:38.0910 5092 LanmanWorkstation - ok
07:51:39.0035 5092 [ 83D8BE94E1CBCBE2EA8372DB1A95A159 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
07:51:39.0035 5092 LightScribeService - ok
07:51:39.0113 5092 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
07:51:39.0129 5092 lltdio - ok
07:51:39.0332 5092 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
07:51:39.0347 5092 lltdsvc - ok
07:51:39.0410 5092 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
07:51:39.0425 5092 lmhosts - ok
07:51:39.0534 5092 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
07:51:39.0534 5092 LSI_FC - ok
07:51:39.0612 5092 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
07:51:39.0612 5092 LSI_SAS - ok
07:51:39.0644 5092 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
07:51:39.0644 5092 LSI_SAS2 - ok
07:51:39.0675 5092 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
07:51:39.0690 5092 LSI_SCSI - ok
07:51:39.0846 5092 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
07:51:39.0862 5092 luafv - ok
07:51:39.0987 5092 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
07:51:39.0987 5092 Mcx2Svc - ok
07:51:40.0049 5092 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
07:51:40.0065 5092 megasas - ok
07:51:40.0143 5092 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
07:51:40.0143 5092 MegaSR - ok
07:51:40.0268 5092 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
07:51:40.0268 5092 MMCSS - ok
07:51:40.0346 5092 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
07:51:41.0921 5092 Modem - ok
07:51:41.0999 5092 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
07:51:41.0999 5092 monitor - ok
07:51:42.0093 5092 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
07:51:42.0093 5092 mouclass - ok
07:51:42.0155 5092 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
07:51:42.0171 5092 mouhid - ok
07:51:42.0233 5092 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
07:51:42.0233 5092 mountmgr - ok
07:51:42.0327 5092 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
07:51:42.0342 5092 mpio - ok
07:51:42.0436 5092 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
07:51:42.0452 5092 mpsdrv - ok
07:51:42.0623 5092 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
07:51:42.0670 5092 MpsSvc - ok
07:51:42.0701 5092 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
07:51:42.0717 5092 MRxDAV - ok
07:51:42.0748 5092 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
07:51:42.0764 5092 mrxsmb - ok
07:51:42.0951 5092 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:51:42.0966 5092 mrxsmb10 - ok
07:51:43.0013 5092 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:51:43.0029 5092 mrxsmb20 - ok
07:51:43.0091 5092 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
07:51:43.0091 5092 msahci - ok
07:51:43.0138 5092 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
07:51:43.0138 5092 msdsm - ok
07:51:43.0185 5092 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
07:51:43.0200 5092 MSDTC - ok
07:51:43.0341 5092 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
07:51:43.0356 5092 Msfs - ok
07:51:43.0450 5092 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
07:51:43.0450 5092 mshidkmdf - ok
07:51:43.0512 5092 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
07:51:43.0512 5092 msisadrv - ok
07:51:43.0715 5092 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
07:51:43.0715 5092 MSiSCSI - ok
07:51:43.0731 5092 msiserver - ok
07:51:43.0887 5092 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
07:51:43.0887 5092 MSKSSRV - ok
07:51:43.0918 5092 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
07:51:43.0918 5092 MSPCLOCK - ok
07:51:44.0012 5092 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
07:51:44.0012 5092 MSPQM - ok
07:51:44.0074 5092 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
07:51:44.0090 5092 MsRPC - ok
07:51:44.0136 5092 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
07:51:44.0136 5092 mssmbios - ok
07:51:44.0168 5092 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
07:51:44.0168 5092 MSTEE - ok
07:51:44.0199 5092 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
07:51:44.0214 5092 MTConfig - ok
07:51:44.0355 5092 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
07:51:44.0355 5092 Mup - ok
07:51:44.0448 5092 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
07:51:44.0526 5092 napagent - ok
07:51:44.0714 5092 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
07:51:44.0760 5092 NativeWifiP - ok
07:51:45.0088 5092 [ E4534BCCDD1EA7A7A256BB9D6688A5FC ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
07:51:45.0088 5092 NAUpdate - ok
07:51:45.0213 5092 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
07:51:45.0244 5092 NDIS - ok
07:51:45.0494 5092 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
07:51:45.0509 5092 NdisCap - ok
07:51:45.0587 5092 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
07:51:45.0665 5092 NdisTapi - ok
07:51:45.0868 5092 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
07:51:45.0946 5092 Ndisuio - ok
07:51:46.0055 5092 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
07:51:46.0055 5092 NdisWan - ok
07:51:46.0414 5092 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
07:51:46.0414 5092 NDProxy - ok
07:51:46.0648 5092 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
07:51:46.0742 5092 NetBIOS - ok
07:51:46.0804 5092 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
07:51:46.0804 5092 NetBT - ok
07:51:46.0820 5092 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
07:51:46.0820 5092 Netlogon - ok
07:51:47.0022 5092 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
07:51:47.0412 5092 Netman - ok
07:51:47.0490 5092 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
07:51:47.0522 5092 netprofm - ok
07:51:47.0568 5092 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:51:47.0724 5092 NetTcpPortSharing - ok
07:51:48.0863 5092 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
07:51:49.0160 5092 netw5v64 - ok
07:51:49.0238 5092 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
07:51:49.0238 5092 nfrd960 - ok
07:51:49.0316 5092 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
07:51:49.0331 5092 NlaSvc - ok
07:51:49.0378 5092 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
07:51:49.0378 5092 Npfs - ok
07:51:49.0425 5092 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
07:51:49.0456 5092 nsi - ok
07:51:49.0503 5092 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
07:51:49.0503 5092 nsiproxy - ok
07:51:49.0690 5092 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
07:51:49.0737 5092 Ntfs - ok
07:51:49.0768 5092 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
07:51:49.0768 5092 Null - ok
07:51:49.0815 5092 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
07:51:49.0815 5092 nvraid - ok
07:51:49.0846 5092 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
07:51:49.0846 5092 nvstor - ok
07:51:49.0908 5092 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
07:51:49.0924 5092 nv_agp - ok
07:51:50.0142 5092 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
07:51:50.0189 5092 odserv - ok
07:51:50.0252 5092 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
07:51:50.0252 5092 ohci1394 - ok
07:51:50.0470 5092 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:51:50.0579 5092 ose - ok
07:51:50.0673 5092 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
07:51:50.0720 5092 p2pimsvc - ok
07:51:50.0766 5092 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
07:51:50.0798 5092 p2psvc - ok
07:51:51.0156 5092 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
07:51:51.0156 5092 Parport - ok
07:51:51.0234 5092 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
07:51:51.0234 5092 partmgr - ok
07:51:51.0266 5092 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
07:51:51.0281 5092 PcaSvc - ok
07:51:51.0297 5092 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
07:51:51.0297 5092 pci - ok
07:51:51.0344 5092 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
07:51:51.0344 5092 pciide - ok
07:51:51.0406 5092 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
07:51:51.0593 5092 pcmcia - ok
07:51:51.0718 5092 [ AF7CE12C4F3DC8CB2B07685C916BBCFE ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
07:51:51.0718 5092 pcouffin - ok
07:51:51.0765 5092 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
07:51:51.0765 5092 pcw - ok
07:51:51.0905 5092 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
07:51:51.0936 5092 PEAUTH - ok
07:51:53.0465 5092 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
07:51:53.0465 5092 PerfHost - ok
07:51:53.0777 5092 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
07:51:53.0840 5092 pla - ok
07:51:53.0933 5092 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
07:51:53.0980 5092 PlugPlay - ok
07:51:53.0996 5092 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
07:51:54.0011 5092 PNRPAutoReg - ok
07:51:54.0027 5092 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
07:51:54.0043 5092 PNRPsvc - ok
07:51:54.0183 5092 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
07:51:54.0230 5092 PolicyAgent - ok
07:51:54.0277 5092 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
07:51:54.0277 5092 Power - ok
07:51:54.0355 5092 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
07:51:54.0370 5092 PptpMiniport - ok
07:51:54.0433 5092 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
07:51:54.0433 5092 Processor - ok
07:51:55.0072 5092 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
07:51:55.0228 5092 ProfSvc - ok
07:51:55.0275 5092 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
07:51:55.0275 5092 ProtectedStorage - ok
07:51:55.0337 5092 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
07:51:55.0337 5092 Psched - ok
07:51:55.0478 5092 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
07:51:55.0525 5092 ql2300 - ok
07:51:55.0571 5092 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
07:51:55.0571 5092 ql40xx - ok
07:51:55.0618 5092 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
07:51:55.0618 5092 QWAVE - ok
07:51:55.0727 5092 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
07:51:55.0727 5092 QWAVEdrv - ok
07:51:55.0759 5092 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
07:51:55.0759 5092 RasAcd - ok
07:51:55.0915 5092 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
07:51:55.0915 5092 RasAgileVpn - ok
07:51:55.0993 5092 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
07:51:56.0008 5092 RasAuto - ok
07:51:56.0102 5092 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
07:51:56.0117 5092 Rasl2tp - ok
07:51:56.0227 5092 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
07:51:56.0242 5092 RasMan - ok
07:51:56.0320 5092 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
07:51:56.0336 5092 RasPppoe - ok
07:51:56.0351 5092 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
07:51:56.0367 5092 RasSstp - ok
07:51:56.0632 5092 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
07:51:56.0632 5092 rdbss - ok
07:51:56.0866 5092 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
07:51:56.0882 5092 rdpbus - ok
07:51:57.0428 5092 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
07:51:57.0428 5092 RDPCDD - ok
07:51:57.0475 5092 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
07:51:57.0475 5092 RDPENCDD - ok
07:51:57.0506 5092 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
07:51:57.0521 5092 RDPREFMP - ok
07:51:57.0568 5092 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
07:51:57.0584 5092 RDPWD - ok
07:51:57.0662 5092 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
07:51:57.0662 5092 rdyboost - ok
07:51:57.0693 5092 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
07:51:57.0709 5092 RemoteAccess - ok
07:51:57.0740 5092 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
07:51:57.0755 5092 RemoteRegistry - ok
07:51:57.0911 5092 [ 498EB62A160674E793FA40FD65390625 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
07:51:57.0911 5092 RichVideo - ok
07:51:57.0989 5092 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
07:51:57.0989 5092 RpcEptMapper - ok
07:51:58.0021 5092 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
07:51:58.0036 5092 RpcLocator - ok
07:51:58.0364 5092 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
07:51:58.0379 5092 RpcSs - ok
07:51:58.0785 5092 [ 2ABD2B3BA2EF0C3BA82284C2A5E28675 ] RRNetCap C:\Windows\system32\DRIVERS\rrnetcap.sys
07:51:58.0785 5092 RRNetCap - ok
07:51:59.0097 5092 [ 2ABD2B3BA2EF0C3BA82284C2A5E28675 ] RRNetCapMP C:\Windows\system32\DRIVERS\rrnetcap.sys
07:51:59.0097 5092 RRNetCapMP - ok
07:51:59.0347 5092 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
07:51:59.0362 5092 rspndr - ok
07:51:59.0768 5092 [ A5DF2F732A6C95554E548FCB6932BD31 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
07:51:59.0783 5092 RSUSBSTOR - ok
07:52:00.0049 5092 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
07:52:00.0080 5092 RTL8167 - ok
07:52:00.0142 5092 RtsUIR - ok
07:52:00.0189 5092 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
07:52:00.0189 5092 SamSs - ok
07:52:00.0236 5092 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
07:52:00.0236 5092 sbp2port - ok
07:52:00.0329 5092 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
07:52:00.0345 5092 SCardSvr - ok
07:52:01.0187 5092 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
07:52:01.0203 5092 scfilter - ok
07:52:01.0406 5092 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
07:52:01.0562 5092 Schedule - ok
07:52:01.0609 5092 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
07:52:01.0609 5092 SCPolicySvc - ok
07:52:01.0687 5092 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
07:52:01.0687 5092 sdbus - ok
07:52:01.0765 5092 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
07:52:01.0765 5092 SDRSVC - ok
07:52:01.0843 5092 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
07:52:01.0843 5092 secdrv - ok
07:52:01.0905 5092 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
07:52:01.0921 5092 seclogon - ok
07:52:01.0952 5092 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
07:52:01.0952 5092 SENS - ok
07:52:02.0014 5092 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
07:52:02.0014 5092 SensrSvc - ok
07:52:02.0061 5092 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
07:52:02.0077 5092 Serenum - ok
07:52:02.0108 5092 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
07:52:02.0108 5092 Serial - ok
07:52:02.0155 5092 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
07:52:02.0170 5092 sermouse - ok
07:52:02.0217 5092 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
07:52:02.0233 5092 SessionEnv - ok
07:52:02.0326 5092 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
07:52:02.0342 5092 sffdisk - ok
07:52:02.0373 5092 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
07:52:02.0373 5092 sffp_mmc - ok
07:52:02.0435 5092 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
07:52:02.0435 5092 sffp_sd - ok
07:52:02.0498 5092 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
07:52:02.0498 5092 sfloppy - ok
07:52:03.0153 5092 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
07:52:03.0559 5092 SharedAccess - ok
07:52:03.0761 5092 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
07:52:03.0949 5092 ShellHWDetection - ok
07:52:04.0011 5092 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
07:52:04.0011 5092 SiSRaid2 - ok
07:52:04.0042 5092 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
07:52:04.0042 5092 SiSRaid4 - ok
07:52:04.0105 5092 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
07:52:04.0105 5092 Smb - ok
07:52:04.0183 5092 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
07:52:04.0183 5092 SNMPTRAP - ok
07:52:04.0214 5092 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
07:52:04.0214 5092 spldr - ok
07:52:04.0807 5092 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
07:52:05.0368 5092 Spooler - ok
07:52:06.0335 5092 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
07:52:06.0429 5092 sppsvc - ok
07:52:06.0772 5092 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
07:52:06.0788 5092 sppuinotify - ok
07:52:07.0521 5092 [ BFE4914B87487239664B2D313B608E04 ] SProtection C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe
07:52:07.0599 5092 SProtection - ok
07:52:07.0880 5092 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
07:52:07.0895 5092 srv - ok
07:52:07.0973 5092 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
07:52:08.0005 5092 srv2 - ok
07:52:08.0145 5092 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
07:52:08.0176 5092 SrvHsfHDA - ok
07:52:08.0223 5092 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
07:52:08.0270 5092 SrvHsfV92 - ok
07:52:08.0317 5092 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
07:52:08.0379 5092 SrvHsfWinac - ok
07:52:08.0753 5092 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
07:52:08.0753 5092 srvnet - ok
07:52:09.0315 5092 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
07:52:09.0331 5092 SSDPSRV - ok
07:52:09.0487 5092 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
07:52:09.0487 5092 SstpSvc - ok
07:52:09.0923 5092 [ 810199DCC3BDC38304D7D649992EA7BC ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
07:52:09.0923 5092 STacSV - ok
07:52:09.0970 5092 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
07:52:09.0970 5092 stexstor - ok
07:52:10.0079 5092 [ ED1722F43CE61409EF68340402D6267D ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
07:52:10.0095 5092 STHDA - ok
07:52:10.0313 5092 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
07:52:10.0329 5092 stisvc - ok
07:52:10.0423 5092 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
07:52:10.0423 5092 swenum - ok
07:52:10.0501 5092 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
07:52:10.0594 5092 swprv - ok
07:52:11.0390 5092 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
07:52:11.0468 5092 SysMain - ok
07:52:11.0655 5092 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
07:52:11.0671 5092 TabletInputService - ok
07:52:11.0811 5092 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
07:52:11.0905 5092 TapiSrv - ok
07:52:11.0967 5092 [ 4430E9B4C60AAB672D16E801BAD0555E ] tbhsd C:\Windows\system32\drivers\tbhsd.sys
07:52:11.0967 5092 tbhsd - ok
07:52:12.0061 5092 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
07:52:12.0061 5092 TBS - ok
07:52:12.0747 5092 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\Windows\system32\drivers\tcpip.sys
07:52:12.0825 5092 Tcpip - ok
07:52:14.0026 5092 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
07:52:14.0057 5092 TCPIP6 - ok
07:52:14.0135 5092 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
07:52:14.0151 5092 tcpipreg - ok
07:52:14.0229 5092 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
07:52:14.0229 5092 TDPIPE - ok
07:52:14.0276 5092 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
07:52:14.0276 5092 TDTCP - ok
07:52:14.0416 5092 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
07:52:14.0432 5092 tdx - ok
07:52:14.0650 5092 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
07:52:14.0650 5092 TermDD - ok
07:52:14.0900 5092 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
07:52:14.0962 5092 TermService - ok
07:52:15.0134 5092 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
07:52:15.0134 5092 Themes - ok
07:52:15.0493 5092 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
07:52:15.0493 5092 THREADORDER - ok
07:52:15.0914 5092 [ F620772888B6E3EDEF5C3E71E3D447F0 ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
07:52:15.0929 5092 TomTomHOMEService - ok
07:52:15.0976 5092 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
07:52:15.0976 5092 TrkWks - ok
07:52:16.0117 5092 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
07:52:16.0132 5092 TrustedInstaller - ok
07:52:16.0179 5092 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
07:52:16.0179 5092 tssecsrv - ok
07:52:16.0257 5092 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
07:52:16.0257 5092 TsUsbFlt - ok
07:52:16.0335 5092 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
07:52:16.0335 5092 tunnel - ok
07:52:16.0741 5092 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
07:52:16.0741 5092 uagp35 - ok
07:52:17.0458 5092 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
07:52:17.0474 5092 udfs - ok
07:52:17.0552 5092 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
07:52:17.0567 5092 UI0Detect - ok
07:52:17.0645 5092 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
07:52:17.0645 5092 uliagpkx - ok
07:52:17.0739 5092 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
07:52:17.0739 5092 umbus - ok
07:52:17.0770 5092 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
07:52:17.0770 5092 UmPass - ok
07:52:17.0786 5092 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
07:52:17.0801 5092 upnphost - ok
07:52:17.0848 5092 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
07:52:17.0848 5092 usbccgp - ok
07:52:17.0879 5092 USBCCID - ok
07:52:17.0911 5092 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
07:52:17.0911 5092 usbcir - ok
07:52:17.0942 5092 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\drivers\usbehci.sys
07:52:17.0957 5092 usbehci - ok
07:52:17.0973 5092 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\drivers\usbhub.sys
07:52:17.0973 5092 usbhub - ok
07:52:18.0004 5092 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\drivers\usbohci.sys
07:52:18.0004 5092 usbohci - ok
07:52:18.0051 5092 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
07:52:18.0051 5092 usbprint - ok
07:52:18.0113 5092 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
07:52:18.0129 5092 usbscan - ok
07:52:18.0145 5092 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:52:18.0145 5092 USBSTOR - ok
07:52:18.0191 5092 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
07:52:18.0207 5092 usbuhci - ok
07:52:18.0269 5092 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
07:52:18.0285 5092 usbvideo - ok
07:52:18.0316 5092 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
07:52:18.0316 5092 UxSms - ok
07:52:18.0332 5092 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
07:52:18.0332 5092 VaultSvc - ok
07:52:18.0410 5092 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
07:52:18.0410 5092 vdrvroot - ok
07:52:18.0628 5092 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
07:52:18.0644 5092 vds - ok
07:52:18.0831 5092 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
07:52:18.0847 5092 vga - ok
07:52:18.0893 5092 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
07:52:18.0893 5092 VgaSave - ok
07:52:19.0018 5092 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
07:52:19.0018 5092 vhdmp - ok
07:52:19.0611 5092 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
07:52:19.0611 5092 viaide - ok
07:52:20.0110 5092 [ 304E1B12BDC85BD22C7C21F8D58B6815 ] VmbService C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
07:52:20.0110 5092 VmbService - ok
07:52:20.0157 5092 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
07:52:20.0173 5092 volmgr - ok
07:52:20.0329 5092 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
07:52:20.0329 5092 volmgrx - ok
07:52:20.0360 5092 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
07:52:20.0360 5092 volsnap - ok
07:52:20.0547 5092 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
07:52:20.0563 5092 vsmraid - ok
07:52:22.0013 5092 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
07:52:22.0076 5092 VSS - ok
07:52:22.0232 5092 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
07:52:22.0232 5092 vwifibus - ok
07:52:22.0466 5092 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
07:52:22.0466 5092 vwififlt - ok
07:52:22.0637 5092 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
07:52:22.0653 5092 W32Time - ok
07:52:22.0887 5092 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
07:52:22.0887 5092 WacomPen - ok
07:52:22.0965 5092 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
07:52:22.0981 5092 WANARP - ok
07:52:23.0012 5092 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
07:52:23.0012 5092 Wanarpv6 - ok
07:52:23.0183 5092 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
07:52:23.0230 5092 wbengine - ok
07:52:23.0246 5092 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
07:52:23.0261 5092 WbioSrvc - ok
07:52:23.0433 5092 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
07:52:23.0464 5092 wcncsvc - ok
07:52:23.0527 5092 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
07:52:23.0542 5092 WcsPlugInService - ok
07:52:23.0589 5092 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
07:52:23.0589 5092 Wd - ok
07:52:23.0667 5092 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
07:52:23.0776 5092 Wdf01000 - ok
07:52:23.0948 5092 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
07:52:23.0948 5092 WdiServiceHost - ok
07:52:23.0963 5092 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
07:52:23.0963 5092 WdiSystemHost - ok
07:52:24.0197 5092 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
07:52:24.0197 5092 WebClient - ok
07:52:24.0260 5092 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
07:52:24.0291 5092 Wecsvc - ok
07:52:24.0775 5092 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
07:52:24.0884 5092 wercplsupport - ok
07:52:25.0227 5092 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
07:52:25.0305 5092 WerSvc - ok
07:52:25.0742 5092 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
07:52:25.0757 5092 WfpLwf - ok
07:52:25.0804 5092 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
07:52:25.0820 5092 WIMMount - ok
07:52:25.0867 5092 WinDefend - ok
07:52:25.0929 5092 WinHttpAutoProxySvc - ok
07:52:26.0225 5092 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
07:52:26.0241 5092 Winmgmt - ok
07:52:26.0896 5092 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
07:52:27.0099 5092 WinRM - ok
07:52:27.0442 5092 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
07:52:27.0442 5092 WinUsb - ok
07:52:27.0551 5092 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
07:52:27.0629 5092 Wlansvc - ok
07:52:27.0832 5092 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
07:52:27.0832 5092 WmiAcpi - ok
07:52:27.0879 5092 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
07:52:27.0895 5092 wmiApSrv - ok
07:52:27.0926 5092 WMPNetworkSvc - ok
07:52:27.0941 5092 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
07:52:27.0957 5092 WPCSvc - ok
07:52:28.0004 5092 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
07:52:28.0019 5092 WPDBusEnum - ok
07:52:28.0035 5092 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
07:52:28.0035 5092 ws2ifsl - ok
07:52:28.0051 5092 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
07:52:28.0066 5092 wscsvc - ok
07:52:28.0066 5092 WSearch - ok
07:52:28.0253 5092 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
07:52:28.0331 5092 wuauserv - ok
07:52:28.0363 5092 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
07:52:28.0363 5092 WudfPf - ok
07:52:28.0441 5092 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
07:52:28.0441 5092 WUDFRd - ok
07:52:28.0487 5092 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
07:52:28.0503 5092 wudfsvc - ok
07:52:28.0550 5092 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
07:52:28.0565 5092 WwanSvc - ok
07:52:28.0690 5092 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
07:52:28.0737 5092 yukonw7 - ok
07:52:28.0784 5092 ================ Scan global ===============================
07:52:28.0815 5092 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
07:52:28.0893 5092 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
07:52:28.0909 5092 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
07:52:28.0940 5092 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
07:52:28.0971 5092 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
07:52:29.0002 5092 [Global] - ok
07:52:29.0002 5092 ================ Scan MBR ==================================
07:52:29.0018 5092 [ FBF6A1D26A21FC12FC600ECEF12A81F3 ] \Device\Harddisk0\DR0
07:52:32.0949 5092 \Device\Harddisk0\DR0 - ok
07:52:32.0949 5092 ================ Scan VBR ==================================
07:52:32.0996 5092 [ CC7B2E075A3652332EF5E475241BACE2 ] \Device\Harddisk0\DR0\Partition1
07:52:32.0996 5092 \Device\Harddisk0\DR0\Partition1 - ok
07:52:33.0011 5092 [ 9921ADBBEDC64DD05B10DE28E84CC454 ] \Device\Harddisk0\DR0\Partition2
07:52:33.0027 5092 \Device\Harddisk0\DR0\Partition2 - ok
07:52:33.0105 5092 [ EEDC495B9BC45A010938B9626F885E28 ] \Device\Harddisk0\DR0\Partition3
07:52:33.0121 5092 \Device\Harddisk0\DR0\Partition3 - ok
07:52:33.0121 5092 ============================================================
07:52:33.0121 5092 Scan finished
07:52:33.0121 5092 ============================================================
07:52:33.0136 5088 Detected object count: 0
07:52:33.0136 5088 Actual detected object count: 0
|
|
15.06.2013, 13:16
| #6 |
| /// Malware-holic | Systemüberprüfung evtl. Virus tdss killer nach anleitung konfigurieren und laufen lassen
__________________ --> Systemüberprüfung evtl. Virus |
|
15.06.2013, 13:39
| #7 | |
| | Systemüberprüfung evtl. Virus entschuldigung die einstellungen hab ich wohl übersehen hier nochmal die log file mit richtigen einstellungen Zitat:
|
|
15.06.2013, 13:45
| #8 |
| /// Malware-holic | Systemüberprüfung evtl. Virus Hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.06.2013, 14:55
| #9 |
| | Systemüberprüfung evtl. Virus die gewünschte combofix logfile er hat nicht gemeckert über virenscan Combofix Logfile: Code:
ATTFilter ComboFix 13-06-13.01 - Gerhard 15.06.2013 15:15:37.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3999.2712 [GMT 2:00]
ausgeführt von:: c:\users\Gerhard\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\XSxS
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-15 bis 2013-06-15 ))))))))))))))))))))))))))))))
.
.
2013-06-15 13:26 . 2013-06-15 13:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-14 15:09 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{91925103-A337-4FC6-B119-725600094646}\mpengine.dll
2013-06-13 13:17 . 2013-06-13 13:17 -------- d-----w- c:\users\Gerhard\AppData\Roaming\Iminent
2013-06-13 13:17 . 2013-06-13 13:17 -------- d-----w- c:\programdata\Iminent
2013-06-13 12:56 . 2013-06-13 15:28 -------- d-----w- C:\60059b2d24c08fa54c
2013-06-13 12:48 . 2013-06-13 12:48 -------- d-----w- c:\windows\SysWow64\Extensions
2013-06-13 12:48 . 2013-06-13 12:48 -------- d-----w- c:\windows\SysWow64\searchplugins
2013-06-13 12:47 . 2013-06-13 12:47 -------- d-----w- c:\users\Gerhard\AppData\Roaming\PerformerSoft
2013-06-13 12:47 . 2012-12-19 13:53 19632 ----a-w- c:\windows\system32\roboot64.exe
2013-06-13 12:47 . 2013-06-13 12:47 -------- d-----w- c:\programdata\IBUpdaterService
2013-06-13 12:47 . 2013-06-13 12:47 -------- d-----w- c:\users\Gerhard\AppData\Roaming\File Scout
2013-06-13 12:47 . 2013-06-13 12:47 -------- d-----w- c:\program files (x86)\PC Performer
2013-06-13 12:47 . 2013-06-13 12:47 -------- d-----w- c:\users\Gerhard\AppData\Roaming\Babylon
2013-06-13 12:47 . 2013-06-13 12:47 -------- d-----w- c:\programdata\Babylon
2013-06-13 12:46 . 2013-06-15 06:25 -------- d-----w- c:\users\Gerhard\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
2013-06-13 12:46 . 2013-06-13 15:28 -------- d-----w- C:\7068c354e53e5f026c
2013-06-13 12:46 . 2013-06-13 12:46 -------- d-----w- c:\program files (x86)\Common Files\Umbrella
2013-06-13 12:46 . 2013-06-13 15:30 -------- d-----w- c:\program files (x86)\Iminent
2013-06-13 12:19 . 2013-06-13 12:19 -------- d-----w- c:\program files (x86)\Conduit
2013-06-13 12:19 . 2013-06-13 12:19 -------- d-----w- c:\program files (x86)\NCH_DE
2013-06-13 12:19 . 2013-06-13 12:19 -------- d-----w- c:\users\Gerhard\AppData\Local\Conduit
2013-06-13 12:19 . 2013-06-13 17:41 -------- d-----w- c:\users\Gerhard\AppData\Roaming\NCH Software
2013-06-13 12:19 . 2013-06-13 12:19 -------- d-----w- c:\programdata\NCH Software
2013-06-13 12:18 . 2013-06-13 12:19 -------- d-----w- c:\program files (x86)\NCH Software
2013-06-13 12:16 . 2013-06-13 12:16 -------- d-----w- c:\users\Gerhard\AppData\Roaming\Sony
2013-06-12 13:03 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-12 13:03 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 13:03 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-06-12 13:03 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-06-12 13:03 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-06-12 13:03 . 2013-05-13 05:51 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-06-12 13:03 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-06-12 13:03 . 2013-05-13 05:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-12 13:03 . 2013-05-13 05:51 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-12 13:03 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll
2013-06-12 13:03 . 2013-05-13 04:45 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-06-12 13:03 . 2013-05-13 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-06-12 13:03 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-06-11 13:52 . 2013-06-11 13:52 -------- d-----w- c:\windows\system32\nn-NO
2013-06-11 13:52 . 2010-02-02 12:48 60416 ----a-w- c:\windows\system32\athihvui.dll
2013-06-11 13:52 . 2010-02-02 12:47 439808 ----a-w- c:\windows\system32\athihvs.dll
2013-06-11 13:52 . 2006-12-01 21:37 904704 ----a-w- c:\program files\Common Files\Microsoft Shared\VC\msdia80.dll
2013-06-11 07:58 . 2013-06-11 07:58 -------- d-----w- c:\program files (x86)\simfy
2013-05-28 07:10 . 2013-05-28 07:10 -------- d-----w- c:\program files\Google
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 15:32 . 2010-01-30 08:10 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-12 13:16 . 2012-04-28 13:51 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 13:16 . 2011-10-19 15:03 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-09 08:59 . 2013-03-19 02:55 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-05-09 08:59 . 2013-03-19 02:55 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2013-02-12 15:53 378432 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-05-09 08:59 . 2013-02-12 15:53 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59 . 2013-02-12 15:53 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2013-02-12 15:53 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-09 08:59 . 2013-02-12 15:53 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:59 . 2013-02-12 15:53 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58 . 2013-02-12 15:52 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2013-02-12 15:53 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-02 00:06 . 2010-01-28 08:53 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-12 14:45 . 2013-04-24 10:57 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-15 05:45 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 05:45 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 05:44 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 03:35 . 2013-04-21 10:18 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-29 07:46 . 2013-03-29 07:46 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-03-29 07:46 . 2013-03-29 07:46 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-29 07:46 . 2013-03-29 07:46 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-03-29 07:46 . 2013-03-29 07:46 81408 ----a-w- c:\windows\system32\icardie.dll
2013-03-29 07:46 . 2013-03-29 07:46 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-03-29 07:46 . 2013-03-29 07:46 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-03-29 07:46 . 2013-03-29 07:46 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-29 07:46 . 2013-03-29 07:46 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-03-29 07:46 . 2013-03-29 07:46 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-03-29 07:46 . 2013-03-29 07:46 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-03-29 07:46 . 2013-03-29 07:46 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-03-29 07:46 . 2013-03-29 07:46 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-03-29 07:46 . 2013-03-29 07:46 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-03-29 07:46 . 2013-03-29 07:46 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-03-29 07:46 . 2013-03-29 07:46 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-03-29 07:46 . 2013-03-29 07:46 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-29 07:46 . 2013-03-29 07:46 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-03-29 07:46 . 2013-03-29 07:46 441856 ----a-w- c:\windows\system32\html.iec
2013-03-29 07:46 . 2013-03-29 07:46 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-03-29 07:46 . 2013-03-29 07:46 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-03-29 07:46 . 2013-03-29 07:46 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-03-29 07:46 . 2013-03-29 07:46 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-29 07:46 . 2013-03-29 07:46 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-03-29 07:46 . 2013-03-29 07:46 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-03-29 07:46 . 2013-03-29 07:46 235008 ----a-w- c:\windows\system32\url.dll
2013-03-29 07:46 . 2013-03-29 07:46 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-03-29 07:46 . 2013-03-29 07:46 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-03-29 07:46 . 2013-03-29 07:46 216064 ----a-w- c:\windows\system32\msls31.dll
2013-03-29 07:46 . 2013-03-29 07:46 197120 ----a-w- c:\windows\system32\msrating.dll
2013-03-29 07:46 . 2013-03-29 07:46 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-03-29 07:46 . 2013-03-29 07:46 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-29 07:46 . 2013-03-29 07:46 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-03-29 07:46 . 2013-03-29 07:46 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-03-29 07:46 . 2013-03-29 07:46 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-29 07:46 . 2013-03-29 07:46 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-03-29 07:46 . 2013-03-29 07:46 149504 ----a-w- c:\windows\system32\occache.dll
2013-03-29 07:46 . 2013-03-29 07:46 144896 ----a-w- c:\windows\system32\wextract.exe
2013-03-29 07:46 . 2013-03-29 07:46 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-03-29 07:46 . 2013-03-29 07:46 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-03-29 07:46 . 2013-03-29 07:46 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-03-29 07:46 . 2013-03-29 07:46 13824 ----a-w- c:\windows\system32\mshta.exe
2013-03-29 07:46 . 2013-03-29 07:46 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-03-29 07:46 . 2013-03-29 07:46 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-03-29 07:46 . 2013-03-29 07:46 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-29 07:46 . 2013-03-29 07:46 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-03-29 07:46 . 2013-03-29 07:46 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-03-29 07:46 . 2013-03-29 07:46 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-03-29 07:46 . 2013-03-29 07:46 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-29 07:46 . 2013-03-29 07:46 102912 ----a-w- c:\windows\system32\inseng.dll
2013-03-29 07:44 . 2013-03-29 07:44 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-29 07:44 . 2013-03-29 07:44 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-29 07:44 . 2013-03-29 07:44 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-03-29 07:44 . 2013-03-29 07:44 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-03-29 07:44 . 2013-03-29 07:44 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-29 07:44 . 2013-03-29 07:44 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-29 07:44 . 2013-03-29 07:44 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-29 07:44 . 2013-03-29 07:44 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-29 07:44 . 2013-03-29 07:44 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-03-29 07:44 . 2013-03-29 07:44 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-03-29 07:44 . 2013-03-29 07:44 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-03-29 07:44 . 2013-03-29 07:44 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-29 07:44 . 2013-03-29 07:44 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-29 07:44 . 2013-03-29 07:44 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-03-29 07:44 . 2013-03-29 07:44 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-03-29 07:44 . 2013-03-29 07:44 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-03-29 07:44 . 2013-03-29 07:44 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-29 07:44 . 2013-03-29 07:44 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-29 07:44 . 2013-03-29 07:44 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-03-29 07:44 . 2013-03-29 07:44 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-03-29 07:44 . 2013-03-29 07:44 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-29 07:44 . 2013-03-29 07:44 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-29 07:44 . 2013-03-29 07:44 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-29 07:44 . 2013-03-29 07:44 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-29 07:44 . 2013-03-29 07:44 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-03-29 07:44 . 2013-03-29 07:44 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-03-29 07:44 . 2013-03-29 07:44 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-03-29 07:44 . 2013-03-29 07:44 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-03-29 07:44 . 2013-03-29 07:44 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-03-29 07:44 . 2013-03-29 07:44 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-03-29 07:44 . 2013-03-29 07:44 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-03-29 07:44 . 2013-03-29 07:44 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{3efefe31-d81e-4bd7-918f-d588cb409f39}"= "c:\program files (x86)\NCH_DE\prxtbNCH_.dll" [2013-05-16 231712]
.
[HKEY_CLASSES_ROOT\clsid\{3efefe31-d81e-4bd7-918f-d588cb409f39}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3efefe31-d81e-4bd7-918f-d588cb409f39}]
2013-05-16 12:13 231712 ----a-w- c:\program files (x86)\NCH_DE\prxtbNCH_.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-30 14:49 281760 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{3efefe31-d81e-4bd7-918f-d588cb409f39}"= "c:\program files (x86)\NCH_DE\prxtbNCH_.dll" [2013-05-16 231712]
.
[HKEY_CLASSES_ROOT\clsid\{3efefe31-d81e-4bd7-918f-d588cb409f39}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2012-05-05 4701120]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2012-12-05 247768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2009-06-23 468264]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-17 218408]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-06-22 60464]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-04-02 1234216]
"CloneCDTray"="c:\program files (x86)\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"MobileBroadband"="c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2012-03-20 69632]
"Iminent"="c:\program files (x86)\Iminent\Iminent.exe" [2013-06-07 1074736]
"IminentMessenger"="c:\program files (x86)\Iminent\Iminent.Messengers.exe" [2013-06-07 884784]
.
c:\users\Gerhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys;c:\windows\SYSNATIVE\DRIVERS\rrnetcap.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 SProtection;SProtection;c:\program files (x86)\Common Files\Umbrella\umbrella.exe;c:\program files (x86)\Common Files\Umbrella\umbrella.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S2 VmbService;Vodafone-Mobile-Broadband-Dienst;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]
S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys;c:\windows\SYSNATIVE\DRIVERS\rrnetcap.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 13:16]
.
2013-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-09 13:56]
.
2013-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-09 13:56]
.
2013-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-139721644-1476678736-2208258675-1001Core.job
- c:\users\Gerhard\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-29 13:24]
.
2013-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-139721644-1476678736-2208258675-1001UA.job
- c:\users\Gerhard\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-29 13:24]
.
2013-06-13 c:\windows\Tasks\PC Performer_DEFAULT.job
- c:\program files (x86)\PC Performer\PCPerformer.exe [2013-06-13 13:53]
.
2013-06-13 c:\windows\Tasks\PC Performer_UPDATES.job
- c:\program files (x86)\PC Performer\PCPerformer.exe [2013-06-13 13:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-30 14:49 342176 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-19 171520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.holasearch.com/?affID=121962&babsrc=HP_ss&mntrId=06AB0CEEE69D3510
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-HPADVISOR - c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{3EFEFE31-D81E-4BD7-918F-D588CB409F39} - (no file)
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:73,1d,a0,5c,4c,e2,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,77,43,88,8b,81,5e,9e,46,a1,b3,8a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,77,43,88,8b,81,5e,9e,46,a1,b3,8a,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-15 15:32:58
ComboFix-quarantined-files.txt 2013-06-15 13:32
.
Vor Suchlauf: 15 Verzeichnis(se), 291.643.944.960 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 292.576.108.544 Bytes frei
.
- - End Of File - - 1A879AC0C51CEA13957AC670B536B96E
FBF6A1D26A21FC12FC600ECEF12A81F3 [/QUOTE] |
|
15.06.2013, 14:59
| #10 |
| /// Malware-holic | Systemüberprüfung evtl. Virus Hi, malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.06.2013, 16:47
| #11 |
| | Systemüberprüfung evtl. Virus das gewünschte logfile Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.06.15.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16618 Gerhard :: LABTOP [Administrator] Schutz: Aktiviert 15.06.2013 16:07:23 mbam-log-2013-06-15 (16-07-23).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 502517 Laufzeit: 1 Stunde(n), 31 Minute(n), 22 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 1 C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
15.06.2013, 17:25
| #12 |
| /// Malware-holic | Systemüberprüfung evtl. Virus hi, lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.06.2013, 18:10
| #13 |
| | Systemüberprüfung evtl. Virus also habe mich abgesprochen ich soll alles was er als Rentner nicht braucht entfernen nur das für sein Hobby behalten ist nen haufen mist drauf den kein mensch kennt weil immer anderer die zu besuch sind den pc nutzen konnten wird jetzt abgeschafft  PC, Frau und Haus verleiht man nicht Code:
ATTFilter Acrobat.com Adobe Systems Incorporated 19.08.2009 1,60MB 1.6.65 unekannt Adobe AIR Adobe Systems Incorporated 23.05.2013 3.7.0.1860 nötig Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 12.06.2013 6,00MB 11.7.700.224 Nötig Adobe Photoshop Lightroom 3.4 64-bit Adobe 08.09.2011 381MB 3.4.1 unnötig Adobe Reader X (10.1.7) - Deutsch Adobe Systems Incorporated 16.05.2013 122MB 10.1.7 nötig AnyDVD SlySoft 05.05.2012 6.7.3.1 unnötig Audials Audials AG 11.11.2012 267MB 9.1.31900.0 unnötig avast! Free Antivirus AVAST Software 28.05.2013 8.0.1489.0 nötig Canon Easy-PhotoPrint EX 09.03.2012 nötig CCleaner Piriform 24.05.2013 4.02 unnötig CloneCD SlySoft 30.05.2011 unnötig CloneDVD2 Elaborate Bytes 30.05.2011 2.9.2.8 unnötig Compatibility Pack für 2007 Office System Microsoft Corporation 10.01.2013 286MB 12.0.6612.1000 nötig ConvertXtoDVD 4.1.19.365 20.03.2012 68,1MB 4.1.19.365 nötig CyberLink DVD Suite CyberLink Corp. 19.08.2009 17,4MB 6.0.3101 nötig CyberLink YouCam CyberLink Corp. 25.09.2009 78,3MB 2.0.3115 unbekannt Die ersten 10 Jahre 14.02.2011 1.00.0000 unbekannt DivxToDVD 0.5.2 VSO-Software SARL 04.03.2010 0.5.2 nötig DVD-Cover Printmaster 1.4 biu software 29.03.2012 524KB 1.4 unnötig Epson Stylus SX110_TX110 Handbuch 23.10.2010 unnötig EPSON SX110 Series Printer Uninstall SEIKO EPSON Corporation 04.02.2012 unnötig Firebird SQL Server - MAGIX Edition MAGIX AG 25.02.2012 11,5MB 2.1.31.0 unnötig Free YouTube to MP3 Converter version 3.12.0.128 DVDVideoSoft Ltd. 25.02.2013 72,7MB 3.12.0.128 unnötig Google Chrome Google Inc. 29.03.2012 27.0.1453.110 nötig Google Earth Plug-in Google 22.03.2013 80,7MB 7.0.3.8542 unnötig Google Toolbar for Internet Explorer Google Inc. 28.05.2013 7.4.3607.2246 unnötig Hdd Speed Test Tool v. 1.0.14 (RC 1) Marko Oette (oette.info) 20.09.2012 unnötig HP DVD Play 3.7 Hewlett-Packard 25.09.2009 3.7.0.6623 unnötig vorinstalliert HP Games WildTangent 25.09.2009 1.0.0.71unnötig vorinstalliert HP Quick Launch Buttons Hewlett-Packard Company 21.05.2010 6.50.16.1 unnötig vorinstalliert HP Setup Hewlett-Packard 19.08.2009 1.2.3220.3079 unnötig vorinstalliert HP Support Assistant Hewlett-Packard Company 20.03.2013 91,5MB 7.0.39.15 unnötig vorinstalliert HP Update Hewlett-Packard 19.08.2009 2,96MB 5.001.000.014 unnötig vorinstalliert HP User Guides 0148 Hewlett-Packard 19.08.2009 165MB 1.01.0005 unnötig vorinstalliert HP Wireless Assistant Hewlett-Packard 21.05.2010 4,00MB 3.50.11.2 unbekannt IDT Audio IDT 25.09.2009 1.0.6225.0 nötig Iminent Iminent 13.06.2013 6.23.53.0 unekannt Intel(R) Graphics Media Accelerator Driver Intel Corporation 25.09.2009 37,1GB nötig Java 7 Update 21 Oracle 07.03.2013 129MB 7.0.210 nötig (neuere version??) Java(TM) 6 Update 14 (64-bit) Sun Microsystems, Inc. 19.08.2009 90,6MB 6.0.140 unnötig JavaFX 2.1.1 Oracle Corporation 15.06.2012 20,8MB 2.1.1 unbekannt LabelPrint CyberLink Corp. 19.08.2009 280MB 2.5.1913 unbekannt LightScribe System Software LightScribe 25.09.2009 22,5MB 1.18.6.1 unbekannt Magic Desktop EasyBits Software AS 25.09.2009 unnötig vorinstalliert MAGIX Music Maker MX Production Suite Download-Version (Visuals) MAGIX AG 26.02.2012 1.0.0.0 unnötig MAGIX Screenshare MAGIX AG 25.02.2012 1,42MB 4.3.6.1987 unnötig MAGIX Speed burnR (MSI) MAGIX AG 25.02.2012 21,5MB 7.0.2.6 unnötig Malwarebytes Anti-Malware Version 1.75.0.1300 Malwarebytes Corporation 15.06.2013 19,2MB 1.75.0.1300 unnötig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 13.06.2013 38,8MB 4.0.30319 nötig Microsoft Office Enterprise 2007 Microsoft Corporation 15.03.2012 12.0.6612.1000 nötig Microsoft Office File Validation Add-In Microsoft Corporation 14.09.2011 7,95MB 14.0.5130.5003 nötig Microsoft Office Home and Student 2007 Microsoft Corporation 15.03.2012 12.0.6612.1000 nötig Microsoft Office Live Add-in 1.5 Microsoft Corporation 20.04.2012 508KB 2.0.4024.1 v nötig Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 10.01.2013 100MB 12.0.6612.1000 nötig Microsoft Office Suite Activation Assistant Microsoft Corporation 19.08.2009 8,36MB 2.9 nötig Microsoft Primary Interoperability Assemblies 2005 Microsoft Corporation 03.07.2010 7,71MB 8.0.50727.42 unbekannt Microsoft Silverlight Microsoft Corporation 13.03.2013 50,6MB 5.1.20125.0 nötig Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 25.09.2009 1,72MB 3.1.0000 nötig Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Corporation 30.01.2010 260KB 8.0.50727.4053 nötig Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 30.01.2010 252KB 8.0.50727.4053 nötig Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 16.06.2011 300KB 8.0.56336 nötig Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 16.06.2011 572KB 8.0.61000 nötig Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Corporation 08.06.2011 580KB 8.0.51011 nötig Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 30.01.2010 200KB 9.0.30729.4148 nötig Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 08.06.2011 598KB 9.0.30729.5570 nötig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 20.09.2011 788KB 9.0.30729 nötig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 21.09.2011 788KB 9.0.30729.6161 nötig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 28.01.2010 596KB 9.0.30729 nötig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 24.03.2010 594KB 9.0.30729.4148 nötig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 16.06.2011 600KB 9.0.30729.6161 nötig Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 09.03.2012 12,2MB 10.0.40219 nötig Microsoft Windows Media Video 9 VCM 07.03.2010 nötig Microsoft Works Microsoft Corporation 11.10.2012 1,18GB 9.7.0621 unnötig aber vorinstalliert MixPad Audiodatei-Mixer NCH Software 13.06.2013 unnötig Moorhuhn Pinball XXL 05.12.2010 nötig Moorhuhn WE AYCS 05.12.2010 nötig Move Media Player Move Networks 02.06.2010 nötig MSXML 4.0 SP2 (KB954430) Microsoft Corporation 30.01.2010 1,27MB 4.20.9870.0 unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 30.01.2010 1,33MB 4.20.9876.0 unbekannt MSXML 4.0 SP3 Parser Microsoft Corporation 25.02.2012 1nötig,47MB 4.30.2100.0 unbekannt MSXML 4.0 SP3 Parser (KB2721691) Microsoft Corporation 11.07.2012 1,53MB 4.30.2114.0 unbekannt MSXML 4.0 SP3 Parser (KB2758694) Microsoft Corporation 1tig0.01.2013 1,54MB 4.30.2117.0 unbekannt MSXML 4.0 SP3 Parser (KB973685) Microsoft Corporation 26.02.2012 1,53MB 4.30.2107.0 unbekannt muvee Reveal muvee Technologies Pte Ltd 25.09.2009 161MB 7.0.40.10061 unbekannt NCH_DE Toolbar NCH_DE 13.06.2013 6.13.3.1 unnötig Nero BackItUp 10 Nero AG 03.07.2010 107MB 5.4.11800.21.100 nötig Nero Burning ROM 10 Nero AG 03.07.2010 162MB 10.0.11100.10.100 nötig Nero BurnRights 10 Nero AG 03.07.2010 6,41MB 4.0.11000.12.100 nötig Nero CoverDesigner 10 Nero AG 03.07.2010 77,0MB 5.0.10900.11.100 nötig Nero DiscSpeed 10 Nero AG 03.07.2010 7,47MB 6.0.10800.7.100 nötig Nero Express 10 Nero AG 03.07.2010 159MB 10.0.11000.10.100 nötig Nero InfoTool 10 Nero AG 03.07.2010 8,35MB 7.0.10800.8.100 nötig Nero MediaHub 10 Nero AG 03.07.2010 157MB 1.0.13400.11.100 nötig Nero Multimedia Suite 10 Nero AG 03.07.2010 1,30GB 10.0.13200 nötig Nero Recode 10 Nero AG 03.07.2010 80,0MB 4.6.10900.4.100 nötig Nero RescueAgent 10 Nero AG 03.07.2010 6,82MB 3.0.10900.9.100 nötig Nero SoundTrax 10 Nero AG 03.07.2010 95,6MB 4.6.10600.2.100 nötig Nero StartSmart 10 Nero AG 03.07.2010 109MB 10.0.11200.12.100 nötig Nero Update Nero AG 03.07.2010 1,41MB 1.0.0017 nötig Nero Vision 10 Nero AG 03.07.2010 214MB 7.0.11100.8.100 nötig Nero WaveEditor 10 Nero AG 03.07.2010 76,6MB 5.6.10600.2.100 nötig PC Performer PerformerSoft LLC 13.06.2013 11,8MB 11.10 unnötig PhotoDVD 4.0.0.35 VSO Software SARL 22.08.2010 51,1MB 4.0.0.35 unbekannt Power2Go CyberLink Corp. 19.08.2009 199MB 6.0.3101 unbekannt PowerDirector CyberLink Corp. 19.08.2009 545MB 7.0.3101 unbekannt Realtek 8136 8168 8169 Ethernet Driver Realtek 25.09.2009 1.00.0007 nötig Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 25.09.2009 6.1.7100.30094 nötig simfy simfy AG 11.06.2013 1.7.3 nötig streamWriter 27.12.2011 5,20MB unbekannt und unnötig Text-To-Speech-Runtime Magix Development GmbH 25.02.2012 260KB 1.0.0.0 unbekannt TomTom HOME Ihr Firmenname 19.02.2013 48,5MB 2.9.3 nötig TomTom HOME Visual Studio Merge Modules TomTom International B.V. 19.02.2013 1,88MB 1.0.2 nötig Unreal Tournament G.O.T.Y. Edition 05.11.2010 unnötig Vodafone Mobile Broadband Vodafone 28.03.2013 65,5MB 10.3.203.38322 nötig VSO CopyToDVD 4 VSO Software 04.03.2010 4.3.1.2 unbekannt WavePad Audio-Editor NCH Software 13.06.2013 5.49 nötig WildTangent Games App WildTangent 17.05.2012 4.0.6.14 unbekannt WildTangent Games App (HP Games) WildTangent 22.12.2011 4.0.5.36 unbekannt Windows Live Anmelde-Assistent Microsoft Corporation 19.08.2009 1,93MB 5.000.818.5 unbekannt Windows Live Essentials Microsoft Corporation 19.08.2009 14.0.8064.0206 unbekannt Windows Live Sync Microsoft Corporation 25.09.2009 2,79MB 14.0.8064.206 unbekannt Windows Live-Uploadtool Microsoft Corporation 19.08.2009 224KB 14.0.8014.1029 unbekannt WinRAR 03.03.2010 nötig |
|
15.06.2013, 18:16
| #14 |
| /// Malware-holic | Systemüberprüfung evtl. Virus deinstaliere: Adobe Photoshop adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: AnyDVD Audials CloneCD CloneDVD2 Die ersten DVD-Cover EPSON : beide Firebird Free YouTube Google Earth Google Toolbar Hdd hp: alle außer HP Wireless Iminent Java(TM) 6 LabelPrint LightScribe Magic MAGIX : alle Malwarebytes MixPad Move : holt euch lieber vlc VideoLAN - Official page for VLC media player, the Open Source video framework! nur meine Meinung dazu deinstaliere: NCH_DE PC Performer PhotoDVD Power2Go PowerDirector streamWriter Text-To Unreal VSO WildTangent : beide Windows Live : alle für ihn unnötigen Öffne CCleaner, analysieren, starten, PC neustarten Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.06.2013, 20:00
| #15 |
| | Systemüberprüfung evtl. Virus so programme deinstalliert war ein riesenaufwand jetzt hab ich trotzdem noch ein Problem das sich bemerkbar gemacht hat beim schreiben springt der courser mittendrin einfach in der zeile zurück als ob jemand irgendwo anders hinklickt der rechner friert im browser und Desktop manchmal ein (keine rückmeldung) und die hp Programme liesen sich teilweise nicht deinstallieren pc hängt dann hier die letzte logfile Code:
ATTFilter # AdwCleaner v2.303 - Datei am 15/06/2013 um 20:53:45 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Gerhard - LABTOP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Gerhard\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\END
Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\Gerhard\AppData\Local\APN
Ordner Gelöscht : C:\Users\Gerhard\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Gerhard\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Gerhard\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Gerhard\AppData\Roaming\file scout
Ordner Gelöscht : C:\Users\Gerhard\AppData\Roaming\PerformerSoft
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3282494
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5b08f8bb335e941
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16611
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.holasearch.com/?affID=121962&babsrc=HP_ss&mntrId=06AB0CEEE69D3510 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
-\\ Google Chrome v27.0.1453.110
Datei : C:\Users\Gerhard\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.60] : icon_url = "hxxp://www.holasearch.com/favicon.ico",
Gelöscht [l.63] : keyword = "holasearch.com",
Gelöscht [l.67] : search_url = "hxxp://www.holasearch.com/?q={searchTerms}&affID=121962&babsrc=SP_ss&mntrId=0[...]
Gelöscht [l.2716] : urls_to_restore_on_startup = [ "hxxp://www.holasearch.com/?affID=121962&babsrc=HP_ss&mntrId[...]
*************************
AdwCleaner[S1].txt - [13292 octets] - [15/06/2013 20:53:45]
########## EOF - C:\AdwCleaner[S1].txt - [13353 octets] ##########
|
|
| Themen zu Systemüberprüfung evtl. Virus |
| automatisch, benötige, besonders, deinstallation, downloads, installieren, installiert, kaufen, nicht mehr, programm, recovery, registry, sonstiges, start, stehe, system, systemüberprüfung, treiber, vater, virus, vorgehen, wenig, wlan, wlan treiber |
WARNUNG an die MITLESER: 
Linear-Darstellung
