|
Plagegeister aller Art und deren Bekämpfung: Sm.de und Delta-Search beim Laden von ChromeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
16.06.2013, 17:13 | #1 |
| Sm.de und Delta-Search beim Laden von Chrome Hallo liebe Trojaner, nachdem ich einen Artikel über die Beseitigung von delta-search durchgearbeitet hatte, wende ich mich nun doch an euch, da ich das Problem leider nicht alleine beseitigen konnte. Das automatische Laden von Sm.de und delta-Search tritt nur unter Chrome auf. Ich habe die gewünschten Text-Dateien: OLT.txt, Extra.txt und Gmer.txt beigefügt. OTL: Code:
ATTFilter OTL logfile created on: 16.06.2013 15:13:00 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Arbeitskonto Bernd\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,86 Gb Available Physical Memory | 42,96% Memory free 4,00 Gb Paging File | 2,35 Gb Available in Paging File | 58,74% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 146,39 Gb Total Space | 97,09 Gb Free Space | 66,32% Space Free | Partition Type: NTFS Drive F: | 226,12 Gb Total Space | 225,97 Gb Free Space | 99,93% Space Free | Partition Type: NTFS Drive G: | 465,65 Gb Total Space | 395,94 Gb Free Space | 85,03% Space Free | Partition Type: FAT32 Drive H: | 465,76 Gb Total Space | 254,29 Gb Free Space | 54,60% Space Free | Partition Type: NTFS Computer Name: BERNDS-PC | User Name: Bernd | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.16 15:08:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Arbeitskonto Bernd\Downloads\OTL.exe PRC - [2013.06.05 21:31:36 | 012,418,400 | ---- | M] (SugarSync, Inc.) -- C:\Program Files (x86)\SugarSync\SugarSync.exe PRC - [2013.05.25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.08.30 22:26:56 | 000,202,328 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe PRC - [2012.08.15 14:50:54 | 006,054,824 | ---- | M] (Kaspersky Lab) -- C:\PROGRA~2\Kaspersky Lab\Kaspersky PURE 2.0\Kaspersky Password Manager\Module Retargetable Folder\stpass.exe PRC - [2012.08.13 11:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2012.08.13 11:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2012.08.03 14:29:10 | 003,400,600 | ---- | M] (ashampoo GmbH & Co. KG) -- C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe PRC - [2010.10.22 02:00:00 | 002,105,344 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe PRC - [2010.10.22 02:00:00 | 000,376,832 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe PRC - [2009.12.21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe ========== Modules (No Company Name) ========== MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\libcef.dll MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll MOD - [2012.08.30 22:24:20 | 007,422,392 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\QtGui4.dll MOD - [2012.08.30 22:24:18 | 001,270,200 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\QtScript4.dll MOD - [2012.08.30 22:24:18 | 000,192,952 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\QtSql4.dll MOD - [2012.08.30 22:24:16 | 002,453,944 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\QtDeclarative4.dll MOD - [2012.08.30 22:24:16 | 002,126,264 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\QtCore4.dll MOD - [2012.08.30 22:24:16 | 000,795,064 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\QtNetwork4.dll MOD - [2012.08.30 22:23:02 | 000,459,192 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\dblite.dll MOD - [2012.08.10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2012.08.03 14:29:16 | 000,042,904 | ---- | M] () -- C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\MouseHook.dll MOD - [2011.09.05 19:36:52 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qgif4.dll MOD - [2011.09.05 19:36:50 | 000,180,224 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qjpeg4.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.04.27 17:23:24 | 000,916,992 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysNative\atwtusb.exe -- (WTService) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.06.13 20:42:12 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.31 09:58:03 | 000,117,144 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.02.19 22:32:20 | 001,259,296 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.02.08 20:30:42 | 000,359,664 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2013.02.07 14:31:22 | 001,223,704 | ---- | M] (Secunia) [Disabled | Stopped] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent) SRV - [2013.02.07 14:31:20 | 000,660,504 | ---- | M] (Secunia) [Disabled | Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2012.09.26 13:25:07 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service) SRV - [2012.08.30 22:26:56 | 000,202,328 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe -- (AVP) SRV - [2010.10.22 02:00:00 | 000,376,832 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010.01.21 01:53:42 | 000,496,232 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM) SRV - [2010.01.21 01:53:42 | 000,209,000 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.12.21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) [Auto | Running] -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Disabled | Stopped] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.05.13 12:40:54 | 000,636,760 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2013.02.07 14:15:22 | 000,018,456 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf_amd64.sys -- (PSI) DRV:64bit: - [2013.01.30 13:11:50 | 000,347,904 | ---- | M] (EldoS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sscbfs3.sys -- (SSCBFS3) DRV:64bit: - [2013.01.03 10:17:38 | 000,079,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb) DRV:64bit: - [2013.01.03 10:17:38 | 000,077,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2013.01.03 10:17:38 | 000,061,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2013.01.03 10:17:38 | 000,015,752 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.02 12:31:04 | 000,177,152 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cxbu1x64.sys -- (cxbu1x64) DRV:64bit: - [2011.11.03 04:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2011.10.20 11:48:00 | 000,458,032 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1) DRV:64bit: - [2011.10.20 11:48:00 | 000,013,616 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.10.22 02:00:00 | 000,714,368 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fwlanusbn.sys -- (fwlanusbn) DRV:64bit: - [2010.10.22 02:00:00 | 000,014,120 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject) DRV:64bit: - [2010.09.30 21:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.09.30 21:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.03.04 18:26:58 | 000,349,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET) DRV:64bit: - [2009.12.14 12:44:24 | 000,085,048 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\CSCrySec.sys -- (CSCrySec) DRV:64bit: - [2009.12.14 12:44:24 | 000,066,104 | ---- | M] (Infowatch) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv) DRV:64bit: - [2009.11.24 18:33:50 | 000,028,264 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvamacpi.sys -- (nvamacpi) DRV:64bit: - [2009.11.02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2009.08.26 15:15:10 | 000,007,552 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\walvhid.sys -- (vhidmini) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.08 21:16:14 | 000,007,680 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\moufiltr.sys -- (moufiltr) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{54C92EDA-8FEF-42B8-9369-606684135B64}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=23A8E1C8-D151-4C13-918F-1FDFD816A9D8&apn_sauid=B0C19447-0D10-4A4A-B143-39F55CD828F2 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7BF003DA68-8256-4b37-A6C4-350FA04494DF%7D:6.5 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013.05.09 10:51:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\linkfilter@kaspersky.ru [2013.05.13 12:42:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\virtualKeyboard@kaspersky.ru [2013.05.13 12:42:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\KavAntiBanner@Kaspersky.ru [2013.05.13 12:41:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.16 10:14:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.05 19:15:23 | 000,000,000 | ---D | M] [2012.09.26 13:25:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bernd\AppData\Roaming\mozilla\Extensions [2013.05.20 12:53:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bernd\AppData\Roaming\mozilla\Firefox\Profiles\wuk9gph8.default\extensions [2013.05.20 12:53:55 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Bernd\AppData\Roaming\mozilla\firefox\profiles\wuk9gph8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.05.31 09:58:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.31 09:58:04 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.05.09 10:51:13 | 000,000,000 | ---D | M] (Logitech SetPoint) -- C:\PROGRAM FILES\LOGITECH\SETPOINTP\LOGISMOOTHFIREFOXEXT [2013.02.25 05:55:08 | 000,171,584 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\Microsoft Office\Office14\NPSPWRAP.DLL CHR - plugin: AdobeExManDetect (Enabled) = C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Arbeitskonto Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.1.288_0\plugin/npABPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Arbeitskonto Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.1.288_0\plugin/npVKPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Arbeitskonto Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.1.288_0\plugin/npUrlAdvisor.dll CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: AdobeExManDetect (Enabled) = C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U11 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll CHR - Extension: Google Docs = C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.2.733_0\ CHR - Extension: Logitech SetPoint = C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.52.74_0\ CHR - Extension: Virtuelle Tastatur = C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.2.733_0\ CHR - Extension: Google Mail = C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Anti-Banner = C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.2.733_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Programme\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Programme\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [NVRaidService] C:\Programme\NVIDIA Corporation\Raid\nvraidservice.exe (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\RunOnce: [*ForceDelete] C:\Users\Arbeitskonto Bernd\Downloads\adwcleaner.exe () O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\SysWow64\grpconv.exe (Microsoft Corporation) O4 - HKCU..\RunOnce: [Report] \AdwCleaner[S1].txt () O4 - HKCU..\RunOnce: [SyncAppRunOnce] C:\Program Files\Adobe\Adobe Creative Cloud Connection (64 Bit)\Creative Cloud Connection.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\Microsoft Office\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\Microsoft Office\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\Microsoft Office\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\Microsoft Office\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F941680-2485-4E9B-8964-6CE87202091A}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4ED5F535-8115-466B-8126-D6B81EB2C246}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O21:64bit: - SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\SysNative\SSCbFsMntNtf3.dll (EldoS Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\SysWOW64\SSCbFsMntNtf3.dll (EldoS Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:64bit: - SharedTaskScheduler: {C28617FD-4FE7-4043-AD51-C8132CE90106} - Virtual Storage Mount Notification - C:\Windows\SysNative\SSCbFsMntNtf3.dll (EldoS Corporation) O22 - SharedTaskScheduler: {C28617FD-4FE7-4043-AD51-C8132CE90106} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\SSCbFsMntNtf3.dll (EldoS Corporation) O32 - HKLM CDRom: AutoRun - 0 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.06 15:59:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari [2013.06.06 15:58:23 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Local\Apple [2013.06.06 15:58:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2013.06.06 15:58:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple ========== Files - Modified Within 30 Days ========== [2013.06.16 15:12:06 | 000,000,000 | ---- | M] () -- C:\Users\Bernd\defogger_reenable [2013.06.16 15:03:05 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.16 15:03:04 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.16 15:03:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.16 14:57:01 | 000,000,960 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3566009820-3197285289-3489268995-1003UA.job [2013.06.16 14:51:15 | 000,025,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.16 14:51:15 | 000,025,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.16 14:38:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.14 14:03:20 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3566009820-3197285289-3489268995-1003Core.job [2013.06.08 09:29:23 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.08 09:29:23 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.08 09:29:23 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.08 09:29:23 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.08 09:29:23 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.07 09:11:12 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.06.06 19:02:30 | 000,002,521 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk [2013.05.29 13:44:16 | 000,000,560 | ---- | M] () -- C:\Windows\ulead32.ini [2013.05.18 12:50:41 | 001,589,618 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== Files Created - No Company Name ========== [2013.06.16 15:12:06 | 000,000,000 | ---- | C] () -- C:\Users\Bernd\defogger_reenable [2013.06.06 15:59:58 | 000,002,533 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk [2013.06.06 15:59:58 | 000,002,521 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk [2013.06.06 15:58:19 | 000,002,563 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2013.05.17 19:17:02 | 001,589,618 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.04.17 22:17:39 | 000,000,188 | ---- | C] () -- C:\ProgramData\.vslscantool_path [2013.03.04 19:07:52 | 000,001,056 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2013.03.04 18:43:26 | 000,000,105 | R--- | C] () -- C:\ProgramData\Ppster.ini [2013.03.04 18:35:53 | 000,844,288 | ---- | C] () -- C:\Windows\RmTablet.exe [2013.02.11 11:28:24 | 000,000,033 | ---- | C] () -- C:\Users\Bernd\.STICK_TYP_VOREINSTELLUNG [2013.01.27 15:29:23 | 000,003,584 | ---- | C] () -- C:\Users\Bernd\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.01.24 18:54:09 | 000,000,755 | ---- | C] () -- C:\Users\Bernd\AppData\Local\recently-used.xbel [2012.09.27 13:26:00 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2012.09.26 10:05:25 | 000,000,560 | ---- | C] () -- C:\Windows\ulead32.ini [2012.09.25 16:56:04 | 000,017,408 | ---- | C] () -- C:\Users\Bernd\AppData\Local\WebpageIcons.db [2010.05.05 12:25:54 | 000,089,816 | ---- | C] () -- C:\Users\Bernd\AppData\Roaming\Elster-Bar.bmp [2009.06.15 15:39:34 | 000,324,137 | ---- | C] () -- C:\Users\Bernd\AppData\Roaming\elster_1001.jpg [2009.06.15 15:39:34 | 000,275,898 | ---- | C] () -- C:\Users\Bernd\AppData\Roaming\Bitmapwhite.bmp [2009.06.15 15:39:34 | 000,174,680 | ---- | C] () -- C:\Users\Bernd\AppData\Roaming\ELSTER.bmp [2009.06.15 15:39:34 | 000,174,678 | ---- | C] () -- C:\Users\Bernd\AppData\Roaming\ELSTER.orig.bmp [2009.06.15 15:39:34 | 000,127,002 | ---- | C] () -- C:\Users\Bernd\AppData\Roaming\offen0.jpg [2009.06.15 15:39:34 | 000,109,477 | ---- | C] () -- C:\Users\Bernd\AppData\Roaming\Nutzungsbedingungen GuDMW SW deutsch.rtf [2009.06.15 15:39:34 | 000,009,352 | ---- | C] () -- C:\Users\Bernd\AppData\Roaming\ST-GuDStarSignUSBTokenfuerELSTER.jpg ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.06.05 10:33:28 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\capella-software [2013.04.30 21:35:20 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\CloudSync [2012.09.27 20:10:30 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\Dropbox [2013.01.27 15:06:30 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\DVDVideoSoft [2013.02.12 16:37:00 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\eBookConverter [2013.01.24 17:50:52 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\inkscape [2013.05.09 10:52:26 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\Leadertech [2013.05.15 17:13:07 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\Notepad++ [2013.01.29 16:55:42 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\Nvu [2012.10.03 09:02:30 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\OpenOffice.org [2012.11.06 12:16:07 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\Orbit [2012.09.26 09:34:37 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\Ordner HP Share-to-Web [2012.12.31 19:04:46 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\SolidDocuments [2012.09.25 17:13:36 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\Thunderbird [2013.04.29 13:52:58 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\TuneUp Software ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 16.06.2013 15:13:00 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Arbeitskonto Bernd\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,86 Gb Available Physical Memory | 42,96% Memory free 4,00 Gb Paging File | 2,35 Gb Available in Paging File | 58,74% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 146,39 Gb Total Space | 97,09 Gb Free Space | 66,32% Space Free | Partition Type: NTFS Drive F: | 226,12 Gb Total Space | 225,97 Gb Free Space | 99,93% Space Free | Partition Type: NTFS Drive G: | 465,65 Gb Total Space | 395,94 Gb Free Space | 85,03% Space Free | Partition Type: FAT32 Drive H: | 465,76 Gb Total Space | 254,29 Gb Free Space | 54,60% Space Free | Partition Type: NTFS Computer Name: BERNDS-PC | User Name: Bernd | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) .js[@ = JSFile] -- C:\Program Files (x86)\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe (Macromedia, Inc.) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) .js [@ = JSFile] -- C:\Program Files (x86)\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe (Macromedia, Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) jsfile [open] -- "C:\Program Files (x86)\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1" (Macromedia, Inc.) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" () Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) jsfile [open] -- "C:\Program Files (x86)\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1" (Macromedia, Inc.) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" () Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03B00AA4-634B-486D-99F7-FAC09FD0F5FC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{0D193E47-6CF5-4484-824D-42948EFE9966}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{0D59DA52-D888-4525-8778-C1D481E8C322}" = lport=2869 | protocol=6 | dir=in | app=system | "{16DEA1AF-078B-46B7-8C0A-A133D9D72551}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{191C8993-3FA3-4A17-B282-897B631556E9}" = rport=139 | protocol=6 | dir=out | app=system | "{24A7148A-C8CF-4121-8298-5AABEFCC2F00}" = rport=445 | protocol=6 | dir=out | app=system | "{293491EA-A7F3-48F9-9F55-C901F47C4AB1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{31C79781-871D-4ACD-A4F2-95A73D532280}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{33567C6E-4768-4A91-B66E-0AD26BC812CE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{50FA527D-4C17-451C-866B-0B556C62F71B}" = lport=7682 | protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe edge inspect\edgeinspect.exe | "{555A155A-7720-470E-911F-E9C6B977BE45}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7C9F5DEA-069D-47EF-8DC6-7145C90A3B00}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8EA618ED-8FFE-4CAC-B035-2E55C9A653D7}" = lport=10243 | protocol=6 | dir=in | app=system | "{9A75E881-437E-472E-B739-E8BE161ED086}" = rport=10243 | protocol=6 | dir=out | app=system | "{B306A6F4-283B-49D1-ACFB-1202B34DEDC8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B674F553-BDFF-434E-9988-9AEC18BF9C7F}" = rport=138 | protocol=17 | dir=out | app=system | "{B9017B44-5B50-4507-B474-163C856F0269}" = lport=139 | protocol=6 | dir=in | app=system | "{BB5FE97D-3770-44A2-8992-B5232E9D0533}" = rport=137 | protocol=17 | dir=out | app=system | "{CACD059D-E3A5-4074-B93D-50CB083E74AE}" = lport=138 | protocol=17 | dir=in | app=system | "{DBBC0677-F44D-48B8-965C-ED6817A7157F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{E578A58B-9A66-4343-BEE3-21EF160029F7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E694BD13-E8D3-442A-879A-5E7CCF7714BF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{EF9AE0A9-749B-4FE5-8DF8-ED4C2FF2A4FC}" = lport=445 | protocol=6 | dir=in | app=system | "{F91D5449-3877-4DDA-87B9-CCDA0C871727}" = lport=137 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01102596-C954-4E86-8FED-AEA4071C4EB3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{056ECCB7-F4EA-4307-BCFC-A79E09F7933C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{0BD88ABE-228D-4D20-81E5-1429904D0F17}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{3A5E8DA2-41BB-4320-9E99-EEFDF275C78F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{41457AA9-B8CF-4562-8289-CA1718A35DD0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4A546A85-8A74-406F-8A4C-8061B7CD5B4C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{5E97E75C-927F-4509-8CA5-DB307DF074DD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{60AD63EF-70A0-42D8-A9D4-0F1E40BDCB2D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{673DC34C-5A1A-43B9-8AAA-6E9636DC5169}" = protocol=17 | dir=in | app=c:\users\arbeitskonto bernd\appdata\roaming\dropbox\bin\dropbox.exe | "{7AB12026-FA91-4330-8011-251C7BE30407}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{7D441278-661D-4DCE-876D-1E7CC43FDAC5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{9321E47E-BDEF-49E5-8933-6CD15CC85DD0}" = protocol=6 | dir=out | app=system | "{96FA182E-D3B9-4F63-8C43-912D324A36F9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{9E1B576E-D1EC-4214-A04E-57913926F3FB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{A070D9E2-7A77-45E9-A227-020FAF053EFB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A1B8E376-23F2-4C2E-A0E1-E6C6B6531E7E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{A34C7782-EA47-4263-851D-798ABE5A0223}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A50269D7-C0A8-418C-93FA-8D25C59EDFF3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{B52F46BE-8F3E-412A-82A5-6CF2041FE3E1}" = protocol=6 | dir=in | app=c:\users\arbeitskonto bernd\appdata\roaming\dropbox\bin\dropbox.exe | "{C1A6C400-3AA3-448E-A376-23479B61D6F1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{C6DE05A2-329A-4AA9-912C-5177018D2B48}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{F02685BB-0AED-486F-9989-F38D0BF706B5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{F5405B02-6EE6-4C93-996D-3574B24ADEA7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4800_series" = Canon iP4800 series Printer Driver "{19DCDC0D-9D87-46DB-A4B0-08B35AA333A3}" = Corel Shell Extension - 64Bit "{1C6C05E6-FF52-4A03-BCA5-1497579B0B89}" = calibre 64bit "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit) "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{636BAD38-26BC-4BD8-802B-F18ED2D48D65}" = G&D StarSign USB Token für ELSTER "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{939913F9-F134-4E9E-B879-BE6755B69952}" = USB CCID Smartcard Reader - Version 1.2.1.2 "{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 307.83 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 307.83 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CutePDF Writer Installation" = CutePDF Writer 2.9 "GPL Ghostscript 9.06" = GPL Ghostscript "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "RmTablet" = Tablet Driver With Macrokey Manager "sp6" = Logitech SetPoint 6.52 "VLC media player" = VLC media player 2.0.6 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{806422F8-8E0A-494A-A369-0F34F1B89160}" = CorelDRAW Essentials 4 - Extra Content "_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 "_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension "{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004 "{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE "{181241DD-2FC2-4CF9-94CE-97F3E37D6F0B}" = Adobe Edge Animate "{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph "{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content "{1C3DA126-D523-4089-BCCA-FA46FE34D6F8}" = Google Drive "{1EC083EE-5B76-4A2A-B95A-CAF460AA29D6}" = Adobe Touch App Plugins "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1 "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17 "{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl "{2D270A67-B7CD-4281-B2FE-60DF18D19B8E}" = Kaspersky PURE 2.0 "{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN "{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{41A12FFC-89E9-4743-A51E-00975CA31F40}" = Adobe Exchange Panel "{4932BCEA-E142-4A41-B3D2-0934EBE24CB4}" = Adobe Edge Reflow Preview "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL "{556F2137-B772-43BB-9A45-E0275234DD16}" = Free Notes & Office Ink "{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns "{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR "{668B80AF-D98F-42FC-8EE1-36252B03C5C9}_is1" = MIDI4all "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6 "{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA "{776B5EBF-72E9-4FBB-9CAB-F029F7500FFF}" = capella-scan 8.0 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager "{806422F8-8E0A-494A-A369-0F34F1B89160}" = CorelDRAW Essentials 4 - Extra Content "{893B3B44-0A1E-404B-8FE8-0A74509102A9}" = Adobe Creative Cloud Connection "{8A22263A-70C9-48CA-8C78-545ECBA566AE}" = capella-scan 8 Ergänzungswörterbücher "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4 "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 8.0 Professional Edition "{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch "{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager "{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw "{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR "{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6 "{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA "{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES "{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari "{C8550C86-A712-4219-AD4C-038C9FD1D149}" = Ulead PhotoImpact 11 "{CC452A50-5C87-4A1F-B295-445C3C69BF7D}" = NVIDIA MediaShield "{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension "{D3873CF8-9608-402B-88AD-D73B5FFAAED8}" = capella 7 "{D4BE5664-4F9A-4655-BCAB-A9E134DB365E}" = capella-scan 7.0 "{D830EE30-BF0C-42B7-A13C-927A379353ED}" = Adobe Edge Inspect "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.81 "Ashampoo Snap 5_is1" = Ashampoo Snap 5 v.5.1.5 "Audacity_is1" = Audacity 2.0.2 "Audiograbber" = Audiograbber 1.83 SE "Audiograbber-Lame" = Audiograbber MP3-Plugin (64 bit) "AVMWLANCLI" = AVM FRITZ!WLAN "AVS Screen Capture_is1" = AVS Screen Capture version 2.0.1 "AVS Update Manager_is1" = AVS Update Manager 1.0 "AVS Video Editor_is1" = AVS Video Editor 6 "AVS Video Recorder_is1" = AVS Video Recorder 2.5 "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4 "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager "com.adobe.WidgetBrowser" = Adobe Widget Browser "Demo-capella-Vienna-orchestra_is1" = Demo-capella-Vienna-orchestra 1.20 "Direct MIDI to MP3 Converter_is1" = Direct MIDI to MP3 Converter Version 7.0.0.0 "Driver Genius_is1" = Driver Genius "Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX "FileZilla Client" = FileZilla Client 3.7.0.1 "Finale NotePad 2012" = Finale NotePad 2012 "Google Chrome" = Google Chrome "Hear & Play Song Learner Pro_is1" = Hear & Play Song Learner Pro "Inkscape" = Inkscape 0.48.4 "InstallShield_{636BAD38-26BC-4BD8-802B-F18ED2D48D65}" = G&D StarSign USB Token für ELSTER "InstallWIX_{2D270A67-B7CD-4281-B2FE-60DF18D19B8E}" = Kaspersky PURE 2.0 "LAME_is1" = LAME v3.99.3 (for Windows) "MatheAss_is1" = MatheAss 8.2 "MediaNavigation.CDLabelPrint" = CD-LabelPrint "Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH "Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de) "Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NAVIGON Fresh" = NAVIGON Fresh 3.4.1 "Notepad++" = Notepad++ "Office14.SingleImage" = Microsoft Office Home and Student 2010 "Secunia PSI" = Secunia PSI (3.0.0.6005) "SugarSync" = SugarSync "Winamp" = Winamp ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 16.06.2013 06:18:36 | Computer Name = Bernds-PC | Source = MsiInstaller | ID = 11706 Description = Error - 16.06.2013 06:18:51 | Computer Name = Bernds-PC | Source = MsiInstaller | ID = 11706 Description = Error - 16.06.2013 06:53:50 | Computer Name = Bernds-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 27.0.1453.110, Zeitstempel: 0x51a566a7 Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003bc21 ID des fehlerhaften Prozesses: 0x15f8 Startzeit der fehlerhaften Anwendung: 0x01ce6a7720661ef6 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Pfad des fehlerhaften Moduls: C:\Windows\syswow64\ole32.dll Berichtskennung: 067f2562-d673-11e2-a6cc-246511c0671c Error - 16.06.2013 07:56:29 | Computer Name = Bernds-PC | Source = WinMgmt | ID = 10 Description = Error - 16.06.2013 08:29:50 | Computer Name = Bernds-PC | Source = WinMgmt | ID = 10 Description = Error - 16.06.2013 08:38:49 | Computer Name = Bernds-PC | Source = WinMgmt | ID = 10 Description = Error - 16.06.2013 08:48:52 | Computer Name = Bernds-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 27.0.1453.110, Zeitstempel: 0x51a566a7 Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003bc21 ID des fehlerhaften Prozesses: 0x1560 Startzeit der fehlerhaften Anwendung: 0x01ce6a8fa6ce265e Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Pfad des fehlerhaften Moduls: C:\Windows\syswow64\ole32.dll Berichtskennung: 18af660c-d683-11e2-8e88-246511c0671c Error - 16.06.2013 09:12:55 | Computer Name = Bernds-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 27.0.1453.110, Zeitstempel: 0x51a566a7 Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003bc21 ID des fehlerhaften Prozesses: 0x260 Startzeit der fehlerhaften Anwendung: 0x01ce6a90500a61c9 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Pfad des fehlerhaften Moduls: C:\Windows\syswow64\ole32.dll Berichtskennung: 7480cb97-d686-11e2-8e88-246511c0671c Error - 16.06.2013 09:15:03 | Computer Name = Bernds-PC | Source = MsiInstaller | ID = 11706 Description = Error - 16.06.2013 09:15:16 | Computer Name = Bernds-PC | Source = MsiInstaller | ID = 11706 Description = [ System Events ] Error - 16.06.2013 08:01:46 | Computer Name = Bernds-PC | Source = WMPNetworkSvc | ID = 866300 Description = Error - 16.06.2013 08:27:31 | Computer Name = Bernds-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6 Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten. Error - 16.06.2013 08:27:50 | Computer Name = Bernds-PC | Source = SCardSvr | ID = 602 Description = Error - 16.06.2013 08:30:36 | Computer Name = Bernds-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht. Error - 16.06.2013 08:31:06 | Computer Name = Bernds-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht. Error - 16.06.2013 08:34:59 | Computer Name = Bernds-PC | Source = Service Control Manager | ID = 7034 Description = Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 16.06.2013 08:38:04 | Computer Name = Bernds-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6 Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten. Error - 16.06.2013 08:38:19 | Computer Name = Bernds-PC | Source = SCardSvr | ID = 602 Description = Error - 16.06.2013 08:40:52 | Computer Name = Bernds-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SysMain erreicht. Error - 16.06.2013 08:42:48 | Computer Name = Bernds-PC | Source = DCOM | ID = 10010 Description = < End of report > Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-06-16 17:48:59 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000063 SAMSUNG_ rev.CT10 372,61GB Running: gmer_2.1.19163.exe; Driver: C:\Users\Bernd\AppData\Local\Temp\pwdiipog.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe[1624] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077a90018 5 bytes JMP 000000016b8c17e3 .text C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe[2636] C:\Windows\syswow64\PSAPI.dll!GetModuleFileNameExW + 17 0000000076e91401 2 bytes JMP 000000010779a47c .text C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe[2636] C:\Windows\syswow64\PSAPI.dll!EnumProcessModules + 17 0000000076e91419 2 bytes JMP 000000010779a494 .text C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe[2636] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 17 0000000076e91431 2 bytes JMP 000000010779a4ac .text C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe[2636] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 42 0000000076e9144a 2 bytes JMP 0000000076f5fcc5 .text ... * 9 .text C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe[2636] C:\Windows\syswow64\PSAPI.dll!EnumDeviceDrivers + 17 0000000076e914dd 2 bytes JMP 000000010779a558 .text C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe[2636] C:\Windows\syswow64\PSAPI.dll!GetDeviceDriverBaseNameA + 17 0000000076e914f5 2 bytes JMP 000000010779a570 .text C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe[2636] C:\Windows\syswow64\PSAPI.dll!QueryWorkingSetEx + 17 0000000076e9150d 2 bytes JMP 000000010779a588 .text C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe[2636] C:\Windows\syswow64\PSAPI.dll!GetDeviceDriverBaseNameW + 17 0000000076e91525 2 bytes JMP 000000010779a5a0 .text C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe[2636] C:\Windows\syswow64\PSAPI.dll!GetModuleBaseNameW + 17 0000000076e9153d 2 bytes JMP 000000010779a5b8 .text C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe[2636] C:\Windows\syswow64\PSAPI.dll!EnumProcesses + 17 0000000076e91555 2 bytes JMP 000000010779a5d0 .text C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe[2636] C:\Windows\syswow64\PSAPI.dll!GetProcessMemoryInfo + 17 0000000076e9156d 2 bytes JMP 000000010779a5e8 .text C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe[2636] C:\Windows\syswow64\PSAPI.dll!GetPerformanceInfo + 17 0000000076e91585 2 bytes JMP 000000010779a600 .text C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe[2636] C:\Windows\syswow64\PSAPI.dll!QueryWorkingSet + 17 0000000076e9159d 2 bytes JMP 000000010779a618 .text C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe[2636] C:\Windows\syswow64\PSAPI.dll!GetModuleBaseNameA + 17 0000000076e915b5 2 bytes JMP 000000010779a630 .text C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe[2636] C:\Windows\syswow64\PSAPI.dll!GetModuleFileNameExA + 17 0000000076e915cd 2 bytes JMP 000000015d37ce48 .text C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe[2636] C:\Windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 20 0000000076e916b2 2 bytes JMP 000000010779a72d .text C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe[2636] C:\Windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 31 0000000076e916bd 2 bytes JMP 000000010779a738 .text C:\Program Files (x86)\SugarSync\SugarSync.exe[408] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076e91401 2 bytes JMP 000000010779a47c .text C:\Program Files (x86)\SugarSync\SugarSync.exe[408] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076e91419 2 bytes JMP 000000010779a494 .text C:\Program Files (x86)\SugarSync\SugarSync.exe[408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076e91431 2 bytes JMP 000000010779a4ac .text C:\Program Files (x86)\SugarSync\SugarSync.exe[408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076e9144a 2 bytes JMP 0000000076f5fcc5 .text ... * 9 .text C:\Program Files (x86)\SugarSync\SugarSync.exe[408] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076e914dd 2 bytes JMP 000000010779a558 .text C:\Program Files (x86)\SugarSync\SugarSync.exe[408] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076e914f5 2 bytes JMP 000000010779a570 .text C:\Program Files (x86)\SugarSync\SugarSync.exe[408] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076e9150d 2 bytes JMP 000000010779a588 .text C:\Program Files (x86)\SugarSync\SugarSync.exe[408] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076e91525 2 bytes JMP 000000010779a5a0 .text C:\Program Files (x86)\SugarSync\SugarSync.exe[408] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076e9153d 2 bytes JMP 000000010779a5b8 .text C:\Program Files (x86)\SugarSync\SugarSync.exe[408] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076e91555 2 bytes JMP 000000010779a5d0 .text C:\Program Files (x86)\SugarSync\SugarSync.exe[408] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076e9156d 2 bytes JMP 000000010779a5e8 .text C:\Program Files (x86)\SugarSync\SugarSync.exe[408] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076e91585 2 bytes JMP 000000010779a600 .text C:\Program Files (x86)\SugarSync\SugarSync.exe[408] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076e9159d 2 bytes JMP 000000010779a618 .text C:\Program Files (x86)\SugarSync\SugarSync.exe[408] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076e915b5 2 bytes JMP 000000010779a630 .text C:\Program Files (x86)\SugarSync\SugarSync.exe[408] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076e915cd 2 bytes JMP 000000015d37ce48 .text C:\Program Files (x86)\SugarSync\SugarSync.exe[408] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076e916b2 2 bytes JMP 000000010779a72d .text C:\Program Files (x86)\SugarSync\SugarSync.exe[408] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076e916bd 2 bytes JMP 000000010779a738 .text C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\Dropbox.exe[3108] C:\Windows\syswow64\PSAPI.dll!GetModuleFileNameExW + 17 0000000076e91401 2 bytes JMP 000000010779a47c .text C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\Dropbox.exe[3108] C:\Windows\syswow64\PSAPI.dll!EnumProcessModules + 17 0000000076e91419 2 bytes JMP 000000010779a494 .text C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\Dropbox.exe[3108] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 17 0000000076e91431 2 bytes JMP 000000010779a4ac .text C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\Dropbox.exe[3108] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 42 0000000076e9144a 2 bytes JMP 0000000076f5fcc5 .text ... * 9 .text C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\Dropbox.exe[3108] C:\Windows\syswow64\PSAPI.dll!EnumDeviceDrivers + 17 0000000076e914dd 2 bytes JMP 000000010779a558 .text C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\Dropbox.exe[3108] C:\Windows\syswow64\PSAPI.dll!GetDeviceDriverBaseNameA + 17 0000000076e914f5 2 bytes JMP 000000010779a570 .text C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\Dropbox.exe[3108] C:\Windows\syswow64\PSAPI.dll!QueryWorkingSetEx + 17 0000000076e9150d 2 bytes JMP 000000010779a588 .text C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\Dropbox.exe[3108] C:\Windows\syswow64\PSAPI.dll!GetDeviceDriverBaseNameW + 17 0000000076e91525 2 bytes JMP 000000010779a5a0 .text C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\Dropbox.exe[3108] C:\Windows\syswow64\PSAPI.dll!GetModuleBaseNameW + 17 0000000076e9153d 2 bytes JMP 000000010779a5b8 .text C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\Dropbox.exe[3108] C:\Windows\syswow64\PSAPI.dll!EnumProcesses + 17 0000000076e91555 2 bytes JMP 000000010779a5d0 .text C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\Dropbox.exe[3108] C:\Windows\syswow64\PSAPI.dll!GetProcessMemoryInfo + 17 0000000076e9156d 2 bytes JMP 000000010779a5e8 .text C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\Dropbox.exe[3108] C:\Windows\syswow64\PSAPI.dll!GetPerformanceInfo + 17 0000000076e91585 2 bytes JMP 000000010779a600 .text C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\Dropbox.exe[3108] C:\Windows\syswow64\PSAPI.dll!QueryWorkingSet + 17 0000000076e9159d 2 bytes JMP 000000010779a618 .text C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\Dropbox.exe[3108] C:\Windows\syswow64\PSAPI.dll!GetModuleBaseNameA + 17 0000000076e915b5 2 bytes JMP 000000010779a630 .text C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\Dropbox.exe[3108] C:\Windows\syswow64\PSAPI.dll!GetModuleFileNameExA + 17 0000000076e915cd 2 bytes JMP 000000015d37ce48 .text C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\Dropbox.exe[3108] C:\Windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 20 0000000076e916b2 2 bytes JMP 000000010779a72d .text C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\Dropbox.exe[3108] C:\Windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 31 0000000076e916bd 2 bytes JMP 000000010779a738 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3304] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076e91401 2 bytes JMP 000000010779a47c .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3304] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076e91419 2 bytes JMP 000000010779a494 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076e91431 2 bytes JMP 000000010779a4ac .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076e9144a 2 bytes JMP 0000000076f5fcc5 .text ... * 9 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3304] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076e914dd 2 bytes JMP 000000010779a558 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3304] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076e914f5 2 bytes JMP 000000010779a570 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3304] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076e9150d 2 bytes JMP 000000010779a588 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3304] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076e91525 2 bytes JMP 000000010779a5a0 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3304] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076e9153d 2 bytes JMP 000000010779a5b8 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3304] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076e91555 2 bytes JMP 000000010779a5d0 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3304] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076e9156d 2 bytes JMP 000000010779a5e8 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3304] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076e91585 2 bytes JMP 000000010779a600 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3304] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076e9159d 2 bytes JMP 000000010779a618 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3304] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076e915b5 2 bytes JMP 000000010779a630 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3304] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076e915cd 2 bytes JMP 000000015d37ce48 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3304] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076e916b2 2 bytes JMP 000000010779a72d .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3304] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076e916bd 2 bytes JMP 000000010779a738 .text C:\Program Files (x86)\avmwlanstick\WLanGUI.exe[3468] C:\Windows\syswow64\PSAPI.dll!GetModuleFileNameExW + 17 0000000076e91401 2 bytes JMP 000000010779a47c .text C:\Program Files (x86)\avmwlanstick\WLanGUI.exe[3468] C:\Windows\syswow64\PSAPI.dll!EnumProcessModules + 17 0000000076e91419 2 bytes JMP 000000010779a494 .text C:\Program Files (x86)\avmwlanstick\WLanGUI.exe[3468] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 17 0000000076e91431 2 bytes JMP 000000010779a4ac .text C:\Program Files (x86)\avmwlanstick\WLanGUI.exe[3468] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 42 0000000076e9144a 2 bytes JMP 0000000076f5fcc5 .text ... * 9 .text C:\Program Files (x86)\avmwlanstick\WLanGUI.exe[3468] C:\Windows\syswow64\PSAPI.dll!EnumDeviceDrivers + 17 0000000076e914dd 2 bytes JMP 000000010779a558 .text C:\Program Files (x86)\avmwlanstick\WLanGUI.exe[3468] C:\Windows\syswow64\PSAPI.dll!GetDeviceDriverBaseNameA + 17 0000000076e914f5 2 bytes JMP 000000010779a570 .text C:\Program Files (x86)\avmwlanstick\WLanGUI.exe[3468] C:\Windows\syswow64\PSAPI.dll!QueryWorkingSetEx + 17 0000000076e9150d 2 bytes JMP 000000010779a588 .text C:\Program Files (x86)\avmwlanstick\WLanGUI.exe[3468] C:\Windows\syswow64\PSAPI.dll!GetDeviceDriverBaseNameW + 17 0000000076e91525 2 bytes JMP 000000010779a5a0 .text C:\Program Files (x86)\avmwlanstick\WLanGUI.exe[3468] C:\Windows\syswow64\PSAPI.dll!GetModuleBaseNameW + 17 0000000076e9153d 2 bytes JMP 000000010779a5b8 .text C:\Program Files (x86)\avmwlanstick\WLanGUI.exe[3468] C:\Windows\syswow64\PSAPI.dll!EnumProcesses + 17 0000000076e91555 2 bytes JMP 000000010779a5d0 .text C:\Program Files (x86)\avmwlanstick\WLanGUI.exe[3468] C:\Windows\syswow64\PSAPI.dll!GetProcessMemoryInfo + 17 0000000076e9156d 2 bytes JMP 000000010779a5e8 .text C:\Program Files (x86)\avmwlanstick\WLanGUI.exe[3468] C:\Windows\syswow64\PSAPI.dll!GetPerformanceInfo + 17 0000000076e91585 2 bytes JMP 000000010779a600 .text C:\Program Files (x86)\avmwlanstick\WLanGUI.exe[3468] C:\Windows\syswow64\PSAPI.dll!QueryWorkingSet + 17 0000000076e9159d 2 bytes JMP 000000010779a618 .text C:\Program Files (x86)\avmwlanstick\WLanGUI.exe[3468] C:\Windows\syswow64\PSAPI.dll!GetModuleBaseNameA + 17 0000000076e915b5 2 bytes JMP 000000010779a630 .text C:\Program Files (x86)\avmwlanstick\WLanGUI.exe[3468] C:\Windows\syswow64\PSAPI.dll!GetModuleFileNameExA + 17 0000000076e915cd 2 bytes JMP 000000015d37ce48 .text C:\Program Files (x86)\avmwlanstick\WLanGUI.exe[3468] C:\Windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 20 0000000076e916b2 2 bytes JMP 000000010779a72d .text C:\Program Files (x86)\avmwlanstick\WLanGUI.exe[3468] C:\Windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 31 0000000076e916bd 2 bytes JMP 000000010779a738 .text C:\PROGRA~2\Kaspersky Lab\Kaspersky PURE 2.0\Kaspersky Password Manager\Module Retargetable Folder\stpass.exe[3728] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 0000000075274945 6 bytes JMP 5f070f5a .text C:\PROGRA~2\Kaspersky Lab\Kaspersky PURE 2.0\Kaspersky Password Manager\Module Retargetable Folder\stpass.exe[3728] C:\Windows\syswow64\USER32.dll!LoadStringW 00000000767b8eb9 6 bytes JMP 5f040f5a .text C:\PROGRA~2\Kaspersky Lab\Kaspersky PURE 2.0\Kaspersky Password Manager\Module Retargetable Folder\stpass.exe[3728] C:\Windows\syswow64\PSAPI.dll!GetModuleFileNameExW + 17 0000000076e91401 2 bytes JMP 000000010779a47c .text C:\PROGRA~2\Kaspersky Lab\Kaspersky PURE 2.0\Kaspersky Password Manager\Module Retargetable Folder\stpass.exe[3728] C:\Windows\syswow64\PSAPI.dll!EnumProcessModules + 17 0000000076e91419 2 bytes JMP 000000010779a494 .text C:\PROGRA~2\Kaspersky Lab\Kaspersky PURE 2.0\Kaspersky Password Manager\Module Retargetable Folder\stpass.exe[3728] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 17 0000000076e91431 2 bytes JMP 000000010779a4ac .text C:\PROGRA~2\Kaspersky Lab\Kaspersky PURE 2.0\Kaspersky Password Manager\Module Retargetable Folder\stpass.exe[3728] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 42 0000000076e9144a 2 bytes JMP 0000000076f5fcc5 .text ... * 9 .text C:\PROGRA~2\Kaspersky Lab\Kaspersky PURE 2.0\Kaspersky Password Manager\Module Retargetable Folder\stpass.exe[3728] C:\Windows\syswow64\PSAPI.dll!EnumDeviceDrivers + 17 0000000076e914dd 2 bytes JMP 000000010779a558 .text C:\PROGRA~2\Kaspersky Lab\Kaspersky PURE 2.0\Kaspersky Password Manager\Module Retargetable Folder\stpass.exe[3728] C:\Windows\syswow64\PSAPI.dll!GetDeviceDriverBaseNameA + 17 0000000076e914f5 2 bytes JMP 000000010779a570 .text C:\PROGRA~2\Kaspersky Lab\Kaspersky PURE 2.0\Kaspersky Password Manager\Module Retargetable Folder\stpass.exe[3728] C:\Windows\syswow64\PSAPI.dll!QueryWorkingSetEx + 17 0000000076e9150d 2 bytes JMP 000000010779a588 .text C:\PROGRA~2\Kaspersky Lab\Kaspersky PURE 2.0\Kaspersky Password Manager\Module Retargetable Folder\stpass.exe[3728] C:\Windows\syswow64\PSAPI.dll!GetDeviceDriverBaseNameW + 17 0000000076e91525 2 bytes JMP 000000010779a5a0 .text C:\PROGRA~2\Kaspersky Lab\Kaspersky PURE 2.0\Kaspersky Password Manager\Module Retargetable Folder\stpass.exe[3728] C:\Windows\syswow64\PSAPI.dll!GetModuleBaseNameW + 17 0000000076e9153d 2 bytes JMP 000000010779a5b8 .text C:\PROGRA~2\Kaspersky Lab\Kaspersky PURE 2.0\Kaspersky Password Manager\Module Retargetable Folder\stpass.exe[3728] C:\Windows\syswow64\PSAPI.dll!EnumProcesses + 17 0000000076e91555 2 bytes JMP 000000010779a5d0 .text C:\PROGRA~2\Kaspersky Lab\Kaspersky PURE 2.0\Kaspersky Password Manager\Module Retargetable Folder\stpass.exe[3728] C:\Windows\syswow64\PSAPI.dll!GetProcessMemoryInfo + 17 0000000076e9156d 2 bytes JMP 000000010779a5e8 .text C:\PROGRA~2\Kaspersky Lab\Kaspersky PURE 2.0\Kaspersky Password Manager\Module Retargetable Folder\stpass.exe[3728] C:\Windows\syswow64\PSAPI.dll!GetPerformanceInfo + 17 0000000076e91585 2 bytes JMP 000000010779a600 .text C:\PROGRA~2\Kaspersky Lab\Kaspersky PURE 2.0\Kaspersky Password Manager\Module Retargetable Folder\stpass.exe[3728] C:\Windows\syswow64\PSAPI.dll!QueryWorkingSet + 17 0000000076e9159d 2 bytes JMP 000000010779a618 .text C:\PROGRA~2\Kaspersky Lab\Kaspersky PURE 2.0\Kaspersky Password Manager\Module Retargetable Folder\stpass.exe[3728] C:\Windows\syswow64\PSAPI.dll!GetModuleBaseNameA + 17 0000000076e915b5 2 bytes JMP 000000010779a630 .text C:\PROGRA~2\Kaspersky Lab\Kaspersky PURE 2.0\Kaspersky Password Manager\Module Retargetable Folder\stpass.exe[3728] C:\Windows\syswow64\PSAPI.dll!GetModuleFileNameExA + 17 0000000076e915cd 2 bytes JMP 000000015d37ce48 .text C:\PROGRA~2\Kaspersky Lab\Kaspersky PURE 2.0\Kaspersky Password Manager\Module Retargetable Folder\stpass.exe[3728] C:\Windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 20 0000000076e916b2 2 bytes JMP 000000010779a72d .text C:\PROGRA~2\Kaspersky Lab\Kaspersky PURE 2.0\Kaspersky Password Manager\Module Retargetable Folder\stpass.exe[3728] C:\Windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 31 0000000076e916bd 2 bytes JMP 000000010779a738 ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\svchost.exe [488:5904] 000007fef76e6ed4 Thread C:\Windows\system32\svchost.exe [488:5908] 000007fef76e6b8c Thread C:\Windows\System32\svchost.exe [412:4436] 000007feea9b9688 ---- EOF - GMER 2.1 ---- |
16.06.2013, 17:42 | #2 |
/// Malware-holic | Sm.de und Delta-Search beim Laden von Chrome Hi,
__________________poste das adwcleaner log bitte. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
16.06.2013, 18:17 | #3 |
| Sm.de und Delta-Search beim Laden von Chrome Hallo markusg,
__________________hierkommen die logs: adwcleaner AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.303 - Datei am 16/06/2013 um 18:55:47 erstellt # Aktualisiert am 08/06/2013 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits) # Benutzer : Bernd - BERNDS-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Arbeitskonto Bernd\Downloads\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** ***** [Registrierungsdatenbank] ***** ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16490 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v21.0 (de) Datei : C:\Users\Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\wuk9gph8.default\prefs.js [OK] Die Datei ist sauber. Datei : C:\Users\Arbeitskonto Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\9xvjz5ff.default\prefs.js [OK] Die Datei ist sauber. -\\ Google Chrome v27.0.1453.110 Datei : C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. Datei : C:\Users\Arbeitskonto Bernd\AppData\Local\Google\Chrome\User Data\Default\Preferences Gelöscht [l.3476] : urls_to_restore_on_startup = [ "hxxps://www.google.de/webhp?hl=de&source=hp&btnG=Google-Suche[...] ************************* AdwCleaner[S1].txt - [15204 octets] - [16/06/2013 14:18:50] AdwCleaner[S2].txt - [1305 octets] - [16/06/2013 18:55:47] ########## EOF - \AdwCleaner[S2].txt - [1365 octets] ########## TDSSKiller Code:
ATTFilter 19:07:03.0848 1156 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 19:07:10.0351 1156 ============================================================ 19:07:10.0351 1156 Current date / time: 2013/06/16 19:07:10.0351 19:07:10.0351 1156 SystemInfo: 19:07:10.0351 1156 19:07:10.0351 1156 OS Version: 6.1.7601 ServicePack: 1.0 19:07:10.0351 1156 Product type: Workstation 19:07:10.0351 1156 ComputerName: BERNDS-PC 19:07:10.0351 1156 UserName: Bernd 19:07:10.0351 1156 Windows directory: C:\Windows 19:07:10.0351 1156 System windows directory: C:\Windows 19:07:10.0351 1156 Running under WOW64 19:07:10.0351 1156 Processor architecture: Intel x64 19:07:10.0351 1156 Number of processors: 2 19:07:10.0352 1156 Page size: 0x1000 19:07:10.0352 1156 Boot type: Normal boot 19:07:10.0352 1156 ============================================================ 19:07:30.0574 1156 Drive \Device\Harddisk0\DR0 - Size: 0x5D27216000 (372.61 Gb), SectorSize: 0x200, Cylinders: 0x2CD34, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040 19:07:30.0579 1156 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 19:07:30.0580 1156 Drive \Device\Harddisk2\DR2 - Size: 0x7470C05A00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 19:07:34.0256 1156 ============================================================ 19:07:34.0256 1156 \Device\Harddisk0\DR0: 19:07:34.0264 1156 MBR partitions: 19:07:34.0264 1156 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 19:07:34.0265 1156 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x124C6000 19:07:34.0265 1156 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x124F8800, BlocksNum 0x1C43F800 19:07:34.0265 1156 \Device\Harddisk1\DR1: 19:07:34.0265 1156 MBR partitions: 19:07:34.0265 1156 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02 19:07:34.0265 1156 \Device\Harddisk2\DR2: 19:07:34.0277 1156 MBR partitions: 19:07:34.0277 1156 \Device\Harddisk2\DR2\Partition1: MBR, Type 0xC, StartLBA 0x800, BlocksNum 0x3A384800 19:07:34.0277 1156 ============================================================ 19:07:34.0314 1156 C: <-> \Device\Harddisk0\DR0\Partition2 19:07:34.0320 1156 G: <-> \Device\Harddisk2\DR2\Partition1 19:07:34.0354 1156 H: <-> \Device\Harddisk1\DR1\Partition1 19:07:34.0390 1156 F: <-> \Device\Harddisk0\DR0\Partition3 19:07:34.0391 1156 ============================================================ 19:07:34.0391 1156 Initialize success 19:07:34.0391 1156 ============================================================ 19:07:58.0687 4804 ============================================================ 19:07:58.0687 4804 Scan started 19:07:58.0687 4804 Mode: Manual; SigCheck; TDLFS; 19:07:58.0687 4804 ============================================================ 19:08:00.0346 4804 ================ Scan system memory ======================== 19:08:00.0347 4804 System memory - ok 19:08:00.0347 4804 ================ Scan services ============================= 19:08:00.0772 4804 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 19:08:09.0936 4804 1394ohci - ok 19:08:09.0966 4804 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 19:08:09.0988 4804 ACPI - ok 19:08:10.0032 4804 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 19:08:10.0096 4804 AcpiPmi - ok 19:08:10.0225 4804 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 19:08:10.0242 4804 AdobeARMservice - ok 19:08:10.0367 4804 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 19:08:10.0383 4804 AdobeFlashPlayerUpdateSvc - ok 19:08:10.0417 4804 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 19:08:10.0443 4804 adp94xx - ok 19:08:10.0482 4804 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 19:08:10.0504 4804 adpahci - ok 19:08:10.0525 4804 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 19:08:10.0544 4804 adpu320 - ok 19:08:10.0574 4804 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 19:08:10.0695 4804 AeLookupSvc - ok 19:08:10.0750 4804 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 19:08:10.0810 4804 AFD - ok 19:08:10.0834 4804 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 19:08:10.0851 4804 agp440 - ok 19:08:10.0872 4804 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 19:08:10.0920 4804 ALG - ok 19:08:10.0949 4804 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 19:08:10.0964 4804 aliide - ok 19:08:10.0980 4804 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 19:08:10.0995 4804 amdide - ok 19:08:11.0021 4804 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 19:08:11.0056 4804 AmdK8 - ok 19:08:11.0077 4804 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 19:08:11.0113 4804 AmdPPM - ok 19:08:11.0234 4804 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 19:08:11.0283 4804 amdsata - ok 19:08:11.0303 4804 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 19:08:11.0322 4804 amdsbs - ok 19:08:11.0342 4804 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 19:08:11.0373 4804 amdxata - ok 19:08:11.0397 4804 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 19:08:11.0540 4804 AppID - ok 19:08:11.0562 4804 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 19:08:11.0624 4804 AppIDSvc - ok 19:08:11.0662 4804 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll 19:08:11.0710 4804 Appinfo - ok 19:08:11.0790 4804 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll 19:08:11.0839 4804 AppMgmt - ok 19:08:11.0862 4804 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 19:08:11.0879 4804 arc - ok 19:08:11.0908 4804 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 19:08:11.0924 4804 arcsas - ok 19:08:12.0041 4804 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 19:08:12.0068 4804 aspnet_state - ok 19:08:12.0096 4804 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 19:08:12.0154 4804 AsyncMac - ok 19:08:12.0180 4804 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 19:08:12.0196 4804 atapi - ok 19:08:12.0239 4804 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 19:08:12.0318 4804 AudioEndpointBuilder - ok 19:08:12.0331 4804 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 19:08:12.0375 4804 AudioSrv - ok 19:08:12.0452 4804 [ C6F4C466B654C1BE98AF31418BB5AC30 ] AVM WLAN Connection Service C:\Program Files (x86)\avmwlanstick\WlanNetService.exe 19:08:12.0481 4804 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - warning 19:08:12.0481 4804 AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic (1) 19:08:12.0532 4804 [ 1DC2F715792CF33428AD7993ACBD224D ] avmeject C:\Windows\system32\drivers\avmeject.sys 19:08:12.0551 4804 avmeject - ok 19:08:12.0620 4804 [ AEFC1353D0FB4E92A23CFB7E3372356D ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe 19:08:12.0636 4804 AVP - ok 19:08:12.0670 4804 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 19:08:12.0752 4804 AxInstSV - ok 19:08:12.0795 4804 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 19:08:12.0856 4804 b06bdrv - ok 19:08:12.0927 4804 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 19:08:12.0965 4804 b57nd60a - ok 19:08:12.0990 4804 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 19:08:13.0039 4804 BDESVC - ok 19:08:13.0057 4804 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 19:08:13.0117 4804 Beep - ok 19:08:13.0164 4804 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 19:08:13.0226 4804 BFE - ok 19:08:13.0273 4804 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 19:08:13.0341 4804 BITS - ok 19:08:13.0373 4804 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 19:08:13.0406 4804 blbdrive - ok 19:08:13.0438 4804 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 19:08:13.0479 4804 bowser - ok 19:08:13.0488 4804 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 19:08:13.0528 4804 BrFiltLo - ok 19:08:13.0545 4804 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 19:08:13.0564 4804 BrFiltUp - ok 19:08:13.0591 4804 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 19:08:13.0618 4804 Browser - ok 19:08:13.0633 4804 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 19:08:13.0696 4804 Brserid - ok 19:08:13.0712 4804 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 19:08:13.0747 4804 BrSerWdm - ok 19:08:13.0764 4804 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 19:08:13.0799 4804 BrUsbMdm - ok 19:08:13.0816 4804 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 19:08:13.0833 4804 BrUsbSer - ok 19:08:13.0839 4804 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 19:08:13.0861 4804 BTHMODEM - ok 19:08:13.0900 4804 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 19:08:13.0943 4804 bthserv - ok 19:08:13.0964 4804 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 19:08:14.0018 4804 cdfs - ok 19:08:14.0056 4804 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 19:08:14.0094 4804 cdrom - ok 19:08:14.0125 4804 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 19:08:14.0180 4804 CertPropSvc - ok 19:08:14.0207 4804 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 19:08:14.0227 4804 circlass - ok 19:08:14.0265 4804 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 19:08:14.0289 4804 CLFS - ok 19:08:14.0342 4804 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 19:08:14.0360 4804 clr_optimization_v2.0.50727_32 - ok 19:08:14.0397 4804 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 19:08:14.0413 4804 clr_optimization_v2.0.50727_64 - ok 19:08:14.0457 4804 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 19:08:14.0484 4804 clr_optimization_v4.0.30319_32 - ok 19:08:14.0501 4804 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 19:08:14.0517 4804 clr_optimization_v4.0.30319_64 - ok 19:08:14.0536 4804 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 19:08:14.0565 4804 CmBatt - ok 19:08:14.0582 4804 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 19:08:14.0597 4804 cmdide - ok 19:08:14.0631 4804 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys 19:08:14.0685 4804 CNG - ok 19:08:14.0765 4804 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 19:08:14.0780 4804 Compbatt - ok 19:08:14.0809 4804 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 19:08:14.0845 4804 CompositeBus - ok 19:08:14.0863 4804 COMSysApp - ok 19:08:14.0871 4804 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 19:08:14.0886 4804 crcdisk - ok 19:08:14.0970 4804 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\Windows\system32\cryptsvc.dll 19:08:15.0016 4804 CryptSvc - ok 19:08:15.0058 4804 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys 19:08:15.0185 4804 CSC - ok 19:08:15.0235 4804 [ AB1201F8DE199E764DA9A32ABF71049C ] CSCrySec C:\Windows\system32\DRIVERS\CSCrySec.sys 19:08:15.0250 4804 CSCrySec - ok 19:08:15.0275 4804 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll 19:08:15.0319 4804 CscService - ok 19:08:15.0381 4804 [ 6E5B42219F1FE4A3D087D9D501E343D5 ] CSObjectsSrv C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe 19:08:15.0411 4804 CSObjectsSrv - ok 19:08:15.0430 4804 [ A6EED705BB510FA6B0F9F097165A3395 ] CSVirtualDiskDrv C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys 19:08:15.0444 4804 CSVirtualDiskDrv - ok 19:08:15.0484 4804 [ 485E158AC6777732F28798A7CCE2EC7E ] cxbu1x64 C:\Windows\system32\DRIVERS\cxbu1x64.sys 19:08:15.0528 4804 cxbu1x64 - ok 19:08:15.0579 4804 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 19:08:15.0644 4804 DcomLaunch - ok 19:08:15.0678 4804 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 19:08:15.0737 4804 defragsvc - ok 19:08:15.0769 4804 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 19:08:15.0827 4804 DfsC - ok 19:08:15.0866 4804 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 19:08:15.0929 4804 Dhcp - ok 19:08:15.0951 4804 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 19:08:16.0002 4804 discache - ok 19:08:16.0034 4804 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 19:08:16.0050 4804 Disk - ok 19:08:16.0086 4804 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys 19:08:16.0129 4804 dmvsc - ok 19:08:16.0154 4804 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 19:08:16.0211 4804 Dnscache - ok 19:08:16.0239 4804 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 19:08:16.0284 4804 dot3svc - ok 19:08:16.0432 4804 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 19:08:16.0537 4804 DPS - ok 19:08:16.0619 4804 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 19:08:16.0707 4804 drmkaud - ok 19:08:16.0805 4804 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 19:08:16.0844 4804 DXGKrnl - ok 19:08:16.0862 4804 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 19:08:16.0915 4804 EapHost - ok 19:08:17.0041 4804 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 19:08:17.0136 4804 ebdrv - ok 19:08:17.0163 4804 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 19:08:17.0213 4804 EFS - ok 19:08:17.0268 4804 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 19:08:17.0330 4804 ehRecvr - ok 19:08:17.0345 4804 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 19:08:17.0375 4804 ehSched - ok 19:08:17.0426 4804 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 19:08:17.0452 4804 elxstor - ok 19:08:17.0465 4804 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 19:08:17.0499 4804 ErrDev - ok 19:08:17.0550 4804 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 19:08:17.0610 4804 EventSystem - ok 19:08:17.0633 4804 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 19:08:17.0678 4804 exfat - ok 19:08:17.0757 4804 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 19:08:17.0813 4804 fastfat - ok 19:08:17.0864 4804 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 19:08:17.0921 4804 Fax - ok 19:08:17.0941 4804 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 19:08:17.0968 4804 fdc - ok 19:08:17.0998 4804 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 19:08:18.0058 4804 fdPHost - ok 19:08:18.0074 4804 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 19:08:18.0130 4804 FDResPub - ok 19:08:18.0137 4804 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 19:08:18.0155 4804 FileInfo - ok 19:08:18.0177 4804 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 19:08:18.0234 4804 Filetrace - ok 19:08:18.0256 4804 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 19:08:18.0273 4804 flpydisk - ok 19:08:18.0308 4804 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 19:08:18.0329 4804 FltMgr - ok 19:08:18.0382 4804 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll 19:08:18.0428 4804 FontCache - ok 19:08:18.0465 4804 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 19:08:18.0480 4804 FontCache3.0.0.0 - ok 19:08:18.0607 4804 [ 76FCBFD0C78DE110468B356F85EC6DB3 ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe 19:08:18.0631 4804 ForceWare Intelligent Application Manager (IAM) - ok 19:08:18.0644 4804 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 19:08:18.0660 4804 FsDepends - ok 19:08:18.0685 4804 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 19:08:18.0700 4804 Fs_Rec - ok 19:08:18.0745 4804 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 19:08:18.0767 4804 fvevol - ok 19:08:18.0821 4804 [ 15585492E45E2F30768B2D5B57929D99 ] fwlanusbn C:\Windows\system32\DRIVERS\fwlanusbn.sys 19:08:18.0880 4804 fwlanusbn - ok 19:08:18.0907 4804 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 19:08:18.0923 4804 gagp30kx - ok 19:08:18.0961 4804 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 19:08:19.0017 4804 gpsvc - ok 19:08:19.0081 4804 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 19:08:19.0094 4804 gupdate - ok 19:08:19.0110 4804 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 19:08:19.0124 4804 gupdatem - ok 19:08:19.0143 4804 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 19:08:19.0187 4804 hcw85cir - ok 19:08:19.0219 4804 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 19:08:19.0256 4804 HdAudAddService - ok 19:08:19.0282 4804 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 19:08:19.0315 4804 HDAudBus - ok 19:08:19.0333 4804 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 19:08:19.0365 4804 HidBatt - ok 19:08:19.0383 4804 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 19:08:19.0417 4804 HidBth - ok 19:08:19.0438 4804 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 19:08:19.0458 4804 HidIr - ok 19:08:19.0470 4804 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 19:08:19.0512 4804 hidserv - ok 19:08:19.0533 4804 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 19:08:19.0550 4804 HidUsb - ok 19:08:19.0583 4804 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 19:08:19.0650 4804 hkmsvc - ok 19:08:19.0673 4804 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 19:08:19.0715 4804 HomeGroupListener - ok 19:08:19.0771 4804 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 19:08:19.0800 4804 HomeGroupProvider - ok 19:08:19.0823 4804 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 19:08:19.0838 4804 HpSAMD - ok 19:08:19.0878 4804 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 19:08:19.0942 4804 HTTP - ok 19:08:19.0962 4804 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 19:08:19.0985 4804 hwpolicy - ok 19:08:20.0083 4804 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 19:08:20.0116 4804 i8042prt - ok 19:08:20.0192 4804 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 19:08:20.0215 4804 iaStorV - ok 19:08:20.0260 4804 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 19:08:20.0293 4804 idsvc - ok 19:08:20.0313 4804 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 19:08:20.0328 4804 iirsp - ok 19:08:20.0366 4804 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 19:08:20.0438 4804 IKEEXT - ok 19:08:20.0670 4804 [ CCEDD47ABD068C58C8513DEB785093BB ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 19:08:20.0756 4804 IntcAzAudAddService - ok 19:08:20.0786 4804 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 19:08:20.0800 4804 intelide - ok 19:08:20.0818 4804 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys 19:08:20.0845 4804 intelppm - ok 19:08:20.0880 4804 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 19:08:20.0935 4804 IPBusEnum - ok 19:08:20.0943 4804 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 19:08:20.0984 4804 IpFilterDriver - ok 19:08:21.0024 4804 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 19:08:21.0080 4804 iphlpsvc - ok 19:08:21.0089 4804 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 19:08:21.0107 4804 IPMIDRV - ok 19:08:21.0115 4804 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 19:08:21.0173 4804 IPNAT - ok 19:08:21.0202 4804 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 19:08:21.0238 4804 IRENUM - ok 19:08:21.0245 4804 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 19:08:21.0260 4804 isapnp - ok 19:08:21.0296 4804 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 19:08:21.0318 4804 iScsiPrt - ok 19:08:21.0344 4804 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 19:08:21.0360 4804 kbdclass - ok 19:08:21.0372 4804 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 19:08:21.0404 4804 kbdhid - ok 19:08:21.0426 4804 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 19:08:21.0442 4804 KeyIso - ok 19:08:21.0489 4804 [ 73BF91EFBE1F788D0615A396A9211A4B ] KL1 C:\Windows\system32\DRIVERS\kl1.sys 19:08:21.0512 4804 KL1 - ok 19:08:21.0543 4804 [ DC3CF56209C6A19124FEDEF1CBFAF55B ] kl2 C:\Windows\system32\DRIVERS\kl2.sys 19:08:21.0636 4804 kl2 - ok 19:08:21.0702 4804 [ 43D02C0E6BDCD216A01ECAE213A64F67 ] KLIF C:\Windows\system32\DRIVERS\klif.sys 19:08:21.0729 4804 KLIF - ok 19:08:21.0789 4804 [ 89FB5A33D7171B6D84F5EB721D5055E1 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys 19:08:21.0803 4804 KLIM6 - ok 19:08:21.0821 4804 [ 9468D07E91BA136D82415F5DFC1FE168 ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys 19:08:21.0939 4804 klmouflt - ok 19:08:21.0966 4804 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 19:08:21.0985 4804 KSecDD - ok 19:08:22.0016 4804 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 19:08:22.0035 4804 KSecPkg - ok 19:08:22.0064 4804 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 19:08:22.0119 4804 ksthunk - ok 19:08:22.0152 4804 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 19:08:22.0209 4804 KtmRm - ok 19:08:22.0256 4804 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 19:08:22.0313 4804 LanmanServer - ok 19:08:22.0375 4804 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 19:08:22.0434 4804 LanmanWorkstation - ok 19:08:22.0499 4804 [ 70FB6254E29150A7A4A39FDFFD306C33 ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe 19:08:22.0521 4804 LBTServ - ok 19:08:22.0552 4804 [ A03B765FF67E58BA75333C7C8C0D7706 ] LEqdUsb C:\Windows\system32\DRIVERS\LEqdUsb.Sys 19:08:22.0671 4804 LEqdUsb - ok 19:08:22.0712 4804 [ 389588725D419476F365370BED4FFE5A ] LHidEqd C:\Windows\system32\DRIVERS\LHidEqd.Sys 19:08:22.0727 4804 LHidEqd - ok 19:08:22.0743 4804 [ 1470EF17E02E82E4F43346DF9E9F11E1 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys 19:08:22.0758 4804 LHidFilt - ok 19:08:22.0792 4804 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 19:08:22.0843 4804 lltdio - ok 19:08:22.0881 4804 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 19:08:22.0946 4804 lltdsvc - ok 19:08:22.0968 4804 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 19:08:23.0027 4804 lmhosts - ok 19:08:23.0048 4804 [ 12814AE119E959437BEA3110F81BD188 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys 19:08:23.0065 4804 LMouFilt - ok 19:08:23.0101 4804 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 19:08:23.0119 4804 LSI_FC - ok 19:08:23.0137 4804 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 19:08:23.0154 4804 LSI_SAS - ok 19:08:23.0183 4804 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 19:08:23.0199 4804 LSI_SAS2 - ok 19:08:23.0220 4804 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 19:08:23.0238 4804 LSI_SCSI - ok 19:08:23.0270 4804 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 19:08:23.0329 4804 luafv - ok 19:08:23.0377 4804 [ B8EAC4507EB4655377B1E094FCE7F12E ] Macromedia Licensing Service C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe 19:08:23.0397 4804 Macromedia Licensing Service ( UnsignedFile.Multi.Generic ) - warning 19:08:23.0397 4804 Macromedia Licensing Service - detected UnsignedFile.Multi.Generic (1) 19:08:23.0425 4804 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 19:08:23.0455 4804 Mcx2Svc - ok 19:08:23.0461 4804 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 19:08:23.0478 4804 megasas - ok 19:08:23.0502 4804 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 19:08:23.0524 4804 MegaSR - ok 19:08:23.0563 4804 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 19:08:23.0622 4804 MMCSS - ok 19:08:23.0642 4804 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 19:08:23.0693 4804 Modem - ok 19:08:23.0761 4804 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 19:08:23.0791 4804 monitor - ok 19:08:23.0817 4804 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 19:08:23.0833 4804 mouclass - ok 19:08:23.0862 4804 [ 21B7ACEA1BB49C3371DD5427BF309D6A ] moufiltr C:\Windows\system32\DRIVERS\moufiltr.sys 19:08:23.0905 4804 moufiltr - ok 19:08:23.0923 4804 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 19:08:23.0957 4804 mouhid - ok 19:08:23.0976 4804 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 19:08:23.0994 4804 mountmgr - ok 19:08:24.0046 4804 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 19:08:24.0064 4804 MozillaMaintenance - ok 19:08:24.0084 4804 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 19:08:24.0103 4804 mpio - ok 19:08:24.0113 4804 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 19:08:24.0156 4804 mpsdrv - ok 19:08:24.0193 4804 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 19:08:24.0250 4804 MpsSvc - ok 19:08:24.0265 4804 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 19:08:24.0300 4804 MRxDAV - ok 19:08:24.0323 4804 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 19:08:24.0360 4804 mrxsmb - ok 19:08:24.0378 4804 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 19:08:24.0399 4804 mrxsmb10 - ok 19:08:24.0408 4804 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 19:08:24.0425 4804 mrxsmb20 - ok 19:08:24.0440 4804 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 19:08:24.0456 4804 msahci - ok 19:08:24.0476 4804 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 19:08:24.0496 4804 msdsm - ok 19:08:24.0509 4804 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 19:08:24.0544 4804 MSDTC - ok 19:08:24.0559 4804 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 19:08:24.0609 4804 Msfs - ok 19:08:24.0629 4804 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 19:08:24.0671 4804 mshidkmdf - ok 19:08:24.0681 4804 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 19:08:24.0699 4804 msisadrv - ok 19:08:24.0724 4804 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 19:08:24.0786 4804 MSiSCSI - ok 19:08:24.0792 4804 msiserver - ok 19:08:24.0821 4804 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 19:08:24.0874 4804 MSKSSRV - ok 19:08:24.0901 4804 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 19:08:24.0958 4804 MSPCLOCK - ok 19:08:24.0977 4804 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 19:08:25.0030 4804 MSPQM - ok 19:08:25.0066 4804 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 19:08:25.0089 4804 MsRPC - ok 19:08:25.0107 4804 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 19:08:25.0121 4804 mssmbios - ok 19:08:25.0127 4804 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 19:08:25.0179 4804 MSTEE - ok 19:08:25.0186 4804 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 19:08:25.0206 4804 MTConfig - ok 19:08:25.0224 4804 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 19:08:25.0241 4804 Mup - ok 19:08:25.0282 4804 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 19:08:25.0352 4804 napagent - ok 19:08:25.0395 4804 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 19:08:25.0446 4804 NativeWifiP - ok 19:08:25.0501 4804 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 19:08:25.0537 4804 NDIS - ok 19:08:25.0544 4804 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 19:08:25.0587 4804 NdisCap - ok 19:08:25.0614 4804 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 19:08:25.0656 4804 NdisTapi - ok 19:08:25.0673 4804 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 19:08:25.0714 4804 Ndisuio - ok 19:08:25.0723 4804 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 19:08:25.0779 4804 NdisWan - ok 19:08:25.0796 4804 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 19:08:25.0850 4804 NDProxy - ok 19:08:25.0875 4804 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 19:08:25.0935 4804 NetBIOS - ok 19:08:25.0957 4804 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 19:08:26.0012 4804 NetBT - ok 19:08:26.0029 4804 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 19:08:26.0048 4804 Netlogon - ok 19:08:26.0099 4804 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 19:08:26.0168 4804 Netman - ok 19:08:26.0207 4804 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 19:08:26.0234 4804 NetMsmqActivator - ok 19:08:26.0240 4804 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 19:08:26.0255 4804 NetPipeActivator - ok 19:08:26.0285 4804 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 19:08:26.0351 4804 netprofm - ok 19:08:26.0362 4804 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 19:08:26.0376 4804 NetTcpActivator - ok 19:08:26.0383 4804 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 19:08:26.0411 4804 NetTcpPortSharing - ok 19:08:26.0431 4804 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 19:08:26.0450 4804 nfrd960 - ok 19:08:26.0482 4804 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 19:08:26.0520 4804 NlaSvc - ok 19:08:26.0539 4804 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 19:08:26.0580 4804 Npfs - ok 19:08:26.0610 4804 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 19:08:26.0668 4804 nsi - ok 19:08:26.0691 4804 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 19:08:26.0748 4804 nsiproxy - ok 19:08:26.0787 4804 [ 13C0D9CBA38FFA6D0C9E721B5E7212A0 ] nSvcIp C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe 19:08:26.0803 4804 nSvcIp - ok 19:08:26.0869 4804 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 19:08:26.0920 4804 Ntfs - ok 19:08:26.0934 4804 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 19:08:26.0991 4804 Null - ok 19:08:27.0024 4804 [ 786DB821BFD57C0551DBBE4F75384A7D ] nusb3hub C:\Windows\system32\drivers\nusb3hub.sys 19:08:27.0152 4804 nusb3hub - ok 19:08:27.0179 4804 [ DAA8005CAF745042BB427A1ED7433354 ] nusb3xhc C:\Windows\system32\drivers\nusb3xhc.sys 19:08:27.0287 4804 nusb3xhc - ok 19:08:27.0340 4804 [ D60EB33D07A8C0D9CCA4265480A6CAB6 ] nvamacpi C:\Windows\system32\DRIVERS\NVAMACPI.sys 19:08:27.0408 4804 nvamacpi - ok 19:08:27.0451 4804 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys 19:08:27.0485 4804 NVENETFD - ok 19:08:27.0819 4804 [ C47D6B7299BA80A210BCAFA81AC978A1 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 19:08:28.0327 4804 nvlddmkm - ok 19:08:28.0413 4804 [ BD25E03EAD63AC3365F25175B4DBD56A ] NVNET C:\Windows\system32\DRIVERS\nvmf6264.sys 19:08:28.0434 4804 NVNET - ok 19:08:28.0474 4804 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 19:08:28.0493 4804 nvraid - ok 19:08:28.0515 4804 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 19:08:28.0533 4804 nvstor - ok 19:08:28.0569 4804 [ 71B6ECD3C56FBF12FB1968DA3953B703 ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys 19:08:28.0584 4804 nvstor64 - ok 19:08:28.0620 4804 [ 522845124DA947B2372C6F606CD105A8 ] nvsvc C:\Windows\system32\nvvsvc.exe 19:08:28.0638 4804 nvsvc - ok 19:08:28.0702 4804 [ A3A25E0509F67473B960DAF214828BE3 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 19:08:28.0752 4804 nvUpdatusService - ok 19:08:28.0775 4804 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 19:08:28.0792 4804 nv_agp - ok 19:08:28.0821 4804 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 19:08:28.0847 4804 ohci1394 - ok 19:08:28.0908 4804 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 19:08:28.0924 4804 ose - ok 19:08:29.0099 4804 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 19:08:29.0215 4804 osppsvc - ok 19:08:29.0279 4804 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 19:08:29.0325 4804 p2pimsvc - ok 19:08:29.0348 4804 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 19:08:29.0373 4804 p2psvc - ok 19:08:29.0413 4804 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 19:08:29.0446 4804 Parport - ok 19:08:29.0471 4804 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 19:08:29.0488 4804 partmgr - ok 19:08:29.0511 4804 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 19:08:29.0553 4804 PcaSvc - ok 19:08:29.0563 4804 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 19:08:29.0583 4804 pci - ok 19:08:29.0599 4804 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 19:08:29.0614 4804 pciide - ok 19:08:29.0631 4804 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 19:08:29.0652 4804 pcmcia - ok 19:08:29.0659 4804 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 19:08:29.0676 4804 pcw - ok 19:08:29.0706 4804 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 19:08:29.0771 4804 PEAUTH - ok 19:08:29.0837 4804 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 19:08:29.0892 4804 PeerDistSvc - ok 19:08:29.0966 4804 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 19:08:30.0172 4804 PerfHost - ok 19:08:30.0241 4804 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 19:08:30.0321 4804 pla - ok 19:08:30.0364 4804 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 19:08:30.0399 4804 PlugPlay - ok 19:08:30.0415 4804 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 19:08:30.0445 4804 PNRPAutoReg - ok 19:08:30.0473 4804 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 19:08:30.0493 4804 PNRPsvc - ok 19:08:30.0532 4804 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 19:08:30.0594 4804 PolicyAgent - ok 19:08:30.0627 4804 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 19:08:30.0687 4804 Power - ok 19:08:30.0752 4804 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 19:08:30.0808 4804 PptpMiniport - ok 19:08:30.0826 4804 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 19:08:30.0860 4804 Processor - ok 19:08:30.0903 4804 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 19:08:30.0946 4804 ProfSvc - ok 19:08:30.0963 4804 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 19:08:30.0981 4804 ProtectedStorage - ok 19:08:31.0008 4804 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 19:08:31.0064 4804 Psched - ok 19:08:31.0117 4804 [ DD3FD48D69F5FBBB21D46D1514C1C2DB ] PSI C:\Windows\system32\DRIVERS\psi_mf_amd64.sys 19:08:31.0163 4804 PSI - ok 19:08:31.0192 4804 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe 19:08:31.0210 4804 PSI_SVC_2 - ok 19:08:31.0252 4804 [ BC08F7F3C53CBEE68670ED1314E290FD ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys 19:08:31.0267 4804 PxHlpa64 - ok 19:08:31.0587 4804 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 19:08:31.0634 4804 ql2300 - ok 19:08:31.0655 4804 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 19:08:31.0673 4804 ql40xx - ok 19:08:31.0709 4804 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 19:08:31.0737 4804 QWAVE - ok 19:08:31.0751 4804 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 19:08:31.0784 4804 QWAVEdrv - ok 19:08:31.0805 4804 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 19:08:31.0846 4804 RasAcd - ok 19:08:31.0889 4804 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 19:08:31.0930 4804 RasAgileVpn - ok 19:08:31.0948 4804 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 19:08:32.0002 4804 RasAuto - ok 19:08:32.0020 4804 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 19:08:32.0069 4804 Rasl2tp - ok 19:08:32.0092 4804 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 19:08:32.0139 4804 RasMan - ok 19:08:32.0147 4804 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 19:08:32.0205 4804 RasPppoe - ok 19:08:32.0221 4804 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 19:08:32.0281 4804 RasSstp - ok 19:08:32.0311 4804 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 19:08:32.0356 4804 rdbss - ok 19:08:32.0364 4804 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 19:08:32.0397 4804 rdpbus - ok 19:08:32.0414 4804 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 19:08:32.0455 4804 RDPCDD - ok 19:08:32.0490 4804 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 19:08:32.0555 4804 RDPDR - ok 19:08:32.0570 4804 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 19:08:32.0620 4804 RDPENCDD - ok 19:08:32.0639 4804 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 19:08:32.0681 4804 RDPREFMP - ok 19:08:32.0770 4804 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 19:08:32.0818 4804 RdpVideoMiniport - ok 19:08:32.0845 4804 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 19:08:32.0940 4804 RDPWD - ok 19:08:32.0956 4804 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 19:08:32.0976 4804 rdyboost - ok 19:08:33.0000 4804 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 19:08:33.0046 4804 RemoteAccess - ok 19:08:33.0098 4804 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 19:08:33.0211 4804 RemoteRegistry - ok 19:08:33.0263 4804 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 19:08:33.0363 4804 RpcEptMapper - ok 19:08:33.0392 4804 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 19:08:33.0427 4804 RpcLocator - ok 19:08:33.0459 4804 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 19:08:33.0505 4804 RpcSs - ok 19:08:33.0538 4804 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 19:08:33.0582 4804 rspndr - ok 19:08:33.0609 4804 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys 19:08:33.0635 4804 s3cap - ok 19:08:33.0651 4804 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 19:08:33.0667 4804 SamSs - ok 19:08:33.0675 4804 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 19:08:33.0693 4804 sbp2port - ok 19:08:33.0709 4804 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 19:08:33.0756 4804 SCardSvr - ok 19:08:33.0770 4804 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 19:08:33.0822 4804 scfilter - ok 19:08:33.0861 4804 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 19:08:33.0930 4804 Schedule - ok 19:08:33.0962 4804 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 19:08:34.0002 4804 SCPolicySvc - ok 19:08:34.0022 4804 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 19:08:34.0073 4804 SDRSVC - ok 19:08:34.0095 4804 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 19:08:34.0154 4804 secdrv - ok 19:08:34.0174 4804 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 19:08:34.0215 4804 seclogon - ok 19:08:34.0289 4804 [ E43C0D32FF2D9A72F2D975B83B916964 ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe 19:08:34.0332 4804 Secunia PSI Agent - ok 19:08:34.0375 4804 [ CB2D183E27D1443F7D4CF10665B2BDED ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe 19:08:34.0403 4804 Secunia Update Agent - ok 19:08:34.0418 4804 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 19:08:34.0461 4804 SENS - ok 19:08:34.0483 4804 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 19:08:34.0522 4804 SensrSvc - ok 19:08:34.0550 4804 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 19:08:34.0594 4804 Serenum - ok 19:08:34.0618 4804 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 19:08:34.0648 4804 Serial - ok 19:08:34.0666 4804 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 19:08:34.0693 4804 sermouse - ok 19:08:34.0738 4804 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 19:08:34.0794 4804 SessionEnv - ok 19:08:34.0809 4804 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 19:08:34.0829 4804 sffdisk - ok 19:08:34.0847 4804 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 19:08:34.0878 4804 sffp_mmc - ok 19:08:34.0902 4804 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 19:08:34.0932 4804 sffp_sd - ok 19:08:34.0948 4804 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 19:08:34.0973 4804 sfloppy - ok 19:08:35.0006 4804 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 19:08:35.0068 4804 SharedAccess - ok 19:08:35.0100 4804 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 19:08:35.0148 4804 ShellHWDetection - ok 19:08:35.0172 4804 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 19:08:35.0190 4804 SiSRaid2 - ok 19:08:35.0211 4804 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 19:08:35.0229 4804 SiSRaid4 - ok 19:08:35.0290 4804 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 19:08:35.0353 4804 Smb - ok 19:08:35.0402 4804 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 19:08:35.0437 4804 SNMPTRAP - ok 19:08:35.0459 4804 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 19:08:35.0475 4804 spldr - ok 19:08:35.0516 4804 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 19:08:35.0555 4804 Spooler - ok 19:08:35.0647 4804 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 19:08:35.0758 4804 sppsvc - ok 19:08:35.0777 4804 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 19:08:35.0820 4804 sppuinotify - ok 19:08:35.0851 4804 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 19:08:35.0904 4804 srv - ok 19:08:35.0916 4804 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 19:08:35.0950 4804 srv2 - ok 19:08:35.0958 4804 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 19:08:35.0977 4804 srvnet - ok 19:08:36.0043 4804 [ 2F4595C0AFA2152D67AAE594DC461509 ] SSCBFS3 C:\Windows\system32\DRIVERS\sscbfs3.sys 19:08:36.0065 4804 SSCBFS3 - ok 19:08:36.0100 4804 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 19:08:36.0145 4804 SSDPSRV - ok 19:08:36.0156 4804 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 19:08:36.0199 4804 SstpSvc - ok 19:08:36.0223 4804 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 19:08:36.0239 4804 stexstor - ok 19:08:36.0290 4804 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 19:08:36.0324 4804 stisvc - ok 19:08:36.0356 4804 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys 19:08:36.0372 4804 storflt - ok 19:08:36.0396 4804 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll 19:08:36.0422 4804 StorSvc - ok 19:08:36.0446 4804 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys 19:08:36.0461 4804 storvsc - ok 19:08:36.0477 4804 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 19:08:36.0492 4804 swenum - ok 19:08:36.0560 4804 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 19:08:36.0595 4804 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning 19:08:36.0595 4804 SwitchBoard - detected UnsignedFile.Multi.Generic (1) 19:08:36.0625 4804 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 19:08:36.0694 4804 swprv - ok 19:08:36.0745 4804 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 19:08:36.0809 4804 SysMain - ok 19:08:36.0832 4804 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 19:08:36.0868 4804 TabletInputService - ok 19:08:36.0892 4804 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 19:08:36.0939 4804 TapiSrv - ok 19:08:36.0955 4804 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 19:08:37.0015 4804 TBS - ok 19:08:37.0094 4804 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\Windows\system32\drivers\tcpip.sys 19:08:37.0150 4804 Tcpip - ok 19:08:37.0192 4804 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 19:08:37.0237 4804 TCPIP6 - ok 19:08:37.0266 4804 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 19:08:37.0282 4804 tcpipreg - ok 19:08:37.0313 4804 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 19:08:37.0350 4804 TDPIPE - ok 19:08:37.0380 4804 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 19:08:37.0397 4804 TDTCP - ok 19:08:37.0426 4804 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 19:08:37.0481 4804 tdx - ok 19:08:37.0498 4804 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 19:08:37.0513 4804 TermDD - ok 19:08:37.0543 4804 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 19:08:37.0596 4804 TermService - ok 19:08:37.0610 4804 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 19:08:37.0633 4804 Themes - ok 19:08:37.0663 4804 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 19:08:37.0705 4804 THREADORDER - ok 19:08:37.0735 4804 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 19:08:37.0792 4804 TrkWks - ok 19:08:37.0847 4804 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 19:08:37.0889 4804 TrustedInstaller - ok 19:08:37.0911 4804 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 19:08:37.0967 4804 tssecsrv - ok 19:08:38.0006 4804 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 19:08:38.0030 4804 TsUsbFlt - ok 19:08:38.0054 4804 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 19:08:38.0127 4804 TsUsbGD - ok 19:08:38.0158 4804 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 19:08:38.0209 4804 tunnel - ok 19:08:38.0225 4804 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 19:08:38.0241 4804 uagp35 - ok 19:08:38.0264 4804 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 19:08:38.0323 4804 udfs - ok 19:08:38.0350 4804 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 19:08:38.0383 4804 UI0Detect - ok 19:08:38.0409 4804 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 19:08:38.0425 4804 uliagpkx - ok 19:08:38.0452 4804 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 19:08:38.0482 4804 umbus - ok 19:08:38.0500 4804 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 19:08:38.0528 4804 UmPass - ok 19:08:38.0556 4804 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll 19:08:38.0592 4804 UmRdpService - ok 19:08:38.0622 4804 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 19:08:38.0683 4804 upnphost - ok 19:08:38.0753 4804 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 19:08:38.0790 4804 usbaudio - ok 19:08:38.0879 4804 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 19:08:38.0918 4804 usbccgp - ok 19:08:38.0936 4804 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 19:08:38.0958 4804 usbcir - ok 19:08:38.0969 4804 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 19:08:38.0999 4804 usbehci - ok 19:08:39.0013 4804 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 19:08:39.0047 4804 usbhub - ok 19:08:39.0063 4804 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 19:08:39.0096 4804 usbohci - ok 19:08:39.0129 4804 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 19:08:39.0163 4804 usbprint - ok 19:08:39.0202 4804 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 19:08:39.0221 4804 usbscan - ok 19:08:39.0250 4804 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 19:08:39.0290 4804 USBSTOR - ok 19:08:39.0305 4804 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 19:08:39.0338 4804 usbuhci - ok 19:08:39.0372 4804 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 19:08:39.0430 4804 UxSms - ok 19:08:39.0449 4804 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 19:08:39.0464 4804 VaultSvc - ok 19:08:39.0498 4804 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 19:08:39.0513 4804 vdrvroot - ok 19:08:39.0541 4804 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 19:08:39.0599 4804 vds - ok 19:08:39.0622 4804 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 19:08:39.0640 4804 vga - ok 19:08:39.0652 4804 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 19:08:39.0708 4804 VgaSave - ok 19:08:39.0732 4804 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 19:08:39.0753 4804 vhdmp - ok 19:08:39.0798 4804 [ C2C95D62C90CA809240112B41C1765F2 ] vhidmini C:\Windows\system32\DRIVERS\walvhid.sys 19:08:39.0828 4804 vhidmini - ok 19:08:39.0842 4804 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 19:08:39.0857 4804 viaide - ok 19:08:39.0879 4804 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys 19:08:39.0899 4804 vmbus - ok 19:08:39.0917 4804 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 19:08:39.0958 4804 VMBusHID - ok 19:08:39.0964 4804 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 19:08:39.0981 4804 volmgr - ok 19:08:40.0005 4804 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 19:08:40.0030 4804 volmgrx - ok 19:08:40.0041 4804 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 19:08:40.0061 4804 volsnap - ok 19:08:40.0140 4804 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 19:08:40.0204 4804 vsmraid - ok 19:08:40.0251 4804 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 19:08:40.0346 4804 VSS - ok 19:08:40.0365 4804 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 19:08:40.0400 4804 vwifibus - ok 19:08:40.0438 4804 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 19:08:40.0486 4804 W32Time - ok 19:08:40.0506 4804 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 19:08:40.0537 4804 WacomPen - ok 19:08:40.0574 4804 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 19:08:40.0624 4804 WANARP - ok 19:08:40.0629 4804 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 19:08:40.0670 4804 Wanarpv6 - ok 19:08:40.0716 4804 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 19:08:40.0791 4804 wbengine - ok 19:08:40.0814 4804 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 19:08:40.0841 4804 WbioSrvc - ok 19:08:40.0860 4804 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 19:08:40.0907 4804 wcncsvc - ok 19:08:40.0928 4804 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 19:08:40.0978 4804 WcsPlugInService - ok 19:08:40.0991 4804 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 19:08:41.0006 4804 Wd - ok 19:08:41.0057 4804 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 19:08:41.0091 4804 Wdf01000 - ok 19:08:41.0109 4804 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 19:08:41.0196 4804 WdiServiceHost - ok 19:08:41.0201 4804 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 19:08:41.0224 4804 WdiSystemHost - ok 19:08:41.0238 4804 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 19:08:41.0279 4804 WebClient - ok 19:08:41.0308 4804 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 19:08:41.0370 4804 Wecsvc - ok 19:08:41.0387 4804 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 19:08:41.0430 4804 wercplsupport - ok 19:08:41.0458 4804 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 19:08:41.0503 4804 WerSvc - ok 19:08:41.0526 4804 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 19:08:41.0569 4804 WfpLwf - ok 19:08:41.0583 4804 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 19:08:41.0599 4804 WIMMount - ok 19:08:41.0635 4804 WinDefend - ok 19:08:41.0654 4804 WinHttpAutoProxySvc - ok 19:08:41.0704 4804 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 19:08:41.0750 4804 Winmgmt - ok 19:08:41.0824 4804 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 19:08:41.0900 4804 WinRM - ok 19:08:41.0947 4804 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 19:08:41.0978 4804 WinUsb - ok 19:08:42.0013 4804 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 19:08:42.0064 4804 Wlansvc - ok 19:08:42.0081 4804 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 19:08:42.0098 4804 WmiAcpi - ok 19:08:42.0127 4804 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 19:08:42.0177 4804 wmiApSrv - ok 19:08:42.0197 4804 WMPNetworkSvc - ok 19:08:42.0208 4804 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 19:08:42.0236 4804 WPCSvc - ok 19:08:42.0253 4804 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 19:08:42.0275 4804 WPDBusEnum - ok 19:08:42.0295 4804 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 19:08:42.0336 4804 ws2ifsl - ok 19:08:42.0352 4804 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 19:08:42.0391 4804 wscsvc - ok 19:08:42.0397 4804 WSearch - ok 19:08:42.0439 4804 WTService - ok 19:08:42.0521 4804 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 19:08:42.0588 4804 wuauserv - ok 19:08:42.0625 4804 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 19:08:42.0665 4804 WudfPf - ok 19:08:42.0685 4804 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 19:08:42.0712 4804 WUDFRd - ok 19:08:42.0729 4804 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 19:08:42.0758 4804 wudfsvc - ok 19:08:42.0790 4804 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll 19:08:42.0834 4804 WwanSvc - ok 19:08:42.0865 4804 ================ Scan global =============================== 19:08:42.0898 4804 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 19:08:42.0929 4804 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 19:08:42.0941 4804 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 19:08:42.0967 4804 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 19:08:43.0000 4804 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 19:08:43.0005 4804 [Global] - ok 19:08:43.0007 4804 ================ Scan MBR ================================== 19:08:43.0021 4804 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 19:08:43.0296 4804 \Device\Harddisk0\DR0 - ok 19:08:43.0302 4804 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1 19:08:43.0689 4804 \Device\Harddisk1\DR1 - ok 19:08:43.0694 4804 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2 19:08:44.0104 4804 \Device\Harddisk2\DR2 - ok 19:08:44.0105 4804 ================ Scan VBR ================================== 19:08:44.0122 4804 [ C2AC99F8C65496AF80A07451230959D7 ] \Device\Harddisk0\DR0\Partition1 19:08:44.0123 4804 \Device\Harddisk0\DR0\Partition1 - ok 19:08:44.0131 4804 [ BA0C10BCDAE9E8200BFC90393F03A9BF ] \Device\Harddisk0\DR0\Partition2 19:08:44.0132 4804 \Device\Harddisk0\DR0\Partition2 - ok 19:08:44.0154 4804 [ E431775C6483B9A027263829686DF97A ] \Device\Harddisk0\DR0\Partition3 19:08:44.0156 4804 \Device\Harddisk0\DR0\Partition3 - ok 19:08:44.0161 4804 [ DA5DEF75BB81028110FDB12E54669DC1 ] \Device\Harddisk1\DR1\Partition1 19:08:44.0165 4804 \Device\Harddisk1\DR1\Partition1 - ok 19:08:44.0169 4804 [ 192A0AEB188AE727484B2C87C1DBEA08 ] \Device\Harddisk2\DR2\Partition1 19:08:44.0170 4804 \Device\Harddisk2\DR2\Partition1 - ok 19:08:44.0172 4804 ============================================================ 19:08:44.0173 4804 Scan finished 19:08:44.0173 4804 ============================================================ 19:08:44.0192 5068 Detected object count: 3 19:08:44.0192 5068 Actual detected object count: 3 19:11:47.0166 5068 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - skipped by user 19:11:47.0166 5068 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:11:47.0168 5068 Macromedia Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user 19:11:47.0169 5068 Macromedia Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:11:47.0171 5068 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user 19:11:47.0171 5068 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:12:12.0921 4504 Deinitialize success |
16.06.2013, 18:18 | #4 |
/// Malware-holic | Sm.de und Delta-Search beim Laden von Chrome Hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
16.06.2013, 18:56 | #5 |
| Sm.de und Delta-Search beim Laden von Chrome Hiere kommt nun die Combofix-Log-Datei: Combofix Logfile: Combofix Logfile: Code:
ATTFilter ComboFix 13-06-15.01 - Bernd 16.06.2013 19:27:28.1.2 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.2047.878 [GMT 2:00] ausgeführt von:: c:\users\Arbeitskonto Bernd\Desktop\ComboFix.exe AV: Kaspersky PURE 2.0 *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} FW: Kaspersky PURE 2.0 *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} SP: Kaspersky PURE 2.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((( Dateien erstellt von 2013-05-16 bis 2013-06-16 )))))))))))))))))))))))))))))) . . 2013-06-16 17:37 . 2013-06-16 17:37 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-06-16 17:37 . 2013-06-16 17:37 -------- d-----w- c:\users\UpdatusUser.BERNDS-PC\AppData\Local\temp 2013-06-14 06:01 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{67DBE121-15AD-447D-8AC8-20BDEB6A7177}\mpengine.dll 2013-06-12 06:18 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-06-12 06:18 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll 2013-06-07 17:57 . 2013-06-07 17:57 -------- d-----w- c:\users\Arbeitskonto Bernd\AppData\Local\Apple 2013-06-06 14:00 . 2013-06-06 14:00 -------- d-----w- c:\users\Arbeitskonto Bernd\AppData\Local\Apple Computer 2013-06-06 14:00 . 2013-06-06 14:00 -------- d-----w- c:\users\Arbeitskonto Bernd\AppData\Roaming\Apple Computer 2013-06-06 13:59 . 2013-06-06 13:59 -------- d-----w- c:\program files (x86)\Safari 2013-06-06 13:58 . 2013-06-06 13:58 -------- d-----w- c:\users\Bernd\AppData\Local\Apple 2013-06-06 13:58 . 2013-06-06 13:58 -------- d-----w- c:\program files (x86)\Apple Software Update 2013-06-06 13:58 . 2013-06-06 13:58 -------- d-----w- c:\programdata\Apple 2013-05-31 07:58 . 2013-05-31 07:58 262552 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-13 18:42 . 2012-09-26 04:36 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-13 18:42 . 2012-09-26 04:36 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-06-12 07:55 . 2012-10-05 09:49 75825640 ----a-w- c:\windows\system32\MRT.exe 2013-05-13 10:40 . 2013-05-13 10:40 636760 ----a-w- c:\windows\system32\drivers\klif.sys 2013-05-09 08:52 . 2013-05-09 08:52 53248 ----a-r- c:\users\Bernd\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2013-05-09 08:52 . 2013-05-09 08:52 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2013-05-02 00:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-04-29 09:20 . 2013-04-29 09:20 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2013-04-29 09:20 . 2013-04-29 09:21 311200 ----a-w- c:\windows\system32\javaws.exe 2013-04-29 09:20 . 2013-04-29 09:20 188832 ----a-w- c:\windows\system32\javaw.exe 2013-04-29 09:20 . 2013-04-29 09:20 188320 ----a-w- c:\windows\system32\java.exe 2013-04-29 09:20 . 2012-10-04 09:25 971680 ----a-w- c:\windows\system32\deployJava1.dll 2013-04-29 09:20 . 2012-10-04 09:25 1092512 ----a-w- c:\windows\system32\npdeployJava1.dll 2013-04-13 05:49 . 2013-05-16 06:43 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49 . 2013-05-16 06:43 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49 . 2013-05-16 06:43 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49 . 2013-05-16 06:43 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45 . 2013-05-16 06:43 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45 . 2013-05-16 06:43 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-04-12 14:45 . 2013-04-24 06:15 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-10 06:01 . 2013-05-16 06:43 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-04-10 06:01 . 2013-05-16 06:43 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-04-10 03:30 . 2013-05-16 06:42 3153920 ----a-w- c:\windows\system32\win32k.sys 2013-03-29 19:42 . 2013-05-09 08:48 3379272 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys 2013-03-29 17:28 . 2013-03-29 17:28 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-03-29 17:27 . 2012-10-04 09:09 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-03-29 17:27 . 2012-10-04 09:09 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-03-29 16:04 . 2013-05-09 08:48 21170176 ----a-w- c:\windows\system32\RCoRes64.dat 2013-03-29 15:52 . 2013-05-09 08:48 914992 ----a-w- c:\windows\system32\SFSS_APO.dll 2013-03-27 14:57 . 2013-05-09 08:48 135240 ----a-w- c:\windows\system32\RCoInstII64.dll 2013-03-26 15:06 . 2013-05-09 08:48 2797128 ----a-w- c:\windows\system32\RtPgEx64.dll 2013-03-26 15:04 . 2013-05-09 08:47 2734624 ----a-w- c:\windows\system32\FMAPO64.dll 2013-03-26 13:40 . 2013-05-09 08:48 3693128 ----a-w- c:\windows\system32\RtkAPO64.dll 2013-03-26 12:38 . 2013-05-09 08:48 1659464 ----a-w- c:\windows\system32\RTSnMg64.cpl 2013-03-23 01:43 . 2013-05-09 08:47 208072 ----a-w- c:\windows\system32\AERTAC64.dll 2013-03-20 11:17 . 2013-05-09 08:48 9123608 ----a-w- c:\windows\system32\MaxxAudioVnA64.dll 2013-03-20 11:16 . 2013-05-09 08:47 1900312 ----a-w- c:\windows\system32\MaxxAudioRealtek264.dll 2013-03-20 11:16 . 2013-05-09 08:48 2102040 ----a-w- c:\windows\system32\WavesGUILib64.dll 2013-03-20 11:16 . 2013-05-09 08:47 910104 ----a-w- c:\windows\system32\MaxxAudioAPOShell64.dll 2013-03-19 06:04 . 2013-04-10 07:53 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-19 05:53 . 2013-05-16 06:42 48640 ----a-w- c:\windows\system32\wwanprotdim.dll 2013-03-19 05:53 . 2013-05-16 06:42 230400 ----a-w- c:\windows\system32\wwansvc.dll 2013-03-19 05:46 . 2013-04-10 07:53 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-19 05:04 . 2013-04-10 07:53 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04 . 2013-04-10 07:53 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47 . 2013-04-10 07:53 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-03-19 03:06 . 2013-04-10 07:53 112640 ----a-w- c:\windows\system32\smss.exe . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay] @="{69925D1B-6A0F-4413-861A-81AB98039DB9}" [HKEY_CLASSES_ROOT\CLSID\{69925D1B-6A0F-4413-861A-81AB98039DB9}] 2013-01-30 11:12 159488 ----a-w- c:\windows\SysWOW64\SSCbFsMntNtf3.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon] @="{dd230880-495a-11d1-b064-008048ec2fc5}" [HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}] 2012-08-30 20:24 496056 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\shellex.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2010-10-22 2105344] "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2013-04-25 1075296] "AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe" [2012-08-30 202328] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "GrpConv"="grpconv -o" [X] "*ForceDelete"="c:\users\Arbeitskonto Bernd\Downloads\adwcleaner.exe" [2013-06-16 648201] . c:\users\Arbeitskonto Bernd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{C28617FD-4FE7-4043-AD51-C8132CE90106}"= "c:\windows\SysWOW64\SSCbFsMntNtf3.dll" [2013-01-30 159488] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "EldosMountNotificator"= {C28617FD-4FE7-4043-AD51-C8132CE90106} - c:\windows\SysWOW64\SSCbFsMntNtf3.dll [2013-01-30 159488] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "SwitchBoard"=c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys;c:\windows\SYSNATIVE\drivers\avmeject.sys [x] R3 cxbu1x64;OEM USB Smart Card Reader;c:\windows\system32\DRIVERS\cxbu1x64.sys;c:\windows\SYSNATIVE\DRIVERS\cxbu1x64.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusbn.sys [x] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x] R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R4 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x] R4 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x] R4 WTService;WTService;c:\windows\system32\atwtusb.exe;c:\windows\SYSNATIVE\atwtusb.exe [x] S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys;c:\windows\SYSNATIVE\DRIVERS\CSCrySec.sys [x] S0 nvamacpi;NVIDIA Away Mode System;c:\windows\system32\DRIVERS\NVAMACPI.sys;c:\windows\SYSNATIVE\DRIVERS\NVAMACPI.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys;c:\windows\SYSNATIVE\DRIVERS\CSVirtualDiskDrv.sys [x] S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys;c:\windows\SYSNATIVE\DRIVERS\kl2.sys [x] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x] S2 CSObjectsSrv;Verwaltungsservice vom CryproStorage-System;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [x] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x] S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x] S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x] S3 SSCBFS3;SugarSync CallBack File System driver v3;c:\windows\system32\DRIVERS\sscbfs3.sys;c:\windows\SYSNATIVE\DRIVERS\sscbfs3.sys [x] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - 14211975 *Deregistered* - 14211975 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-06-07 07:10 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe . Inhalt des "geplante Tasks" Ordners . 2013-06-16 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-26 18:42] . 2013-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-15 05:50] . 2013-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-15 05:50] . 2013-06-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3566009820-3197285289-3489268995-1003Core.job - c:\users\Arbeitskonto Bernd\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-14 12:58] . 2013-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3566009820-3197285289-3489268995-1003UA.job - c:\users\Arbeitskonto Bernd\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-14 12:58] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1] @="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}" [HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}] 2013-05-02 15:16 3932048 ----a-w- c:\program files\Adobe\Adobe Creative Cloud Connection (64 Bit)\CloudSyncExt_v_1_0_500.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2] @="{853B7E05-C47D-4985-909A-D0DC5C6D7303}" [HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}] 2013-05-02 15:16 3932048 ----a-w- c:\program files\Adobe\Adobe Creative Cloud Connection (64 Bit)\CloudSyncExt_v_1_0_500.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3] @="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}" [HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}] 2013-05-02 15:16 3932048 ----a-w- c:\program files\Adobe\Adobe Creative Cloud Connection (64 Bit)\CloudSyncExt_v_1_0_500.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay] @="{69925D1B-6A0F-4413-861A-81AB98039DB9}" [HKEY_CLASSES_ROOT\CLSID\{69925D1B-6A0F-4413-861A-81AB98039DB9}] 2013-01-30 11:12 192256 ----a-w- c:\windows\System32\SSCbFsMntNtf3.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2013-04-16 14:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2013-04-16 14:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2013-04-16 14:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2013-04-16 14:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon] @="{dd230880-495a-11d1-b064-008048ec2fc5}" [HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}] 2012-08-30 20:26 566712 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\shellex.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp] @="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}" [HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}] 2013-06-05 18:50 2157408 ----a-w- c:\program files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending] @="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}" [HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}] 2013-06-05 18:50 2157408 ----a-w- c:\program files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot] @="{39D54CC2-69CF-43b4-B167-577D25E7F496}" [HKEY_CLASSES_ROOT\CLSID\{39D54CC2-69CF-43b4-B167-577D25E7F496}] 2013-06-05 18:50 2157408 ----a-w- c:\program files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared] @="{1574C9EF-7D58-488F-B358-8B78C1538F51}" [HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}] 2013-06-05 18:50 2157408 ----a-w- c:\program files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncSharedPending] @="{F7395C2E-A5D8-4a32-9536-5C6A9F1DC450}" [HKEY_CLASSES_ROOT\CLSID\{F7395C2E-A5D8-4a32-9536-5C6A9F1DC450}] 2013-06-05 18:50 2157408 ----a-w- c:\program files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-03-29 13513288] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-02-21 2991856] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-03-21 472992] "NVRaidService"="c:\program files\NVIDIA Corporation\Raid\nvraidservice.exe" [2010-04-09 291944] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "*WerKernelReporting"="c:\windows\SYSTEM32\WerFault.exe" [2009-07-14 415232] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{C28617FD-4FE7-4043-AD51-C8132CE90106}"= "c:\windows\system32\SSCbFsMntNtf3.dll" [2013-01-30 192256] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: An OneNote s&enden - c:\progra~2\Microsoft Office\Office14\ONBttnIE.dll/105 IE: Nach Microsoft E&xcel exportieren - c:\progra~2\Microsoft Office\Office14\EXCEL.EXE/3000 LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll TCP: DhcpNameServer = 192.168.178.1 FF - ProfilePath - c:\users\Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\wuk9gph8.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ FF - ExtSQL: 2013-04-29 14:22; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\wuk9gph8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF - ExtSQL: 2013-05-09 10:51; {F003DA68-8256-4b37-A6C4-350FA04494DF}; c:\program files\Logitech\SetPointP\LogiSmoothFirefoxExt . - - - - Entfernte verwaiste Registrierungseinträge - - - - . ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file) c:\users\Arbeitskonto Bernd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\Bernd\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file) SSODL-EldosMountNotificator REG_SZ {C28617FD-4FE7-4043-AD51-C8132CE90106}- - (no file) . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10zo_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10zo_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10zo.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10zo.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10zo.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10zo.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-06-16 19:41:15 ComboFix-quarantined-files.txt 2013-06-16 17:41 . Vor Suchlauf: 12 Verzeichnis(se), 103.728.500.736 Bytes frei Nach Suchlauf: 16 Verzeichnis(se), 103.326.089.216 Bytes frei . - - End Of File - - CDEFF20BA045AF2E0DB6AAC692267DA4 --- --- --- A36C5E4F47E84449FF07ED3517B43A31 [/CODE] Gruß Böni Geändert von Böni (16.06.2013 um 19:04 Uhr) |
16.06.2013, 19:04 | #6 |
/// Malware-holic | Sm.de und Delta-Search beim Laden von Chrome Hi, malwarebytes: Downloade Dir bitte Malwarebytes
__________________ --> Sm.de und Delta-Search beim Laden von Chrome |
16.06.2013, 22:01 | #7 |
| Sm.de und Delta-Search beim Laden von Chrome Log des Malwarebyte-Scans Code:
ATTFilter Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.06.16.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Bernd :: BERNDS-PC [Administrator] Schutz: Deaktiviert 16.06.2013 20:08:54 mbam-log-2013-06-16 (20-08-54).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|G:\|H:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 677251 Laufzeit: 2 Stunde(n), 38 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 G:\Downloads\agsetup183se.exe (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) nur zur Info: Bislang laden sich noch immer beim Öffnen von Chrome beide Programme (Sm.de;Delta-search) fleißig mit auf den Schirm .... |
17.06.2013, 13:54 | #8 |
/// Malware-holic | Sm.de und Delta-Search beim Laden von Chrome Immer mit der Ruhe, dass kommt jetzt drann. lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
17.06.2013, 15:07 | #9 |
| Sm.de und Delta-Search beim Laden von ChromeCode:
ATTFilter 7-Zip 9.20 (x64 edition) Igor Pavlov 27.09.2012 4,53MB 9.20.00.0 (notwendig) ABBYY FineReader 8.0 Professional Edition ABBYY Software House 26.09.2012 250MB 8.00.1095.4743 (notwendig) Adobe AIR Adobe Systems Incorporated 05.04.2013 3.6.0.6090 (notwendig) Adobe Creative Cloud Connection Adobe Systems Incorporated 30.04.2013 15,1MB 1.0.223.0 (notwendig) Adobe Edge Animate Adobe Systems Incorporated 30.04.2013 217MB 1.5 (notwendig) Adobe Edge Inspect Adobe Systems Incorporated 30.04.2013 65,3MB 1.0.388 (notwendig) Adobe Edge Reflow Preview Adobe Systems Incorporated 30.04.2013 54,1MB 0.12.9232 (notwendig) Adobe Exchange Panel Adobe Systems Incorporated 30.04.2013 45,3MB 1 (unbekannt) Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 05.04.2013 6,00MB 10.3.183.68 (unbekannt) Adobe Flash Player 11 Plugin Adobe Systems Incorporated 13.06.2013 6,00MB 11.7.700.224 (notwendig) Adobe Help Manager Adobe Systems Incorporated 05.04.2013 4.0.244 (notwendig) Adobe Photoshop CS6 Adobe Systems Incorporated 30.04.2013 2,92GB 13.0 (notwendig) Adobe Reader X (10.1.7) - Deutsch Adobe Systems Incorporated 16.05.2013 121MB 10.1.7 (notwendig) Adobe Touch App Plugins Adobe Systems Incorporated 30.04.2013 3,41MB 1.0 (unbekannt) Adobe Widget Browser Adobe Systems Incorporated. 05.04.2013 2.0 Build 348 (unbekannt) Apple Software Update Apple Inc. 06.06.2013 2,38MB 2.1.3.127 (nicht notwendig) Ashampoo Burning Studio 6 FREE v.6.81 Ashampoo GmbH & Co. KG 01.11.2012 34,0MB 6.8.1 (notwendig) Ashampoo Snap 5 v.5.1.5 Ashampoo GmbH & Co. KG 27.01.2013 43,4MB 5.1.5 (notwendig) Audacity 2.0.2 Audacity Team 27.09.2012 43,5MB 2.0.2 (notwendig) Audiograbber 1.83 SE Audiograbber 27.09.2012 1.83 SE (nicht notwendig) Audiograbber MP3-Plugin (64 bit) AG 27.09.2012 1.0 (nicht notwendig) AVM FRITZ!WLAN AVM Berlin 04.02.2013 (notwendig) AVS Screen Capture version 2.0.1 Online Media Technologies Ltd. 27.09.2012 (nicht notwendig) AVS Update Manager 1.0 Online Media Technologies Ltd. 27.09.2012 (nicht notwendig) AVS Video Editor 6 Online Media Technologies Ltd. 27.09.2012 (notwendig) AVS Video Recorder 2.5 Online Media Technologies Ltd. 27.09.2012 (notwendig) AVS4YOU Software Navigator 1.4 Online Media Technologies Ltd. 27.09.2012 (notwendig) calibre 64bit Kovid Goyal 12.02.2013 162MB 0.9.18 (nicht notwendig) Canon Easy-PhotoPrint EX 27.09.2012 (notwendig) Canon iP4800 series Printer Driver 27.09.2012 (notwendig) capella 7 capella software AG 15.11.2012 48,5MB 7.1.15 (notwendig) capella-scan 8 Ergänzungswörterbücher capella-software 17.04.2013 94,7MB 8.1.0 (notwendig) capella-scan 8.0 capella-software AG 17.04.2013 106MB 8.0.12 (notwendig) CCleaner Piriform 24.05.2013 4.02 CD-LabelPrint 27.09.2012 (notwendig) CorelDRAW Essentials 4 Corel Corporation 04.03.2013 (nicht notwendig) CorelDRAW Essentials 4 - Extra Content Corel Corporation 04.03.2013 (nicht notwendig) CorelDRAW Essentials 4 - Windows Shell Extension Corel Corporation 04.03.2013 2,93MB (nicht notwendig) CutePDF Writer 2.9 CutePDF.com 26.09.2012 2.9 (notwendig) Demo-capella-Vienna-orchestra 1.20 17.04.2013 (nicht notwendig) Direct MIDI to MP3 Converter Version 7.0.0.0 Piston Software 09.05.2013 14,6MB 7.0.0.0 (notwendig) Driver Genius Driver-Soft Inc. 09.05.2013 13,2MB 12.0 (notwendig) FileZilla Client 3.7.0.1 FileZilla Project 14.05.2013 17,6MB 3.7.0.1 (notwendig) Finale NotePad 2012 MakeMusic 06.03.2013 2012..r1.1 (notwendig) Free Notes & Office Ink 04.03.2013 (nicht notwendig) G&D StarSign USB Token für ELSTER Secunet Security Networks AG 11.02.2013 25,9MB 1.2.0 (notwendig) Google Chrome Google Inc. 17.06.2013 27.0.1453.110 (nicht notwendig) GPL Ghostscript Artifex Software Inc. 16.01.2013 9.06 (notwendig) Hear & Play Song Learner Pro Hear And Play 28.09.2012 2,17MB (notwendig) Inkscape 0.48.4 24.01.2013 0.48.4 (nicht notwendig) Java 7 Update 17 Oracle 29.03.2013 129MB 7.0.170 (nicht notwendig) Java 7 Update 21 (64-bit) Oracle 29.04.2013 128MB 7.0.210 (nicht notwendig) Kaspersky PURE 2.0 Kaspersky Lab 13.05.2013 12.0.2.733 (notwendig) LAME v3.99.3 (for Windows) 21.10.2012 1,52MB (notwendig) Logitech SetPoint 6.52 Logitech 09.05.2013 39,0MB 6.52.74 (nicht notwendig) Macromedia Dreamweaver MX 2004 Macromedia 26.09.2012 7.0 (notwendig) Macromedia Extension Manager Macromedia 26.09.2012 1.5 (nicht notwendig) Malwarebytes Anti-Malware Version 1.75.0.1300 Malwarebytes Corporation 16.06.2013 19,2MB 1.75.0.1300 MatheAss 8.2 MatheAss 27.09.2012 5,91MB (notwendig) Mein CEWE FOTOBUCH CEWE COLOR AG u Co. OHG 08.12.2012 266MB 5.0.1 (notwendig) Microsoft .NET Framework 4 Client Profile Microsoft Corporation 27.09.2012 38,8MB 4.0.30319 (unbekannt) Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 27.09.2012 2,93MB 4.0.30319(unbekannt) Microsoft .NET Framework 4 Extended Microsoft Corporation 17.05.2013 51,9MB 4.0.30319 (unbekannt) Microsoft Office Home and Student 2010 Microsoft Corporation 15.04.2013 14.0.6029.1000 (unbekannt) Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 27.09.2012 300KB 8.0.61001 (unbekannt) Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 31.01.2013 572KB 8.0.61000 (unbekannt) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 31.01.2013 240KB 9.0.30729.4148(unbekannt) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 26.09.2012 788KB 9.0.30729.6161(unbekannt) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 08.12.2012 234KB 9.0.30729(unbekannt) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 28.10.2012 240KB 9.0.30729(unbekannt) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 18.01.2013 228KB 9.0.30729.4148(unbekannt) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 26.09.2012 600KB 9.0.30729.6161(unbekannt) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 01.02.2013 13,8MB 10.0.40219(unbekannt) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 19.01.2013 15,0MB 10.0.40219(unbekannt) MIDI4all Webdesign-Forum.de 27.09.2012 MIDI4all 1.5 (nicht notwendig) Mozilla Firefox 21.0 (x86 de) Mozilla 31.05.2013 44,9MB 21.0 (notwendig) Mozilla Maintenance Service Mozilla 31.05.2013 333KB 21.0 (unbekannt) Mozilla Thunderbird 17.0.5 (x86 de) Mozilla 05.04.2013 41,9MB 17.0.5 (notwendig) NAVIGON Fresh 3.4.1 NAVIGON 28.10.2012 3.4.1 (notwendig) Notepad++ Notepad++ Team 15.05.2013 6.3.3 (notwendig) NVIDIA Display Control Panel NVIDIA Corporation 13.06.2013 135MB 6.14.11.9713 (notwendig) NVIDIA Drivers NVIDIA Corporation 13.06.2013 67,0MB 1.10.62.40 (notwendig) NVIDIA ForceWare Network Access Manager NVIDIA Corporation 13.06.2013 1.00.7325.0 (unbekannt) NVIDIA Grafiktreiber 307.83 NVIDIA Corporation 05.04.2013 307.83 (notwendig) NVIDIA MediaShield NVIDIA Corporation 13.06.2013 11.1.0.43 (unbekannt) NVIDIA Update 1.10.8 NVIDIA Corporation 05.04.2013 1.10.8 (notwendig) OpenOffice.org 3.4.1 Apache Software Foundation 26.09.2012 331MB 3.41.9593 (notwendig) PDF-Viewer Tracker Software Products Ltd 05.04.2013 54,9MB 2.5.210.0 (notwendig) Realtek High Definition Audio Driver Realtek Semiconductor Corp. 09.05.2013 6.0.1.6873(nicht notwendig) Safari Apple Inc. 06.06.2013 104MB 5.34.57.2 (nicht notwendig) Secunia PSI (3.0.0.6005) Secunia 05.04.2013 5,92MB 3.0.0.6005 (nicht notwendig) SugarSync SugarSync, Inc. 16.06.2013 2.0.24.113934 (nicht notwendig) Tablet Driver With Macrokey Manager 04.03.2013 4.13 (notwendig) Ulead PhotoImpact 11 Ulead System 26.09.2012 11.0 (notwendig) USB CCID Smartcard Reader - Version 1.2.1.2 USB CCID 11.02.2013 128KB 3.0.0.1 (notwendig) VLC media player 2.0.6 VideoLAN 29.04.2013 2.0.6 (notwendig) Winamp Nullsoft, Inc 17.01.2013 5.63 (notwendig) Winamp Erkennungs-Plug-in Nullsoft, Inc 17.01.2013 75,0KB 1.0.0.1 (unbekannt) |
18.06.2013, 15:30 | #10 |
/// Malware-holic | Sm.de und Delta-Search beim Laden von Chrome bdeinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Audiograbber : alle calibre Corel: alle Demo Free Notes Google Chrome Inkscape Java 7 Update 17 MIDI4all Safari SugarSync Öffne CCleaner, analysieren, starten, PC neustarten Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
18.06.2013, 16:36 | #11 |
| Sm.de und Delta-Search beim Laden von Chrome AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.303 - Datei am 18/06/2013 um 17:23:49 erstellt # Aktualisiert am 08/06/2013 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits) # Benutzer : Bernd - BERNDS-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Arbeitskonto Bernd\Downloads\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** ***** [Registrierungsdatenbank] ***** ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16490 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v21.0 (de) Datei : C:\Users\Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\wuk9gph8.default\prefs.js [OK] Die Datei ist sauber. Datei : C:\Users\Arbeitskonto Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\9xvjz5ff.default\prefs.js [OK] Die Datei ist sauber. ************************* AdwCleaner[S1].txt - [15204 octets] - [16/06/2013 14:18:50] AdwCleaner[S3].txt - [936 octets] - [18/06/2013 17:23:49] ########## EOF - \AdwCleaner[S3].txt - [995 octets] ########## Wegen Löschens von Sugar Sync meckert er mich nun beim Neustart an, er könne irgendwas nicht finden und ich solle Quit drücken. Naja wird sich regeln lassen ... |
18.06.2013, 17:10 | #12 |
/// Malware-holic | Sm.de und Delta-Search beim Laden von Chrome was ist irgendwas genau...? HitmanPro - Download - Filepony Lade bitte Hitmanpro, klicke auf Scan, nichts löschen. Klicke weiter. Log speichern und posten, bzw als xml exportieren, packen und anhängen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
18.06.2013, 18:12 | #13 |
| Sm.de und Delta-Search beim Laden von ChromeCode:
ATTFilter HitmanPro 3.7.6.201 www.hitmanpro.com Computer name . . . . : BERNDS-PC Windows . . . . . . . : 6.1.1.7601.X64/2 User name . . . . . . : BERNDS-PC\Bernd UAC . . . . . . . . . : Enabled License . . . . . . . : Free Scan date . . . . . . : 2013-06-18 18:59:42 Scan mode . . . . . . : Normal Scan duration . . . . : 8m 38s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 48 Objects scanned . . . : 1.675.753 Files scanned . . . . : 33.354 Remnants scanned . . : 573.240 files / 1.069.159 keys Potential Unwanted Programs _________________________________________________ HKU\S-1-5-21-3566009820-3197285289-3489268995-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro) HKU\S-1-5-21-3566009820-3197285289-3489268995-1003\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro) HKU\S-1-5-21-3566009820-3197285289-3489268995-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}\ (AskBar) HKU\S-1-5-21-3566009820-3197285289-3489268995-1003\Software\Microsoft\Internet Explorer\SearchScopes\bProtectorDefaultScope (Claro) HKU\S-1-5-21-3566009820-3197285289-3489268995-1003\Software\Microsoft\Windows\CurrentVersion\Ext\BPROTECTSETTINGS\ (Claro) HKU\S-1-5-21-3566009820-3197285289-3489268995-1003\Software\Wajam\ (Claro) |
18.06.2013, 18:31 | #14 |
/// Malware-holic | Sm.de und Delta-Search beim Laden von Chrome als text posten bitte. hitmanpro funde löschen lassen. CCleaner öffnen, extras, autostartliste, windows, als txt speichern und posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
18.06.2013, 22:30 | #15 |
| Sm.de und Delta-Search beim Laden von Chrome Text der Fehlermeldung: " The application resources could not be reloaded and the application must quit. Please try relaunching the application." Wie soll ich die Hitmanpro Funde löschen lassen? Da ist kein Befehl nach dem Scan. CCleaner Txt-Datei wie beschrieben: Code:
ATTFilter Ja HKCU:Run AshSnap C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe Ja HKCU:Run Sidebar Microsoft Corporation C:\Program Files\Windows Sidebar\sidebar.exe /autoRun Nein HKCU:Run SolidCapture C:\Program Files (x86)\SolidDocuments\SolidCapture\solidcapture.exe Ja HKCU:Run SugarSync SugarSync, Inc. "C:\Program Files (x86)\SugarSync\SugarSync.exe" -startInTray -usedelay=true Ja HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" Ja HKLM:Run AdobeAAMUpdater-1.0 Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" Ja HKLM:Run AdobeCS6ServiceManager Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin Ja HKLM:Run AVMWlanClient AVM Berlin C:\Program Files (x86)\avmwlanstick\wlangui.exe Ja HKLM:Run AVP Kaspersky Lab ZAO "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe" Ja HKLM:Run EvtMgr6 Logitech, Inc. C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming Nein HKLM:Run Logitech Download Assistant Microsoft Corporation C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch Nein HKLM:Run MacrokeyManager WTMKM.exe Ja HKLM:Run NVRaidService C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe Ja HKLM:Run RTHDVCPL Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s Nein HKLM:Run Ulead AutoDetector v2 Ulead Systems, Inc. C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe Nein HKLM:Run WinampAgent Nullsoft, Inc. "C:\Program Files (x86)\Winamp\winampa.exe" Ja HKLM:RunOnce *ForceDelete C:\Users\Arbeitskonto Bernd\Downloads\adwcleaner.exe /forcedelete Ja HKLM:RunOnce *WerKernelReporting Microsoft Corporation %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq Ja HKLM:RunOnce GrpConv grpconv -o Ja HKLM:RunOnce Malwarebytes Anti-Malware Malwarebytes Corporation C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent Ja HKLM:RunOnce Malwarebytes Anti-Malware (cleanup) Microsoft Corporation rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript Nein Startup Common Secunia PSI Tray.lnk Secunia C:\PROGRA~2\Secunia\PSI\psi_tray.exe Ja Startup User OpenOffice.org 3.4.1.lnk C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe |
Themen zu Sm.de und Delta-Search beim Laden von Chrome |
7-zip, acrobat update, application/pdf:, audiograbber, beseitigung, bho, cloud, delta-search, desktop, driver genius, error, firefox, flash player, format, helper, install.exe, installation, kaspersky, logfile, mozilla, msiinstaller, ntdll.dll, plug-in, problem, prozessor, realtek, registry, rundll, scan, secunia psi, security, senden, sm.de, stick, svchost.exe, tastatur, tracker, trojaner, windows |