| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojanisches Pferd "zeus2" auf meinem ComputerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
04.07.2013, 12:06
| #1 |
 |  Trojanisches Pferd "zeus2" auf meinem Computer Hallo, ich habe gestern einen Brief von der Bank bekommen, dass mein Online-Bankingzugang gesperrt wurde, weil von einem Computer auf das Online-Banking zugegriffen wurde, auf dem das Trojanische Pferd "zeus2" instralliert sei. Ich habe selbst keine Symptome bemerkt und auch noch nichts unternommen. Für Hilfe wäre ich sehr dankbar! Gruß, Connemara |
|
04.07.2013, 12:12
| #2 |
| /// Malware-holic   | Trojanisches Pferd "zeus2" auf meinem Computer hi,
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
04.07.2013, 12:50
| #3 |
| | Trojanisches Pferd "zeus2" auf meinem Computer OTL.txt:OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 04.07.2013 13:37:26 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hanna\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,93 Gb Total Physical Memory | 1,55 Gb Available Physical Memory | 52,81% Memory free 6,08 Gb Paging File | 4,44 Gb Available in Paging File | 72,96% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 288,08 Gb Total Space | 194,84 Gb Free Space | 67,63% Space Free | Partition Type: NTFS Computer Name: HANNA-PC | User Name: Hanna | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.04 13:36:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hanna\Desktop\OTL.exe PRC - [2013.05.25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Hanna\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.02.16 02:33:51 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2013.01.27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe PRC - [2013.01.27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe PRC - [2013.01.27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2012.12.12 11:28:14 | 000,163,000 | ---- | M] (Geek Software GmbH) -- C:\Program Files\PDF24\pdf24.exe PRC - [2010.09.07 21:10:54 | 000,604,416 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe PRC - [2010.07.05 17:12:00 | 000,544,768 | ---- | M] (Oberon Media ) -- C:\Program Files\GamesBar\SearchEngineProtection.exe PRC - [2010.03.22 17:19:11 | 001,540,096 | ---- | M] (Deutsche Telekom AG) -- C:\Program Files\Netzmanager\netzmanager.exe PRC - [2010.03.22 16:40:22 | 000,009,728 | ---- | M] (Deutsche Telekom AG) -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe PRC - [2009.11.11 16:17:02 | 000,771,360 | ---- | M] (Apple Inc.) -- C:\Program Files\AirPort\APAgent.exe PRC - [2009.07.06 19:07:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.06.27 12:33:18 | 006,244,896 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.06.11 12:18:30 | 000,024,576 | ---- | M] () -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe PRC - [2008.01.21 04:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2007.01.04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe ========== Modules (No Company Name) ========== MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Hanna\AppData\Roaming\Dropbox\bin\libcef.dll MOD - [2013.02.16 02:34:12 | 003,067,288 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Hanna\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll MOD - [2011.06.30 19:23:05 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll MOD - [2011.06.30 19:21:14 | 001,070,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\3fb6b9b320c78fa02be3fa8ce26b7559\System.IdentityModel.ni.dll MOD - [2011.06.30 19:21:11 | 002,345,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\0393b1448497e28ae9bbfed9be19bd3e\System.Runtime.Serialization.ni.dll MOD - [2011.06.30 19:21:06 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\06bb41fe681650a017fa2c99e197edf0\SMDiagnostics.ni.dll MOD - [2011.06.30 19:21:04 | 017,403,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\0dd1924dbe8ac43b923a28409d351619\System.ServiceModel.ni.dll MOD - [2011.06.30 19:20:18 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll MOD - [2011.06.30 19:19:59 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\fdbb4d76b37aada9010c49a6e09da067\System.Transactions.ni.dll MOD - [2011.06.30 19:19:58 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\1c06ada12457242969cdc35d5af12b01\System.EnterpriseServices.ni.dll MOD - [2011.06.30 19:19:26 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll MOD - [2011.06.30 19:06:47 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll MOD - [2011.06.30 19:06:05 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll MOD - [2011.06.30 19:05:37 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll MOD - [2011.06.30 19:04:15 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6bebfe5b7776c84cb38efdb2a7c9d447\PresentationFramework.Aero.ni.dll MOD - [2011.06.30 19:04:13 | 014,327,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\415ef2ec8cbd9f3368da6ade10beae26\PresentationFramework.ni.dll MOD - [2011.06.30 19:03:30 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c1498ba4652483d5adddd4c5d3927170\PresentationCore.ni.dll MOD - [2011.06.30 19:02:56 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\29d729043903b7b4b2ea695db220d866\WindowsBase.ni.dll MOD - [2011.06.30 19:02:30 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll MOD - [2011.06.28 13:39:54 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll MOD - [2008.07.27 20:03:15 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2008.07.27 20:03:09 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll MOD - [2008.07.27 20:03:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2008.07.27 20:03:08 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2008.07.04 04:02:58 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_de_b77a5c561934e089\System.ServiceModel.resources.dll MOD - [2008.07.04 04:02:58 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_de_b77a5c561934e089\System.Runtime.Serialization.resources.dll MOD - [2008.04.04 03:00:58 | 000,003,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll ========== Services (SafeList) ========== SRV - [2013.06.12 13:25:01 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.02.16 02:34:06 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.01.27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2013.01.27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2010.09.07 21:10:54 | 000,604,416 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc) SRV - [2010.09.07 21:10:48 | 000,361,216 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2010.03.22 16:40:22 | 000,009,728 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.04.27 14:21:36 | 000,028,928 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2008.06.11 12:18:30 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe -- (ETService) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.01.04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\zpnnlqgu.sys -- (zpnnlqgu) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\zhhohjdn.sys -- (zhhohjdn) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ycqhnloq.sys -- (ycqhnloq) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\xvysrriv.sys -- (xvysrriv) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\wpmqlqgd.sys -- (wpmqlqgd) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\wpddpvvm.sys -- (wpddpvvm) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\wikoztsj.sys -- (wikoztsj) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\whqdilhl.sys -- (whqdilhl) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\wgriqhda.sys -- (wgriqhda) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\wduvamgn.sys -- (wduvamgn) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\vlqoefga.sys -- (vlqoefga) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\vildfska.sys -- (vildfska) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\vhmlfgnv.sys -- (vhmlfgnv) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\vewtcbpb.sys -- (vewtcbpb) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ujaqhsqy.sys -- (ujaqhsqy) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\uepbqtfa.sys -- (uepbqtfa) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\szfeofbd.sys -- (szfeofbd) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\sukifpdx.sys -- (sukifpdx) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\smdnbrfu.sys -- (smdnbrfu) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\sejafszk.sys -- (sejafszk) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\sdyslqfg.sys -- (sdyslqfg) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\saeacjqj.sys -- (saeacjqj) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\rulvxbun.sys -- (rulvxbun) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\rpxapolq.sys -- (rpxapolq) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\rhkplgwu.sys -- (rhkplgwu) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\rgxkmttj.sys -- (rgxkmttj) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\qstzxuhm.sys -- (qstzxuhm) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\qpqgvjav.sys -- (qpqgvjav) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\qkvropkb.sys -- (qkvropkb) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\qikqudhb.sys -- (qikqudhb) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\qhqacqdw.sys -- (qhqacqdw) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\qaguxzum.sys -- (qaguxzum) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\pyofpkri.sys -- (pyofpkri) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\pqjnmqma.sys -- (pqjnmqma) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\pcbiiwiv.sys -- (pcbiiwiv) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\oqvnraux.sys -- (oqvnraux) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ookslhnv.sys -- (ookslhnv) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ojutlavf.sys -- (ojutlavf) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\nzmbgvme.sys -- (nzmbgvme) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\nmakobim.sys -- (nmakobim) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\mpelvrzl.sys -- (mpelvrzl) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\mfjmcbdz.sys -- (mfjmcbdz) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\lqybegeo.sys -- (lqybegeo) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\lpptswil.sys -- (lpptswil) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\loctzsie.sys -- (loctzsie) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\lksnseyp.sys -- (lksnseyp) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\lguaqttw.sys -- (lguaqttw) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\lfssgnvy.sys -- (lfssgnvy) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\kquxfouq.sys -- (kquxfouq) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\klrntvnk.sys -- (klrntvnk) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\jyftkbgr.sys -- (jyftkbgr) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\jnbosovs.sys -- (jnbosovs) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\jmzsylmz.sys -- (jmzsylmz) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\iugnudez.sys -- (iugnudez) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\huotufyo.sys -- (huotufyo) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\hmzcnucm.sys -- (hmzcnucm) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\hmhwazky.sys -- (hmhwazky) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\gvcruzyt.sys -- (gvcruzyt) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\gqtapwpm.sys -- (gqtapwpm) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\gnuwogzg.sys -- (gnuwogzg) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\gnkropup.sys -- (gnkropup) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\gksmkjpj.sys -- (gksmkjpj) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ggxxvjrb.sys -- (ggxxvjrb) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\fpugudpo.sys -- (fpugudpo) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ekmlgvdv.sys -- (ekmlgvdv) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\egxmgzqs.sys -- (egxmgzqs) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ebfgapfz.sys -- (ebfgapfz) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\dvinguwj.sys -- (dvinguwj) DRV - File not found [Kernel | System | Stopped] -- C:\PROGRA~1\LAUNCH~1\DPortIO.sys -- (DritekPortIO) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\dpjqrnkw.sys -- (dpjqrnkw) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\dhomzlpo.sys -- (dhomzlpo) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\dgkupvxr.sys -- (dgkupvxr) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\cxtarluf.sys -- (cxtarluf) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\cuybmpcq.sys -- (cuybmpcq) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\cdvczbkm.sys -- (cdvczbkm) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\cbjmreek.sys -- (cbjmreek) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\brqnibiq.sys -- (brqnibiq) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\bkgrynvj.sys -- (bkgrynvj) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\bhckyxba.sys -- (bhckyxba) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\azimzwac.sys -- (azimzwac) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\assfgepf.sys -- (assfgepf) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\asrwumcr.sys -- (asrwumcr) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ashqevxg.sys -- (ashqevxg) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\aqkhnymt.sys -- (aqkhnymt) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\amdcsfmn.sys -- (amdcsfmn) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\afwmrqtc.sys -- (afwmrqtc) DRV - [2013.01.20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2010.06.23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008.06.11 12:13:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2008.02.18 16:09:40 | 000,166,960 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2007.04.17 21:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0209&m=e720 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0209&m=e720 IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0209&m=e720 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {BB17F21B-B06E-41FE-A424-F1E51D59C2C0} IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVSV5&o=15012&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U9&apn_dtid=YYY-YYYB3&apn_uid=64054D15-A545-4E54-9860-13A8BAB636E6&apn_sauid=FC6D164B-2096-413C-AECF-CA85761E4C58 IE - HKCU\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = hxxp://start.iplay.com/searchresults.aspx?o=chrome&q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\..\SearchScopes\{BB17F21B-B06E-41FE-A424-F1E51D59C2C0}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACEW_de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "Elf 1.15 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2866295&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/webhp?rls=ig" FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.8.3 FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.100008 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.6.0.10 FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.6.0.10 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.0.19 FF - prefs.js..extensions.enabledItems: {f4e6547e-325b-403c-a3bb-ad29ed37a92f}:3.6.0.10 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}:3.6.0.10 FF - prefs.js..extensions.enabledItems: gamesbar@oberon-media.com:1.2.1.94 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media ) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\program files\Mozilla Firefox\components [2013.02.22 12:08:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\program files\Mozilla Firefox\plugins [2013.05.15 15:26:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.06.27 09:56:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Hanna\AppData\Roaming\14001.019 [2012.08.30 22:22:44 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.06.27 09:56:04 | 000,000,000 | ---D | M] [2009.11.22 00:10:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hanna\AppData\Roaming\mozilla\Extensions [2012.11.24 23:28:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hanna\AppData\Roaming\mozilla\Firefox\Profiles\i9p06hy1.default\extensions [2011.12.12 20:41:02 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Hanna\AppData\Roaming\mozilla\Firefox\Profiles\i9p06hy1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(7) [2012.10.25 20:17:53 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Hanna\AppData\Roaming\mozilla\Firefox\Profiles\i9p06hy1.default\extensions\firefox@ghostery.com [2012.11.24 23:28:07 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Hanna\AppData\Roaming\mozilla\Firefox\Profiles\i9p06hy1.default\extensions\ich@maltegoetz.de [2012.08.07 19:22:18 | 000,002,396 | ---- | M] () -- C:\Users\Hanna\AppData\Roaming\mozilla\firefox\profiles\i9p06hy1.default\searchplugins\askcom.xml [2012.04.30 19:32:54 | 000,000,919 | ---- | M] () -- C:\Users\Hanna\AppData\Roaming\mozilla\firefox\profiles\i9p06hy1.default\searchplugins\conduit.xml [2009.12.27 22:04:35 | 000,002,321 | ---- | M] () -- C:\Users\Hanna\AppData\Roaming\mozilla\firefox\profiles\i9p06hy1.default\searchplugins\forestle-de.xml [2013.02.22 12:08:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013.02.16 02:34:54 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2013.02.16 06:15:47 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.16 06:15:47 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.02.16 06:15:47 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.02.16 06:15:47 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.01.08 22:32:42 | 000,001,456 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober19111479.xml [2013.02.16 06:15:47 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.16 06:15:47 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com O1 HOSTS File: ([2010.04.30 14:56:08 | 000,001,798 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 adobe.activate.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 www.adobeereg.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 125.252.224.90 O1 - Hosts: 127.0.0.1 125.252.224.91 O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files\AirPort\APAgent.exe (Apple Inc.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\EMACHINES\WR_PopUp\WarReg_PopUp.exe (eMachines) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [{0C6A3A70-0304-0E2A-A1CE-9AA25A0A27EE}] C:\Users\Hanna\AppData\Roaming\Qaifu\soidl.exe (Xeneso Oput) O4 - HKCU..\Run: [FilterHost] C:\Users\Hanna\AppData\Roaming\mmserver\FilterHost.exe (Synatix GmbH) O4 - HKCU..\Run: [NvCplDaemonTool] rundll32.exe C:\Users\Hanna\floadu1C.dll,_IWMPEvents File not found O4 - HKCU..\Run: [SearchEngineProtection] C:\Program Files\GamesBar\SearchEngineProtection.exe (Oberon Media ) O4 - Startup: C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Hanna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk = C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O8 - Extra context menu item: Free YouTube Download - C:\Users\Hanna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Hanna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra 'Tools' menuitem : GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - Reg Error: Value error. File not found O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5DE2AF7-7FDA-4FA8-87BF-290CD98962D2}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5DE2AF7-7FDA-4FA8-87BF-290CD98962D2}: NameServer = 208.67.222.222,208.67.220.220 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DAE15BB4-E5D7-4D17-BBE1-F64F678EB3B0}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Hanna\Pictures\Bild 023.jpg O24 - Desktop BackupWallPaper: C:\Users\Hanna\Pictures\Bild 023.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{02444e18-13e9-11de-ade5-00235a531a7b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn O33 - MountPoints2\{0f762ed8-05f2-11df-a6f6-00235a531a7b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn O33 - MountPoints2\{14de9494-d939-11de-871a-00235a531a7b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn O33 - MountPoints2\{196c663e-65c1-11df-a402-00235a531a7b}\Shell - "" = AutoRun O33 - MountPoints2\{196c663e-65c1-11df-a402-00235a531a7b}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{196c6651-65c1-11df-a402-00235a531a7b}\Shell - "" = AutoRun O33 - MountPoints2\{196c6651-65c1-11df-a402-00235a531a7b}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{1fdae04a-dc25-11de-8c6e-00235a531a7b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn O33 - MountPoints2\{898d2c65-c95f-11de-8bb1-00235a531a7b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn O33 - MountPoints2\{97fe7507-78a6-11df-b555-00235a531a7b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn O33 - MountPoints2\{db31fb8c-f3c8-11de-abe5-00235a531a7b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn O33 - MountPoints2\{db74c945-1183-11df-9e01-00235a531a7b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn O33 - MountPoints2\{db74c97f-1183-11df-9e01-00235a531a7b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.07.04 13:36:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hanna\Desktop\OTL.exe [2013.06.27 09:56:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2013.06.25 16:31:19 | 000,000,000 | ---D | C] -- C:\Users\Hanna\Desktop\Irland England [2013.06.18 16:00:11 | 000,000,000 | ---D | C] -- C:\Users\Hanna\Desktop\Kindergeld [2 C:\Users\Hanna\AppData\Roaming\*.tmp files -> C:\Users\Hanna\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.07.04 13:36:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hanna\Desktop\OTL.exe [2013.07.04 13:35:13 | 000,000,000 | ---- | M] () -- C:\Users\Hanna\defogger_reenable [2013.07.04 13:33:34 | 000,050,477 | ---- | M] () -- C:\Users\Hanna\Desktop\Defogger.exe [2013.07.04 13:25:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.07.04 13:24:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.07.04 12:52:15 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2013.07.04 12:52:13 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2013.07.04 12:52:11 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.07.04 12:52:02 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.04 12:52:02 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.04 12:51:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.03 02:57:54 | 000,002,693 | ---- | M] () -- C:\Users\Hanna\.recently-used.xbel [2013.07.02 09:23:56 | 000,163,528 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.07.02 09:23:56 | 000,065,938 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.07.02 09:23:56 | 000,017,656 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.07.02 09:23:56 | 000,009,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.06.26 13:20:19 | 000,000,983 | ---- | M] () -- C:\Users\Hanna\Desktop\Dropbox.lnk [2013.06.25 11:50:01 | 000,175,949 | ---- | M] () -- C:\Users\Hanna\Desktop\Flyer C.A. Krankenpflege_2012.pdf [2013.06.15 16:08:22 | 000,225,254 | ---- | M] () -- C:\Users\Hanna\Desktop\IRISH DANCE FERIENPLAN.pdf [2013.06.12 10:22:27 | 000,001,224 | ---- | M] () -- C:\Windows\WININIT.INI [2013.06.12 10:22:27 | 000,000,993 | ---- | M] () -- C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2 C:\Users\Hanna\AppData\Roaming\*.tmp files -> C:\Users\Hanna\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.07.04 13:35:13 | 000,000,000 | ---- | C] () -- C:\Users\Hanna\defogger_reenable [2013.07.04 13:33:33 | 000,050,477 | ---- | C] () -- C:\Users\Hanna\Desktop\Defogger.exe [2013.07.03 02:57:54 | 000,002,693 | ---- | C] () -- C:\Users\Hanna\.recently-used.xbel [2013.06.26 13:20:19 | 000,000,983 | ---- | C] () -- C:\Users\Hanna\Desktop\Dropbox.lnk [2013.06.25 11:50:00 | 000,175,949 | ---- | C] () -- C:\Users\Hanna\Desktop\Flyer C.A. Krankenpflege_2012.pdf [2013.06.15 16:08:20 | 000,225,254 | ---- | C] () -- C:\Users\Hanna\Desktop\IRISH DANCE FERIENPLAN.pdf [2012.09.11 22:57:35 | 000,065,536 | ---- | C] () -- C:\Users\Hanna\AppData\Roaming\i9p06hy1.default.dat [2012.08.31 12:11:13 | 000,007,424 | ---- | C] () -- C:\Users\Hanna\AppData\Roaming\BAcroIEHelpe205.dll [2012.08.28 13:20:02 | 000,006,400 | ---- | C] () -- C:\Users\Hanna\AppData\Roaming\BAcroIEHelpe202.dll [2012.08.20 15:12:58 | 000,006,400 | ---- | C] () -- C:\Users\Hanna\AppData\Roaming\BAcroIEHelpe195.dll [2012.08.08 14:19:21 | 000,006,400 | ---- | C] () -- C:\Users\Hanna\AppData\Roaming\BAcroIEHelpe184.dll [2012.08.07 13:03:07 | 000,006,400 | ---- | C] () -- C:\Users\Hanna\AppData\Roaming\BAcroIEHelpe182.dll [2012.08.04 11:58:40 | 000,000,069 | ---- | C] () -- C:\Users\Hanna\AppData\Roaming\urhtps.dat [2012.08.03 21:21:07 | 000,006,400 | ---- | C] () -- C:\Users\Hanna\AppData\Roaming\BAcroIEHelpe180.dll [2012.07.27 16:33:24 | 000,000,034 | ---- | C] () -- C:\Users\Hanna\AppData\Roaming\blckdom.res [2012.07.26 13:20:41 | 004,503,728 | ---- | C] () -- C:\ProgramData\0tbpw.pad [2011.07.21 14:06:50 | 000,015,364 | -H-- | C] () -- C:\Users\Hanna\.DS_Store [2010.09.21 11:19:45 | 000,000,680 | ---- | C] () -- C:\Users\Hanna\AppData\Local\d3d9caps.dat [2009.11.21 23:52:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.07.12 13:14:01 | 000,024,206 | ---- | C] () -- C:\Users\Hanna\AppData\Roaming\UserTile.png [2009.03.27 16:39:30 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini [2009.03.20 16:58:24 | 000,071,680 | ---- | C] () -- C:\Users\Hanna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.03.18 20:46:11 | 000,000,326 | ---- | C] () -- C:\Users\Hanna\AppData\Roaming\wklnhst.dat [2001.01.04 01:01:22 | 000,101,820 | ---- | C] () -- C:\Users\Hanna\CHILLER.TTF ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 17:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 06:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.21 04:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.07.27 16:34:05 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\14001.004 [2012.07.27 21:38:55 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\14001.005 [2012.07.28 21:28:36 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\14001.006 [2012.08.03 21:21:18 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\14001.008 [2012.08.06 17:43:35 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\14001.009 [2012.08.07 13:03:17 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\14001.010 [2012.08.08 14:19:51 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\14001.011 [2012.08.09 21:56:51 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\14001.012 [2012.08.18 23:30:43 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\14001.016 [2012.08.23 23:27:03 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\14001.017 [2012.08.27 12:33:26 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\14001.018 [2012.08.30 22:22:44 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\14001.019 [2009.05.16 13:32:54 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Big Fish Games [2010.08.21 15:47:06 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\CocoonSoftware [2010.03.31 12:57:53 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Degener [2013.07.04 12:54:40 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Dropbox [2011.01.08 00:20:09 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\DVDVideoSoftIEHelpers [2010.03.31 12:58:03 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Ebner [2013.07.03 02:57:54 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\gtk-2.0 [2011.11.20 14:10:02 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Gutscheinmieze [2009.03.23 16:30:47 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\InterVideo [2012.10.31 16:40:36 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Ipam [2012.07.27 16:33:03 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\kock [2010.07.17 11:09:28 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\MioNetApplet [2010.01.27 08:37:14 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\mmserver [2013.07.03 02:39:44 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Nausal [2011.01.08 22:32:54 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Oberon Media [2010.06.04 20:51:25 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Philipp Winterberg [2011.08.06 15:39:49 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Qaifu [2010.08.20 16:30:47 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\SumatraPDF [2009.05.16 12:39:42 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Template [2012.07.05 13:37:39 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Thunderbird [2010.09.07 21:06:31 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\TuneUp Software [2012.08.24 19:45:02 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\UAs [2013.02.19 13:36:42 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\xmldm ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 60 bytes -> C:\Users\Hanna\Desktop\.TEMP_com.apple.iWork.Pages_147_336291406_2:AFP_AfpInfo @Alternate Data Stream - 60 bytes -> C:\Users\Hanna\Desktop\.DS_Store:AFP_AfpInfo @Alternate Data Stream - 60 bytes -> C:\Users\Hanna\.DS_Store:AFP_AfpInfo @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:A696643D @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:9F683177 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:CF5C4195 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:861A898F @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:4F636E25 @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:4D066AD2 @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:4CF61E54 @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:8AB6C1D7 @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:E36F5B57 @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B623B5B8 @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:9B52F176 @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:798A3728 @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:C46995DA @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:4BB26BE9 @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:9E22BBE8 @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:3E7393FC < End of report > Extras.txt:OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 04.07.2013 13:37:26 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hanna\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,93 Gb Total Physical Memory | 1,55 Gb Available Physical Memory | 52,81% Memory free
6,08 Gb Paging File | 4,44 Gb Available in Paging File | 72,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,08 Gb Total Space | 194,84 Gb Free Space | 67,63% Space Free | Partition Type: NTFS
Computer Name: HANNA-PC | User Name: Hanna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\program files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1F6A7254-8E92-407F-9625-68D18F7C5DF0}" = lport=445 | protocol=6 | dir=in | app=system |
"{2D5A2983-1488-4D64-84DB-7A293F856921}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{390E8FF9-2554-4835-8315-949B11B1932B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3958DF73-91F8-4D0A-97EE-CABB7B97E293}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{451EBCBA-0B44-4000-BF31-9CD4A4D2B2E5}" = lport=139 | protocol=6 | dir=in | app=system |
"{49E1C980-9DA3-46F5-BC6E-7B80A92883EB}" = rport=139 | protocol=6 | dir=out | app=system |
"{58199F90-1A87-4E45-BA7A-6E58ED264A25}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5A0BADDA-EF5F-4778-93F0-C0F75D0C09E6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{64BEE306-10D4-4BF9-85C3-C39E2962CFE8}" = lport=138 | protocol=17 | dir=in | app=system |
"{81EBA63A-C5BB-4338-B4A6-854A64EFC73A}" = lport=137 | protocol=17 | dir=in | app=system |
"{8F7EC319-704A-41FE-846E-70A86CB8A907}" = rport=445 | protocol=6 | dir=out | app=system |
"{9F587962-2A24-4601-863E-AEE62E139F2F}" = rport=137 | protocol=17 | dir=out | app=system |
"{C5F68B46-C8D8-4A1D-87CD-9FC4CEC7787D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CE61204B-7AF2-4005-9B84-F93CEC25A622}" = rport=138 | protocol=17 | dir=out | app=system |
"{CEADCF14-BC1A-45B9-B2B8-6C3D71AFA7A5}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D467D608-04C5-4FDC-9C06-A4DF370173FF}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{FB2CD107-6688-452E-936E-89266EDFECF4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FE3AE746-8127-4EED-851E-3F69421FA984}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1352BB8C-637B-47C9-AB4D-785A45EBF7BA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{34CD3037-04B5-4A17-8DF1-E1A5F465C1D1}" = protocol=6 | dir=in | app=d:\alicesetup.exe |
"{58D087BB-E7CA-4472-BAE8-956B1814548D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6D7D456E-D172-4829-AAAB-9A2C75402B22}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8D703BA8-B97A-401B-BDE6-0130894F1163}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A3C0EAC7-3CFC-40E1-A3CD-55AC66A8E994}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C50CC880-6F08-4089-8563-F215DB01A310}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E1212908-37CA-401E-971A-2234CA67E581}" = protocol=17 | dir=in | app=d:\alicesetup.exe |
"TCP Query User{0A736F0A-5637-4557-BDD4-79163732B968}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{14DF81BD-272E-4043-B4A9-8AC387C5C46A}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{6CFF1F84-8C6A-470C-8F95-BB4F0B1A6589}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{9DF31523-725B-4944-9B2D-60ECE1E9A15A}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{A149D91E-255B-4CFF-847C-70A719CFA1F4}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{C1BAA7DB-8599-420E-818E-CF14B734D92C}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{0E452904-6CEF-4E6E-AAC4-F0A043CDCF37}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{0F198771-A924-4642-B077-5D69BA1BE8BF}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{48FDE32C-3C04-4EDC-AD67-D30C6E4684A9}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{4B8A9EB5-1F9B-417F-8CE9-27E0EC15BC84}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{B01860F5-3B0A-4B72-9470-078E56FFCC78}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{BD6B1344-0F27-4FAD-B2E8-88040A0CBFF7}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series" = Canon iP2600 series
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{40184457-4514-4B18-84A8-6BB8A3AB6A81}" = AirPort
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = eMachines ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11019760}" = eMachines
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 9.15 beta
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVS Image Converter_is1" = AVS Image Converter 1.2.1.100
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"Canon iP2600 series Benutzerregistrierung" = Canon iP2600 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"Mozilla Thunderbird 17.0.7 (x86 de)" = Mozilla Thunderbird 17.0.7 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Netzmanager" = Netzmanager
"PhotoFiltre" = PhotoFiltre
"SumatraPDF" = SumatraPDF
"VLC media player" = VLC media player 1.0.3
"WinGimp-2.0_is1" = GIMP 2.6.10
"YDKJG" = YOU DON'T KNOW JACK®
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"QUICKMEDIACONVERTER" = QMC
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.07.2013 03:18:31 | Computer Name = Hanna-PC | Source = WinMgmt | ID = 10
Description =
Error - 02.07.2013 10:08:38 | Computer Name = Hanna-PC | Source = WinMgmt | ID = 10
Description =
Error - 02.07.2013 17:40:37 | Computer Name = Hanna-PC | Source = WinMgmt | ID = 10
Description =
Error - 03.07.2013 06:26:53 | Computer Name = Hanna-PC | Source = WinMgmt | ID = 10
Description =
Error - 03.07.2013 06:27:11 | Computer Name = Hanna-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 03.07.2013 06:27:22 | Computer Name = Hanna-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 03.07.2013 06:28:33 | Computer Name = Hanna-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 04.07.2013 06:53:33 | Computer Name = Hanna-PC | Source = WinMgmt | ID = 10
Description =
Error - 04.07.2013 07:08:11 | Computer Name = Hanna-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 04.07.2013 07:08:12 | Computer Name = Hanna-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 04.07.2013 07:43:14 | Computer Name = Hanna-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ OSession Events ]
Error - 14.04.2011 04:45:56 | Computer Name = Hanna-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 253
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 02.07.2013 03:17:00 | Computer Name = Hanna-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.51 für die Netzwerkkarte mit der Netzwerkadresse
00242B75B5E6 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 02.07.2013 10:07:09 | Computer Name = Hanna-PC | Source = HTTP | ID = 15016
Description =
Error - 02.07.2013 10:09:13 | Computer Name = Hanna-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.51 für die Netzwerkkarte mit der Netzwerkadresse
00242B75B5E6 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 02.07.2013 17:39:08 | Computer Name = Hanna-PC | Source = HTTP | ID = 15016
Description =
Error - 02.07.2013 17:39:10 | Computer Name = Hanna-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.51 für die Netzwerkkarte mit der Netzwerkadresse
00242B75B5E6 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 03.07.2013 06:25:22 | Computer Name = Hanna-PC | Source = HTTP | ID = 15016
Description =
Error - 03.07.2013 06:25:28 | Computer Name = Hanna-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.51 für die Netzwerkkarte mit der Netzwerkadresse
00242B75B5E6 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 03.07.2013 06:25:32 | Computer Name = Hanna-PC | Source = Microsoft-Windows-ResourcePublication | ID = 1002
Description =
Error - 04.07.2013 06:52:04 | Computer Name = Hanna-PC | Source = HTTP | ID = 15016
Description =
Error - 04.07.2013 06:54:07 | Computer Name = Hanna-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.51 für die Netzwerkkarte mit der Netzwerkadresse
00242B75B5E6 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
[ TuneUp Events ]
Error - 20.11.2011 08:12:33 | Computer Name = Hanna-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "n": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-11-20 13:12:33', '\device\harddiskvolume2\program
files\t-mobile\web'n'walk manager\driver\driveruninstall.exe','5956',0)
Error - 20.11.2011 08:12:33 | Computer Name = Hanna-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "n": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-11-20 13:12:33', '\device\harddiskvolume2\program
files\t-mobile\web'n'walk manager\driver\devsetup32.exe','5356',0)
< End of report >
|
|
04.07.2013, 12:54
| #4 |
| /// Malware-holic | Trojanisches Pferd "zeus2" auf meinem Computer Hi, otl fix Fixen mit OTL
Code:
ATTFilter :OTL
O4 - HKCU..\Run: [{0C6A3A70-0304-0E2A-A1CE-9AA25A0A27EE}] C:\Users\Hanna\AppData\Roaming\Qaifu\soidl.exe (Xeneso Oput)
:files
C:\Users\Hanna\AppData\Roaming\Qaifu
:Commands
[emptytemp]
Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.07.2013, 13:15
| #5 |
| | Trojanisches Pferd "zeus2" auf meinem Computer Der Scan kann irgendwie nicht vollständig durchgefüht werden: gmer_2.1.19163.exe funktioniert nicht mehr Das Programm wurde aufgrund eines Problems nicht richtig ausgeführt. Das Programm wird geschlossen und Sie werden benachrichtigt, wenn eine Lösung verfügbar ist. Ich hab eigentlich nen Screenshot gemacht, weiß aber nicht, wie ich das Bild hier einfürgen soll. (Vielen Dank übrigens schon mal für die schnellen Antowrten!!) Ach und ich weiß nicht, wie ich Microsoft Security Essentials ausstellen kann. Aaah, sorry, hab deinen beitrag überlesen.. bin dabei OTL Logfile: Code:
ATTFilter OTL logfile created on: 04.07.2013 14:24:51 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hanna\Desktop\Viren Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,93 Gb Total Physical Memory | 1,30 Gb Available Physical Memory | 44,33% Memory free 6,08 Gb Paging File | 4,29 Gb Available in Paging File | 70,48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 288,08 Gb Total Space | 194,71 Gb Free Space | 67,59% Space Free | Partition Type: NTFS Computer Name: HANNA-PC | User Name: Hanna | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Hanna\Desktop\Viren\OTL.exe (OldTimer Tools) PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Adobe Systems, Inc.) PRC - C:\Users\Hanna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH) PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software) PRC - C:\Program Files\GamesBar\SearchEngineProtection.exe (Oberon Media ) PRC - C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG) PRC - C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG) PRC - C:\Program Files\AirPort\APAgent.exe (Apple Inc.) PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe () PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Modules (No Company Name) ========== MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_224.dll () MOD - C:\Users\Hanna\AppData\Roaming\Dropbox\bin\libcef.dll () MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Users\Hanna\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\3fb6b9b320c78fa02be3fa8ce26b7559\System.IdentityModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\0393b1448497e28ae9bbfed9be19bd3e\System.Runtime.Serialization.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\06bb41fe681650a017fa2c99e197edf0\SMDiagnostics.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\0dd1924dbe8ac43b923a28409d351619\System.ServiceModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\fdbb4d76b37aada9010c49a6e09da067\System.Transactions.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\1c06ada12457242969cdc35d5af12b01\System.EnterpriseServices.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6bebfe5b7776c84cb38efdb2a7c9d447\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\415ef2ec8cbd9f3368da6ade10beae26\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c1498ba4652483d5adddd4c5d3927170\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\29d729043903b7b4b2ea695db220d866\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_de_b77a5c561934e089\System.ServiceModel.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_de_b77a5c561934e089\System.Runtime.Serialization.resources.dll () MOD - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software) SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software) SRV - (Netzmanager Service) -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG) SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (ETService) -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe () SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Driver Services (SafeList) ========== DRV - (zpnnlqgu) -- C:\Windows\system32\drivers\zpnnlqgu.sys File not found DRV - (zhhohjdn) -- C:\Windows\system32\drivers\zhhohjdn.sys File not found DRV - (ycqhnloq) -- C:\Windows\system32\drivers\ycqhnloq.sys File not found DRV - (xvysrriv) -- C:\Windows\system32\drivers\xvysrriv.sys File not found DRV - (wpmqlqgd) -- C:\Windows\system32\drivers\wpmqlqgd.sys File not found DRV - (wpddpvvm) -- C:\Windows\system32\drivers\wpddpvvm.sys File not found DRV - (wikoztsj) -- C:\Windows\system32\drivers\wikoztsj.sys File not found DRV - (whqdilhl) -- C:\Windows\system32\drivers\whqdilhl.sys File not found DRV - (wgriqhda) -- C:\Windows\system32\drivers\wgriqhda.sys File not found DRV - (wduvamgn) -- C:\Windows\system32\drivers\wduvamgn.sys File not found DRV - (vlqoefga) -- C:\Windows\system32\drivers\vlqoefga.sys File not found DRV - (vildfska) -- C:\Windows\system32\drivers\vildfska.sys File not found DRV - (vhmlfgnv) -- C:\Windows\system32\drivers\vhmlfgnv.sys File not found DRV - (vewtcbpb) -- C:\Windows\system32\drivers\vewtcbpb.sys File not found DRV - (ujaqhsqy) -- C:\Windows\system32\drivers\ujaqhsqy.sys File not found DRV - (ugloipog) -- C:\Users\Hanna\AppData\Local\Temp\ugloipog.sys File not found DRV - (uepbqtfa) -- C:\Windows\system32\drivers\uepbqtfa.sys File not found DRV - (szfeofbd) -- C:\Windows\system32\drivers\szfeofbd.sys File not found DRV - (sukifpdx) -- C:\Windows\system32\drivers\sukifpdx.sys File not found DRV - (smdnbrfu) -- C:\Windows\system32\drivers\smdnbrfu.sys File not found DRV - (sejafszk) -- C:\Windows\system32\drivers\sejafszk.sys File not found DRV - (sdyslqfg) -- C:\Windows\system32\drivers\sdyslqfg.sys File not found DRV - (saeacjqj) -- C:\Windows\system32\drivers\saeacjqj.sys File not found DRV - (rulvxbun) -- C:\Windows\system32\drivers\rulvxbun.sys File not found DRV - (rpxapolq) -- C:\Windows\system32\drivers\rpxapolq.sys File not found DRV - (rhkplgwu) -- C:\Windows\system32\drivers\rhkplgwu.sys File not found DRV - (rgxkmttj) -- C:\Windows\system32\drivers\rgxkmttj.sys File not found DRV - (qstzxuhm) -- C:\Windows\system32\drivers\qstzxuhm.sys File not found DRV - (qpqgvjav) -- C:\Windows\system32\drivers\qpqgvjav.sys File not found DRV - (qkvropkb) -- C:\Windows\system32\drivers\qkvropkb.sys File not found DRV - (qikqudhb) -- C:\Windows\system32\drivers\qikqudhb.sys File not found DRV - (qhqacqdw) -- C:\Windows\system32\drivers\qhqacqdw.sys File not found DRV - (qaguxzum) -- C:\Windows\system32\drivers\qaguxzum.sys File not found DRV - (pyofpkri) -- C:\Windows\system32\drivers\pyofpkri.sys File not found DRV - (pqjnmqma) -- C:\Windows\system32\drivers\pqjnmqma.sys File not found DRV - (pcbiiwiv) -- C:\Windows\system32\drivers\pcbiiwiv.sys File not found DRV - (oqvnraux) -- C:\Windows\system32\drivers\oqvnraux.sys File not found DRV - (ookslhnv) -- C:\Windows\system32\drivers\ookslhnv.sys File not found DRV - (ojutlavf) -- C:\Windows\system32\drivers\ojutlavf.sys File not found DRV - (nzmbgvme) -- C:\Windows\system32\drivers\nzmbgvme.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (nmakobim) -- C:\Windows\system32\drivers\nmakobim.sys File not found DRV - (mpelvrzl) -- C:\Windows\system32\drivers\mpelvrzl.sys File not found DRV - (mfjmcbdz) -- C:\Windows\system32\drivers\mfjmcbdz.sys File not found DRV - (lqybegeo) -- C:\Windows\system32\drivers\lqybegeo.sys File not found DRV - (lpptswil) -- C:\Windows\system32\drivers\lpptswil.sys File not found DRV - (loctzsie) -- C:\Windows\system32\drivers\loctzsie.sys File not found DRV - (lksnseyp) -- C:\Windows\system32\drivers\lksnseyp.sys File not found DRV - (lguaqttw) -- C:\Windows\system32\drivers\lguaqttw.sys File not found DRV - (lfssgnvy) -- C:\Windows\system32\drivers\lfssgnvy.sys File not found DRV - (kquxfouq) -- C:\Windows\system32\drivers\kquxfouq.sys File not found DRV - (klrntvnk) -- C:\Windows\system32\drivers\klrntvnk.sys File not found DRV - (jyftkbgr) -- C:\Windows\system32\drivers\jyftkbgr.sys File not found DRV - (jnbosovs) -- C:\Windows\system32\drivers\jnbosovs.sys File not found DRV - (jmzsylmz) -- C:\Windows\system32\drivers\jmzsylmz.sys File not found DRV - (iugnudez) -- C:\Windows\system32\drivers\iugnudez.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found DRV - (huotufyo) -- C:\Windows\system32\drivers\huotufyo.sys File not found DRV - (hmzcnucm) -- C:\Windows\system32\drivers\hmzcnucm.sys File not found DRV - (hmhwazky) -- C:\Windows\system32\drivers\hmhwazky.sys File not found DRV - (gvcruzyt) -- C:\Windows\system32\drivers\gvcruzyt.sys File not found DRV - (gqtapwpm) -- C:\Windows\system32\drivers\gqtapwpm.sys File not found DRV - (gnuwogzg) -- C:\Windows\system32\drivers\gnuwogzg.sys File not found DRV - (gnkropup) -- C:\Windows\system32\drivers\gnkropup.sys File not found DRV - (gksmkjpj) -- C:\Windows\system32\drivers\gksmkjpj.sys File not found DRV - (ggxxvjrb) -- C:\Windows\system32\drivers\ggxxvjrb.sys File not found DRV - (fpugudpo) -- C:\Windows\system32\drivers\fpugudpo.sys File not found DRV - (ekmlgvdv) -- C:\Windows\system32\drivers\ekmlgvdv.sys File not found DRV - (egxmgzqs) -- C:\Windows\system32\drivers\egxmgzqs.sys File not found DRV - (ebfgapfz) -- C:\Windows\system32\drivers\ebfgapfz.sys File not found DRV - (dvinguwj) -- C:\Windows\system32\drivers\dvinguwj.sys File not found DRV - (DritekPortIO) -- C:\PROGRA~1\LAUNCH~1\DPortIO.sys File not found DRV - (dpjqrnkw) -- C:\Windows\system32\drivers\dpjqrnkw.sys File not found DRV - (dhomzlpo) -- C:\Windows\system32\drivers\dhomzlpo.sys File not found DRV - (dgkupvxr) -- C:\Windows\system32\drivers\dgkupvxr.sys File not found DRV - (cxtarluf) -- C:\Windows\system32\drivers\cxtarluf.sys File not found DRV - (cuybmpcq) -- C:\Windows\system32\drivers\cuybmpcq.sys File not found DRV - (cdvczbkm) -- C:\Windows\system32\drivers\cdvczbkm.sys File not found DRV - (cbjmreek) -- C:\Windows\system32\drivers\cbjmreek.sys File not found DRV - (brqnibiq) -- C:\Windows\system32\drivers\brqnibiq.sys File not found DRV - (bkgrynvj) -- C:\Windows\system32\drivers\bkgrynvj.sys File not found DRV - (bhckyxba) -- C:\Windows\system32\drivers\bhckyxba.sys File not found DRV - (azimzwac) -- C:\Windows\system32\drivers\azimzwac.sys File not found DRV - (assfgepf) -- C:\Windows\system32\drivers\assfgepf.sys File not found DRV - (asrwumcr) -- C:\Windows\system32\drivers\asrwumcr.sys File not found DRV - (ashqevxg) -- C:\Windows\system32\drivers\ashqevxg.sys File not found DRV - (aqkhnymt) -- C:\Windows\system32\drivers\aqkhnymt.sys File not found DRV - (amdcsfmn) -- C:\Windows\system32\drivers\amdcsfmn.sys File not found DRV - (afwmrqtc) -- C:\Windows\system32\drivers\afwmrqtc.sys File not found DRV - (MpKsl9937d51c) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9DD092A5-6812-4506-9248-127974941C9B}\MpKsl9937d51c.sys (Microsoft Corporation) DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek ) DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0209&m=e720 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0209&m=e720 IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-914363350-1928270848-4035351899-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0209&m=e720 IE - HKU\S-1-5-21-914363350-1928270848-4035351899-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-914363350-1928270848-4035351899-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245 IE - HKU\S-1-5-21-914363350-1928270848-4035351899-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-914363350-1928270848-4035351899-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found IE - HKU\S-1-5-21-914363350-1928270848-4035351899-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found IE - HKU\S-1-5-21-914363350-1928270848-4035351899-1000\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKU\S-1-5-21-914363350-1928270848-4035351899-1000\..\SearchScopes,DefaultScope = {BB17F21B-B06E-41FE-A424-F1E51D59C2C0} IE - HKU\S-1-5-21-914363350-1928270848-4035351899-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVSV5&o=15012&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U9&apn_dtid=YYY-YYYB3&apn_uid=64054D15-A545-4E54-9860-13A8BAB636E6&apn_sauid=FC6D164B-2096-413C-AECF-CA85761E4C58 IE - HKU\S-1-5-21-914363350-1928270848-4035351899-1000\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = hxxp://start.iplay.com/searchresults.aspx?o=chrome&q={searchTerms} IE - HKU\S-1-5-21-914363350-1928270848-4035351899-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKU\S-1-5-21-914363350-1928270848-4035351899-1000\..\SearchScopes\{BB17F21B-B06E-41FE-A424-F1E51D59C2C0}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACEW_de IE - HKU\S-1-5-21-914363350-1928270848-4035351899-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-914363350-1928270848-4035351899-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "Elf 1.15 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2866295&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/webhp?rls=ig" FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.8.3 FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.100008 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.6.0.10 FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.6.0.10 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.0.19 FF - prefs.js..extensions.enabledItems: {f4e6547e-325b-403c-a3bb-ad29ed37a92f}:3.6.0.10 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}:3.6.0.10 FF - prefs.js..extensions.enabledItems: gamesbar@oberon-media.com:1.2.1.94 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media ) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\program files\Mozilla Firefox\components [2013.02.22 12:08:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\program files\Mozilla Firefox\plugins [2013.05.15 15:26:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.06.27 09:56:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Hanna\AppData\Roaming\14001.019 [2012.08.30 22:22:44 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.06.27 09:56:04 | 000,000,000 | ---D | M] [2009.11.22 00:10:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hanna\AppData\Roaming\mozilla\Extensions [2012.11.24 23:28:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hanna\AppData\Roaming\mozilla\Firefox\Profiles\i9p06hy1.default\extensions [2011.12.12 20:41:02 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Hanna\AppData\Roaming\mozilla\Firefox\Profiles\i9p06hy1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(7) [2012.10.25 20:17:53 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Hanna\AppData\Roaming\mozilla\Firefox\Profiles\i9p06hy1.default\extensions\firefox@ghostery.com [2012.11.24 23:28:07 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Hanna\AppData\Roaming\mozilla\Firefox\Profiles\i9p06hy1.default\extensions\ich@maltegoetz.de [2012.08.07 19:22:18 | 000,002,396 | ---- | M] () -- C:\Users\Hanna\AppData\Roaming\mozilla\firefox\profiles\i9p06hy1.default\searchplugins\askcom.xml [2012.04.30 19:32:54 | 000,000,919 | ---- | M] () -- C:\Users\Hanna\AppData\Roaming\mozilla\firefox\profiles\i9p06hy1.default\searchplugins\conduit.xml [2009.12.27 22:04:35 | 000,002,321 | ---- | M] () -- C:\Users\Hanna\AppData\Roaming\mozilla\firefox\profiles\i9p06hy1.default\searchplugins\forestle-de.xml [2013.02.22 12:08:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013.02.16 02:34:54 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2013.02.16 06:15:47 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.16 06:15:47 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.02.16 06:15:47 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.02.16 06:15:47 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.01.08 22:32:42 | 000,001,456 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober19111479.xml [2013.02.16 06:15:47 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.16 06:15:47 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com O1 HOSTS File: ([2010.04.30 14:56:08 | 000,001,798 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 adobe.activate.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 www.adobeereg.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 125.252.224.90 O1 - Hosts: 127.0.0.1 125.252.224.91 O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-914363350-1928270848-4035351899-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKU\S-1-5-21-914363350-1928270848-4035351899-1000\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O3 - HKU\S-1-5-21-914363350-1928270848-4035351899-1000\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files\AirPort\APAgent.exe (Apple Inc.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\EMACHINES\WR_PopUp\WarReg_PopUp.exe (eMachines) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-914363350-1928270848-4035351899-1000..\Run: [{0C6A3A70-0304-0E2A-A1CE-9AA25A0A27EE}] C:\Users\Hanna\AppData\Roaming\Qaifu\soidl.exe (Xeneso Oput) O4 - HKU\S-1-5-21-914363350-1928270848-4035351899-1000..\Run: [FilterHost] C:\Users\Hanna\AppData\Roaming\mmserver\FilterHost.exe (Synatix GmbH) O4 - HKU\S-1-5-21-914363350-1928270848-4035351899-1000..\Run: [NvCplDaemonTool] rundll32.exe C:\Users\Hanna\floadu1C.dll,_IWMPEvents File not found O4 - HKU\S-1-5-21-914363350-1928270848-4035351899-1000..\Run: [SearchEngineProtection] C:\Program Files\GamesBar\SearchEngineProtection.exe (Oberon Media ) O4 - Startup: C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Hanna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk = C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG) O7 - HKU\S-1-5-21-914363350-1928270848-4035351899-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O8 - Extra context menu item: Free YouTube Download - C:\Users\Hanna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Hanna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra 'Tools' menuitem : GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - Reg Error: Value error. File not found O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5DE2AF7-7FDA-4FA8-87BF-290CD98962D2}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5DE2AF7-7FDA-4FA8-87BF-290CD98962D2}: NameServer = 208.67.222.222,208.67.220.220 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DAE15BB4-E5D7-4D17-BBE1-F64F678EB3B0}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Hanna\Pictures\Bild 023.jpg O24 - Desktop BackupWallPaper: C:\Users\Hanna\Pictures\Bild 023.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{02444e18-13e9-11de-ade5-00235a531a7b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn O33 - MountPoints2\{0f762ed8-05f2-11df-a6f6-00235a531a7b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn O33 - MountPoints2\{14de9494-d939-11de-871a-00235a531a7b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn O33 - MountPoints2\{196c663e-65c1-11df-a402-00235a531a7b}\Shell - "" = AutoRun O33 - MountPoints2\{196c663e-65c1-11df-a402-00235a531a7b}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{196c6651-65c1-11df-a402-00235a531a7b}\Shell - "" = AutoRun O33 - MountPoints2\{196c6651-65c1-11df-a402-00235a531a7b}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{1fdae04a-dc25-11de-8c6e-00235a531a7b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn O33 - MountPoints2\{898d2c65-c95f-11de-8bb1-00235a531a7b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn O33 - MountPoints2\{97fe7507-78a6-11df-b555-00235a531a7b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn O33 - MountPoints2\{db31fb8c-f3c8-11de-abe5-00235a531a7b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn O33 - MountPoints2\{db74c945-1183-11df-9e01-00235a531a7b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn O33 - MountPoints2\{db74c97f-1183-11df-9e01-00235a531a7b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.07.04 13:58:03 | 000,000,000 | ---D | C] -- C:\Users\Hanna\Desktop\Viren [2013.06.27 09:56:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2013.06.25 16:31:19 | 000,000,000 | ---D | C] -- C:\Users\Hanna\Desktop\Irland England [2013.06.18 16:00:11 | 000,000,000 | ---D | C] -- C:\Users\Hanna\Desktop\Kindergeld [2 C:\Users\Hanna\AppData\Roaming\*.tmp files -> C:\Users\Hanna\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.07.04 14:25:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.07.04 14:24:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.07.04 14:06:17 | 000,164,365 | ---- | M] () -- C:\Users\Hanna\Desktop\Unbenannt.jpg [2013.07.04 13:35:13 | 000,000,000 | ---- | M] () -- C:\Users\Hanna\defogger_reenable [2013.07.04 12:52:15 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2013.07.04 12:52:13 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2013.07.04 12:52:11 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.07.04 12:52:02 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.04 12:52:02 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.04 12:51:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.03 02:57:54 | 000,002,693 | ---- | M] () -- C:\Users\Hanna\.recently-used.xbel [2013.07.02 09:23:56 | 000,163,528 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.07.02 09:23:56 | 000,065,938 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.07.02 09:23:56 | 000,017,656 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.07.02 09:23:56 | 000,009,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.06.26 13:20:19 | 000,000,983 | ---- | M] () -- C:\Users\Hanna\Desktop\Dropbox.lnk [2013.06.25 11:50:01 | 000,175,949 | ---- | M] () -- C:\Users\Hanna\Desktop\Flyer C.A. Krankenpflege_2012.pdf [2013.06.15 16:08:22 | 000,225,254 | ---- | M] () -- C:\Users\Hanna\Desktop\IRISH DANCE FERIENPLAN.pdf [2013.06.12 13:25:00 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.06.12 13:25:00 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.06.12 10:22:27 | 000,001,224 | ---- | M] () -- C:\Windows\WININIT.INI [2013.06.12 10:22:27 | 000,000,993 | ---- | M] () -- C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2 C:\Users\Hanna\AppData\Roaming\*.tmp files -> C:\Users\Hanna\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.07.04 14:06:17 | 000,164,365 | ---- | C] () -- C:\Users\Hanna\Desktop\Unbenannt.jpg [2013.07.04 13:35:13 | 000,000,000 | ---- | C] () -- C:\Users\Hanna\defogger_reenable [2013.07.03 02:57:54 | 000,002,693 | ---- | C] () -- C:\Users\Hanna\.recently-used.xbel [2013.06.26 13:20:19 | 000,000,983 | ---- | C] () -- C:\Users\Hanna\Desktop\Dropbox.lnk [2013.06.25 11:50:00 | 000,175,949 | ---- | C] () -- C:\Users\Hanna\Desktop\Flyer C.A. Krankenpflege_2012.pdf [2013.06.15 16:08:20 | 000,225,254 | ---- | C] () -- C:\Users\Hanna\Desktop\IRISH DANCE FERIENPLAN.pdf [2012.09.11 22:57:35 | 000,065,536 | ---- | C] () -- C:\Users\Hanna\AppData\Roaming\i9p06hy1.default.dat [2012.08.04 11:58:40 | 000,000,069 | ---- | C] () -- C:\Users\Hanna\AppData\Roaming\urhtps.dat [2012.07.27 16:33:24 | 000,000,034 | ---- | C] () -- C:\Users\Hanna\AppData\Roaming\blckdom.res [2012.07.26 13:20:41 | 004,503,728 | ---- | C] () -- C:\ProgramData\0tbpw.pad [2011.07.21 14:06:50 | 000,015,364 | -H-- | C] () -- C:\Users\Hanna\.DS_Store [2010.09.21 11:19:45 | 000,000,680 | ---- | C] () -- C:\Users\Hanna\AppData\Local\d3d9caps.dat [2009.11.21 23:52:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.07.12 13:14:01 | 000,024,206 | ---- | C] () -- C:\Users\Hanna\AppData\Roaming\UserTile.png [2009.03.27 16:39:30 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini [2009.03.20 16:58:24 | 000,071,680 | ---- | C] () -- C:\Users\Hanna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.03.18 20:46:11 | 000,000,326 | ---- | C] () -- C:\Users\Hanna\AppData\Roaming\wklnhst.dat [2001.01.04 01:01:22 | 000,101,820 | ---- | C] () -- C:\Users\Hanna\CHILLER.TTF ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 17:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 06:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.21 04:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.07.27 16:34:05 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\14001.004 [2012.07.27 21:38:55 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\14001.005 [2012.07.28 21:28:36 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\14001.006 [2012.08.03 21:21:18 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\14001.008 [2012.08.06 17:43:35 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\14001.009 [2012.08.07 13:03:17 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\14001.010 [2012.08.08 14:19:51 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\14001.011 [2012.08.09 21:56:51 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\14001.012 [2012.08.18 23:30:43 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\14001.016 [2012.08.23 23:27:03 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\14001.017 [2012.08.27 12:33:26 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\14001.018 [2012.08.30 22:22:44 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\14001.019 [2009.05.16 13:32:54 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Big Fish Games [2010.08.21 15:47:06 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\CocoonSoftware [2010.03.31 12:57:53 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Degener [2013.07.04 12:54:40 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Dropbox [2011.01.08 00:20:09 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\DVDVideoSoftIEHelpers [2010.03.31 12:58:03 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Ebner [2013.07.03 02:57:54 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\gtk-2.0 [2011.11.20 14:10:02 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Gutscheinmieze [2009.03.23 16:30:47 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\InterVideo [2012.10.31 16:40:36 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Ipam [2012.07.27 16:33:03 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\kock [2010.07.17 11:09:28 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\MioNetApplet [2010.01.27 08:37:14 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\mmserver [2013.07.03 02:39:44 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Nausal [2011.01.08 22:32:54 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Oberon Media [2010.06.04 20:51:25 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Philipp Winterberg [2011.08.06 15:39:49 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Qaifu [2010.08.20 16:30:47 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\SumatraPDF [2009.05.16 12:39:42 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Template [2012.07.05 13:37:39 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Thunderbird [2010.09.07 21:06:31 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\TuneUp Software [2012.08.24 19:45:02 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\UAs [2013.02.19 13:36:42 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\xmldm ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 60 bytes -> C:\Users\Hanna\Desktop\.TEMP_com.apple.iWork.Pages_147_336291406_2:AFP_AfpInfo @Alternate Data Stream - 60 bytes -> C:\Users\Hanna\Desktop\.DS_Store:AFP_AfpInfo @Alternate Data Stream - 60 bytes -> C:\Users\Hanna\.DS_Store:AFP_AfpInfo @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:A696643D @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:9F683177 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:CF5C4195 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:861A898F @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:4F636E25 @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:4D066AD2 @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:4CF61E54 @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:8AB6C1D7 @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:E36F5B57 @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B623B5B8 @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:9B52F176 @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:798A3728 @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:C46995DA @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:4BB26BE9 @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:9E22BBE8 @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:3E7393FC < End of report > Okay, wenn ich auf Fix klicke, muss ich irgendwas auswählen.. Oh man, ich sollte mich mehr konzentrieren... All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{0C6A3A70-0304-0E2A-A1CE-9AA25A0A27EE} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C6A3A70-0304-0E2A-A1CE-9AA25A0A27EE}\ not found. C:\Users\Hanna\AppData\Roaming\Qaifu\soidl.exe moved successfully. ========== FILES ========== C:\Users\Hanna\AppData\Roaming\Qaifu folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41620 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Gast ->Temp folder emptied: 3434173 bytes ->Temporary Internet Files folder emptied: 35274799 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 1348 bytes User: Hanna ->Temp folder emptied: 1947390 bytes ->Temporary Internet Files folder emptied: 712425173 bytes ->Java cache emptied: 1183984 bytes ->FireFox cache emptied: 54276236 bytes ->Google Chrome cache emptied: 6208909 bytes ->Flash cache emptied: 82948 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 4908913 bytes RecycleBin emptied: 108140436 bytes Total Files Cleaned = 885,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 07042013_144755 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... |
|
04.07.2013, 13:57
| #6 |
| | Trojanisches Pferd "zeus2" auf meinem Computer Der Upload wurde erfolgreich abgeschlossen! |
|
04.07.2013, 14:03
| #7 | |
| | Trojanisches Pferd "zeus2" auf meinem Computer Hab ich schon mal versucht: Zitat:
|
|
04.07.2013, 13:56
| #8 |
| /// Malware-holic | Trojanisches Pferd "zeus2" auf meinem Computer wo steht was von gmer? mach bitte das, was da steht
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.07.2013, 13:58
| #9 |
| /// Malware-holic | Trojanisches Pferd "zeus2" auf meinem Computer ok, warum ist in der hosts datei adobe geblockt, und gleichzeitig bezahlsoftware dieser Firma instaliert? geblockt ist unteranderem die aktivierung.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.07.2013, 14:07
| #10 | |
| | Trojanisches Pferd "zeus2" auf meinem ComputerZitat:
|
|
04.07.2013, 14:06
| #11 |
| /// Malware-holic | Trojanisches Pferd "zeus2" auf meinem Computer wer redet denn von gmer, mach das, was hier steht bzw beantworte meine Frage
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.07.2013, 14:32
| #12 |
| /// Malware-holic | Trojanisches Pferd "zeus2" auf meinem Computer hi, Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.07.2013, 14:39
| #13 |
| | Trojanisches Pferd "zeus2" auf meinem Computer 15:36:49.0827 1008 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 15:36:50.0295 1008 ============================================================ 15:36:50.0295 1008 Current date / time: 2013/07/04 15:36:50.0295 15:36:50.0295 1008 SystemInfo: 15:36:50.0295 1008 15:36:50.0295 1008 OS Version: 6.0.6001 ServicePack: 1.0 15:36:50.0295 1008 Product type: Workstation 15:36:50.0295 1008 ComputerName: HANNA-PC 15:36:50.0295 1008 UserName: Hanna 15:36:50.0295 1008 Windows directory: C:\Windows 15:36:50.0295 1008 System windows directory: C:\Windows 15:36:50.0295 1008 Processor architecture: Intel x86 15:36:50.0295 1008 Number of processors: 2 15:36:50.0295 1008 Page size: 0x1000 15:36:50.0295 1008 Boot type: Normal boot 15:36:50.0295 1008 ============================================================ 15:36:53.0305 1008 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 15:36:53.0321 1008 ============================================================ 15:36:53.0321 1008 \Device\Harddisk0\DR0: 15:36:53.0321 1008 MBR partitions: 15:36:53.0321 1008 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1402800, BlocksNum 0x2402B800 15:36:53.0321 1008 ============================================================ 15:36:53.0321 1008 C: <-> \Device\Harddisk0\DR0\Partition1 15:36:53.0321 1008 ============================================================ 15:36:53.0321 1008 Initialize success 15:36:53.0321 1008 ============================================================ 15:36:58.0235 2984 ============================================================ 15:36:58.0235 2984 Scan started 15:36:58.0235 2984 Mode: Manual; 15:36:58.0235 2984 ============================================================ 15:36:58.0797 2984 ================ Scan system memory ======================== 15:36:58.0797 2984 System memory - ok 15:36:58.0797 2984 ================ Scan services ============================= 15:36:59.0015 2984 [ FCB8C7210F0135E24C6580F7F649C73C ] ACPI C:\Windows\system32\drivers\acpi.sys 15:36:59.0015 2984 ACPI - ok 15:36:59.0140 2984 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 15:36:59.0140 2984 AdobeARMservice - ok 15:36:59.0187 2984 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 15:36:59.0187 2984 AdobeFlashPlayerUpdateSvc - ok 15:36:59.0374 2984 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 15:36:59.0421 2984 adp94xx - ok 15:36:59.0467 2984 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys 15:36:59.0483 2984 adpahci - ok 15:36:59.0530 2984 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 15:36:59.0530 2984 adpu160m - ok 15:36:59.0561 2984 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 15:36:59.0577 2984 adpu320 - ok 15:36:59.0623 2984 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 15:36:59.0623 2984 AeLookupSvc - ok 15:36:59.0670 2984 [ 48EB99503533C27AC6135648E5474457 ] AFD C:\Windows\system32\drivers\afd.sys 15:36:59.0670 2984 AFD - ok 15:36:59.0701 2984 afwmrqtc - ok 15:36:59.0764 2984 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys 15:36:59.0779 2984 agp440 - ok 15:36:59.0795 2984 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys 15:36:59.0811 2984 aic78xx - ok 15:36:59.0826 2984 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe 15:36:59.0826 2984 ALG - ok 15:36:59.0857 2984 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys 15:36:59.0857 2984 aliide - ok 15:36:59.0904 2984 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys 15:36:59.0904 2984 amdagp - ok 15:36:59.0920 2984 amdcsfmn - ok 15:36:59.0935 2984 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys 15:36:59.0935 2984 amdide - ok 15:36:59.0967 2984 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys 15:36:59.0967 2984 AmdK7 - ok 15:36:59.0998 2984 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 15:36:59.0998 2984 AmdK8 - ok 15:37:00.0060 2984 [ 0ED1A5B7A8AE5939A92EA1EC39E16D21 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys 15:37:00.0060 2984 ApfiltrService - ok 15:37:00.0107 2984 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll 15:37:00.0107 2984 Appinfo - ok 15:37:00.0123 2984 aqkhnymt - ok 15:37:00.0185 2984 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys 15:37:00.0185 2984 arc - ok 15:37:00.0216 2984 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys 15:37:00.0216 2984 arcsas - ok 15:37:00.0216 2984 ashqevxg - ok 15:37:00.0247 2984 asrwumcr - ok 15:37:00.0263 2984 assfgepf - ok 15:37:00.0294 2984 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 15:37:00.0294 2984 AsyncMac - ok 15:37:00.0325 2984 [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi C:\Windows\system32\drivers\atapi.sys 15:37:00.0325 2984 atapi - ok 15:37:00.0388 2984 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 15:37:00.0388 2984 AudioEndpointBuilder - ok 15:37:00.0403 2984 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] Audiosrv C:\Windows\System32\Audiosrv.dll 15:37:00.0403 2984 Audiosrv - ok 15:37:00.0419 2984 azimzwac - ok 15:37:00.0497 2984 [ E22ABCAA7B6FF580FEB0D49545DC4263 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys 15:37:00.0513 2984 BCM43XX - ok 15:37:00.0544 2984 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys 15:37:00.0544 2984 Beep - ok 15:37:00.0591 2984 [ D3E6D78285529962349A7F1617035938 ] BFE C:\Windows\System32\bfe.dll 15:37:00.0591 2984 BFE - ok 15:37:00.0606 2984 bhckyxba - ok 15:37:00.0669 2984 [ 02ED7B4DBC2A3232A389106DA7515C3D ] BITS C:\Windows\System32\qmgr.dll 15:37:00.0684 2984 BITS - ok 15:37:00.0700 2984 bkgrynvj - ok 15:37:00.0731 2984 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 15:37:00.0731 2984 blbdrive - ok 15:37:00.0825 2984 [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 15:37:00.0840 2984 Bonjour Service - ok 15:37:00.0887 2984 [ 8153396D5551276227FA146900F734E6 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 15:37:00.0887 2984 bowser - ok 15:37:00.0949 2984 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 15:37:00.0949 2984 BrFiltLo - ok 15:37:00.0965 2984 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 15:37:00.0965 2984 BrFiltUp - ok 15:37:01.0012 2984 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll 15:37:01.0012 2984 Browser - ok 15:37:01.0012 2984 brqnibiq - ok 15:37:01.0043 2984 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys 15:37:01.0043 2984 Brserid - ok 15:37:01.0074 2984 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 15:37:01.0090 2984 BrSerWdm - ok 15:37:01.0105 2984 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 15:37:01.0105 2984 BrUsbMdm - ok 15:37:01.0121 2984 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 15:37:01.0137 2984 BrUsbSer - ok 15:37:01.0168 2984 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 15:37:01.0168 2984 BTHMODEM - ok 15:37:01.0261 2984 [ 09E6AFFAE6C0E9158BF05C7D08D0107A ] BUNAgentSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe 15:37:01.0261 2984 BUNAgentSvc - ok 15:37:01.0261 2984 cbjmreek - ok 15:37:01.0308 2984 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 15:37:01.0308 2984 cdfs - ok 15:37:01.0324 2984 [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 15:37:01.0324 2984 cdrom - ok 15:37:01.0356 2984 cdvczbkm - ok 15:37:01.0372 2984 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc C:\Windows\System32\certprop.dll 15:37:01.0387 2984 CertPropSvc - ok 15:37:01.0418 2984 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys 15:37:01.0418 2984 circlass - ok 15:37:01.0450 2984 [ 465745561C832B29F7C48B488AAB3842 ] CLFS C:\Windows\system32\CLFS.sys 15:37:01.0450 2984 CLFS - ok 15:37:01.0543 2984 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 15:37:01.0543 2984 clr_optimization_v2.0.50727_32 - ok 15:37:01.0606 2984 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 15:37:01.0606 2984 clr_optimization_v4.0.30319_32 - ok 15:37:01.0668 2984 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 15:37:01.0668 2984 CmBatt - ok 15:37:01.0715 2984 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys 15:37:01.0715 2984 cmdide - ok 15:37:01.0746 2984 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 15:37:01.0746 2984 Compbatt - ok 15:37:01.0746 2984 COMSysApp - ok 15:37:01.0762 2984 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 15:37:01.0762 2984 crcdisk - ok 15:37:01.0793 2984 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys 15:37:01.0793 2984 Crusoe - ok 15:37:01.0855 2984 [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc C:\Windows\system32\cryptsvc.dll 15:37:01.0855 2984 CryptSvc - ok 15:37:01.0871 2984 cuybmpcq - ok 15:37:01.0886 2984 cxtarluf - ok 15:37:01.0949 2984 [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch C:\Windows\system32\rpcss.dll 15:37:01.0964 2984 DcomLaunch - ok 15:37:01.0980 2984 [ A3E9FA213F443AC77C7746119D13FEEC ] DfsC C:\Windows\system32\Drivers\dfsc.sys 15:37:01.0980 2984 DfsC - ok 15:37:02.0089 2984 [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR C:\Windows\system32\DFSR.exe 15:37:02.0136 2984 DFSR - ok 15:37:02.0152 2984 dgkupvxr - ok 15:37:02.0198 2984 [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp C:\Windows\System32\dhcpcsvc.dll 15:37:02.0214 2984 Dhcp - ok 15:37:02.0214 2984 dhomzlpo - ok 15:37:02.0261 2984 [ 64109E623ABD6955C8FB110B592E68B7 ] disk C:\Windows\system32\drivers\disk.sys 15:37:02.0261 2984 disk - ok 15:37:02.0308 2984 [ 4805D9A6D281C7A7DEFD9094DEC6AF7D ] Dnscache C:\Windows\System32\dnsrslvr.dll 15:37:02.0308 2984 Dnscache - ok 15:37:02.0323 2984 [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc C:\Windows\System32\dot3svc.dll 15:37:02.0339 2984 dot3svc - ok 15:37:02.0354 2984 dpjqrnkw - ok 15:37:02.0401 2984 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll 15:37:02.0401 2984 DPS - ok 15:37:02.0417 2984 DritekPortIO - ok 15:37:02.0464 2984 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 15:37:02.0464 2984 drmkaud - ok 15:37:02.0510 2984 dvinguwj - ok 15:37:02.0573 2984 [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 15:37:02.0588 2984 DXGKrnl - ok 15:37:02.0620 2984 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys 15:37:02.0620 2984 E1G60 - ok 15:37:02.0666 2984 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll 15:37:02.0666 2984 EapHost - ok 15:37:02.0682 2984 ebfgapfz - ok 15:37:02.0744 2984 [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache C:\Windows\system32\drivers\ecache.sys 15:37:02.0744 2984 Ecache - ok 15:37:02.0760 2984 egxmgzqs - ok 15:37:02.0822 2984 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 15:37:02.0822 2984 ehRecvr - ok 15:37:02.0838 2984 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe 15:37:02.0854 2984 ehSched - ok 15:37:02.0869 2984 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll 15:37:02.0869 2984 ehstart - ok 15:37:02.0900 2984 ekmlgvdv - ok 15:37:02.0916 2984 Scan interrupted by user! 15:37:02.0916 2984 ================ Scan global =============================== 15:37:02.0916 2984 Scan interrupted by user! 15:37:02.0916 2984 ================ Scan MBR ================================== 15:37:02.0916 2984 Scan interrupted by user! 15:37:02.0916 2984 ================ Scan VBR ================================== 15:37:02.0916 2984 Scan interrupted by user! 15:37:02.0916 2984 ============================================================ 15:37:02.0916 2984 Scan finished 15:37:02.0916 2984 ============================================================ 15:37:02.0932 2264 Detected object count: 0 15:37:02.0932 2264 Actual detected object count: 0 15:37:12.0650 4548 ============================================================ 15:37:12.0650 4548 Scan started 15:37:12.0650 4548 Mode: Manual; SigCheck; TDLFS; 15:37:12.0650 4548 ============================================================ 15:37:12.0978 4548 ================ Scan system memory ======================== 15:37:12.0978 4548 System memory - ok 15:37:12.0978 4548 ================ Scan services ============================= 15:37:13.0150 4548 [ FCB8C7210F0135E24C6580F7F649C73C ] ACPI C:\Windows\system32\drivers\acpi.sys 15:37:13.0352 4548 ACPI - ok 15:37:13.0462 4548 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 15:37:13.0477 4548 AdobeARMservice - ok 15:37:13.0524 4548 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 15:37:13.0555 4548 AdobeFlashPlayerUpdateSvc - ok 15:37:13.0633 4548 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 15:37:13.0664 4548 adp94xx - ok 15:37:13.0727 4548 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys 15:37:13.0742 4548 adpahci - ok 15:37:13.0789 4548 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 15:37:13.0805 4548 adpu160m - ok 15:37:13.0836 4548 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 15:37:13.0852 4548 adpu320 - ok 15:37:13.0898 4548 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 15:37:13.0930 4548 AeLookupSvc - ok 15:37:13.0976 4548 [ 48EB99503533C27AC6135648E5474457 ] AFD C:\Windows\system32\drivers\afd.sys 15:37:14.0008 4548 AFD - ok 15:37:14.0008 4548 afwmrqtc - ok 15:37:14.0054 4548 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys 15:37:14.0070 4548 agp440 - ok 15:37:14.0086 4548 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys 15:37:14.0117 4548 aic78xx - ok 15:37:14.0132 4548 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe 15:37:14.0195 4548 ALG - ok 15:37:14.0226 4548 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys 15:37:14.0242 4548 aliide - ok 15:37:14.0273 4548 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys 15:37:14.0288 4548 amdagp - ok 15:37:14.0304 4548 amdcsfmn - ok 15:37:14.0320 4548 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys 15:37:14.0335 4548 amdide - ok 15:37:14.0366 4548 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys 15:37:14.0413 4548 AmdK7 - ok 15:37:14.0444 4548 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 15:37:14.0491 4548 AmdK8 - ok 15:37:14.0522 4548 [ 0ED1A5B7A8AE5939A92EA1EC39E16D21 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys 15:37:14.0600 4548 ApfiltrService - ok 15:37:14.0647 4548 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll 15:37:14.0663 4548 Appinfo - ok 15:37:14.0678 4548 aqkhnymt - ok 15:37:14.0710 4548 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys 15:37:14.0725 4548 arc - ok 15:37:14.0741 4548 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys 15:37:14.0756 4548 arcsas - ok 15:37:14.0772 4548 ashqevxg - ok 15:37:14.0772 4548 asrwumcr - ok 15:37:14.0788 4548 assfgepf - ok 15:37:14.0819 4548 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 15:37:14.0866 4548 AsyncMac - ok 15:37:14.0881 4548 [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi C:\Windows\system32\drivers\atapi.sys 15:37:14.0897 4548 atapi - ok 15:37:14.0928 4548 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 15:37:14.0990 4548 AudioEndpointBuilder - ok 15:37:15.0006 4548 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] Audiosrv C:\Windows\System32\Audiosrv.dll 15:37:15.0053 4548 Audiosrv - ok 15:37:15.0068 4548 azimzwac - ok 15:37:15.0146 4548 [ E22ABCAA7B6FF580FEB0D49545DC4263 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys 15:37:15.0193 4548 BCM43XX - ok 15:37:15.0256 4548 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys 15:37:15.0302 4548 Beep - ok 15:37:15.0349 4548 [ D3E6D78285529962349A7F1617035938 ] BFE C:\Windows\System32\bfe.dll 15:37:15.0396 4548 BFE - ok 15:37:15.0412 4548 bhckyxba - ok 15:37:15.0458 4548 [ 02ED7B4DBC2A3232A389106DA7515C3D ] BITS C:\Windows\System32\qmgr.dll 15:37:15.0646 4548 BITS - ok 15:37:15.0661 4548 bkgrynvj - ok 15:37:15.0692 4548 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 15:37:15.0739 4548 blbdrive - ok 15:37:15.0802 4548 [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 15:37:15.0833 4548 Bonjour Service - ok 15:37:15.0848 4548 [ 8153396D5551276227FA146900F734E6 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 15:37:15.0880 4548 bowser - ok 15:37:15.0958 4548 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 15:37:16.0004 4548 BrFiltLo - ok 15:37:16.0036 4548 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 15:37:16.0067 4548 BrFiltUp - ok 15:37:16.0098 4548 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll 15:37:16.0160 4548 Browser - ok 15:37:16.0160 4548 brqnibiq - ok 15:37:16.0207 4548 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys 15:37:16.0270 4548 Brserid - ok 15:37:16.0301 4548 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 15:37:16.0394 4548 BrSerWdm - ok 15:37:16.0457 4548 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 15:37:16.0535 4548 BrUsbMdm - ok 15:37:16.0566 4548 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 15:37:16.0644 4548 BrUsbSer - ok 15:37:16.0675 4548 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 15:37:16.0816 4548 BTHMODEM - ok 15:37:16.0894 4548 [ 09E6AFFAE6C0E9158BF05C7D08D0107A ] BUNAgentSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe 15:37:16.0894 4548 BUNAgentSvc ( UnsignedFile.Multi.Generic ) - warning 15:37:16.0894 4548 BUNAgentSvc - detected UnsignedFile.Multi.Generic (1) 15:37:16.0909 4548 cbjmreek - ok 15:37:16.0925 4548 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 15:37:16.0972 4548 cdfs - ok 15:37:17.0034 4548 [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 15:37:17.0065 4548 cdrom - ok 15:37:17.0081 4548 cdvczbkm - ok 15:37:17.0096 4548 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc C:\Windows\System32\certprop.dll 15:37:17.0143 4548 CertPropSvc - ok 15:37:17.0174 4548 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys 15:37:17.0237 4548 circlass - ok 15:37:17.0268 4548 [ 465745561C832B29F7C48B488AAB3842 ] CLFS C:\Windows\system32\CLFS.sys 15:37:17.0299 4548 CLFS - ok 15:37:17.0377 4548 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 15:37:17.0393 4548 clr_optimization_v2.0.50727_32 - ok 15:37:17.0440 4548 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 15:37:17.0455 4548 clr_optimization_v4.0.30319_32 - ok 15:37:17.0486 4548 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 15:37:17.0533 4548 CmBatt - ok 15:37:17.0564 4548 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys 15:37:17.0580 4548 cmdide - ok 15:37:17.0611 4548 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 15:37:17.0627 4548 Compbatt - ok 15:37:17.0627 4548 COMSysApp - ok 15:37:17.0642 4548 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 15:37:17.0658 4548 crcdisk - ok 15:37:17.0689 4548 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys 15:37:17.0736 4548 Crusoe - ok 15:37:17.0783 4548 [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc C:\Windows\system32\cryptsvc.dll 15:37:17.0845 4548 CryptSvc - ok 15:37:17.0845 4548 cuybmpcq - ok 15:37:17.0861 4548 cxtarluf - ok 15:37:17.0939 4548 [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch C:\Windows\system32\rpcss.dll 15:37:17.0970 4548 DcomLaunch - ok 15:37:18.0001 4548 [ A3E9FA213F443AC77C7746119D13FEEC ] DfsC C:\Windows\system32\Drivers\dfsc.sys 15:37:18.0032 4548 DfsC - ok 15:37:18.0110 4548 [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR C:\Windows\system32\DFSR.exe 15:37:18.0220 4548 DFSR - ok 15:37:18.0235 4548 dgkupvxr - ok 15:37:18.0282 4548 [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp C:\Windows\System32\dhcpcsvc.dll 15:37:18.0329 4548 Dhcp - ok 15:37:18.0329 4548 dhomzlpo - ok 15:37:18.0360 4548 [ 64109E623ABD6955C8FB110B592E68B7 ] disk C:\Windows\system32\drivers\disk.sys 15:37:18.0376 4548 disk - ok 15:37:18.0407 4548 [ 4805D9A6D281C7A7DEFD9094DEC6AF7D ] Dnscache C:\Windows\System32\dnsrslvr.dll 15:37:18.0438 4548 Dnscache - ok 15:37:18.0454 4548 [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc C:\Windows\System32\dot3svc.dll 15:37:18.0500 4548 dot3svc - ok 15:37:18.0516 4548 dpjqrnkw - ok 15:37:18.0547 4548 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll 15:37:18.0610 4548 DPS - ok 15:37:18.0610 4548 DritekPortIO - ok 15:37:18.0641 4548 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 15:37:18.0688 4548 drmkaud - ok 15:37:18.0703 4548 dvinguwj - ok 15:37:18.0766 4548 [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 15:37:18.0797 4548 DXGKrnl - ok 15:37:18.0844 4548 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys 15:37:18.0906 4548 E1G60 - ok 15:37:18.0953 4548 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll 15:37:18.0984 4548 EapHost - ok 15:37:19.0000 4548 ebfgapfz - ok 15:37:19.0031 4548 [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache C:\Windows\system32\drivers\ecache.sys 15:37:19.0046 4548 Ecache - ok 15:37:19.0046 4548 egxmgzqs - ok 15:37:19.0124 4548 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 15:37:19.0140 4548 ehRecvr - ok 15:37:19.0171 4548 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe 15:37:19.0187 4548 ehSched - ok 15:37:19.0234 4548 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll 15:37:19.0265 4548 ehstart - ok 15:37:19.0280 4548 ekmlgvdv - ok 15:37:19.0312 4548 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys 15:37:19.0343 4548 elxstor - ok 15:37:19.0405 4548 [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C ] EMDMgmt C:\Windows\system32\emdmgmt.dll 15:37:19.0436 4548 EMDMgmt - ok 15:37:19.0499 4548 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys 15:37:19.0561 4548 ErrDev - ok 15:37:19.0624 4548 [ 4D06D9A26227AC485305133916888DF1 ] ETService C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe 15:37:19.0624 4548 ETService ( UnsignedFile.Multi.Generic ) - warning 15:37:19.0624 4548 ETService - detected UnsignedFile.Multi.Generic (1) 15:37:19.0686 4548 [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem C:\Windows\system32\es.dll 15:37:19.0748 4548 EventSystem - ok 15:37:19.0811 4548 [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat C:\Windows\system32\drivers\exfat.sys 15:37:19.0858 4548 exfat - ok 15:37:19.0920 4548 [ 3C489390C2E2064563727752AF8EAB9E ] fastfat C:\Windows\system32\drivers\fastfat.sys 15:37:19.0967 4548 fastfat - ok 15:37:19.0998 4548 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys 15:37:20.0060 4548 fdc - ok 15:37:20.0107 4548 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll 15:37:20.0154 4548 fdPHost - ok 15:37:20.0201 4548 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll 15:37:20.0279 4548 FDResPub - ok 15:37:20.0294 4548 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 15:37:20.0310 4548 FileInfo - ok 15:37:20.0357 4548 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys 15:37:20.0388 4548 Filetrace - ok 15:37:20.0450 4548 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 15:37:20.0482 4548 flpydisk - ok 15:37:20.0513 4548 [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 15:37:20.0544 4548 FltMgr - ok 15:37:20.0575 4548 [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 15:37:20.0591 4548 FontCache3.0.0.0 - ok 15:37:20.0591 4548 fpugudpo - ok 15:37:20.0606 4548 [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 15:37:20.0653 4548 Fs_Rec - ok 15:37:20.0669 4548 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 15:37:20.0700 4548 gagp30kx - ok 15:37:20.0747 4548 [ 5DC17164F66380CBFEFD895C18467773 ] GearAspiWDM C:\Windows\system32\drivers\GEARAspiWDM.sys 15:37:20.0762 4548 GearAspiWDM - ok 15:37:20.0778 4548 ggxxvjrb - ok 15:37:20.0794 4548 gksmkjpj - ok 15:37:20.0809 4548 gnkropup - ok 15:37:20.0825 4548 gnuwogzg - ok 15:37:20.0872 4548 [ D9F1113D9401185245573350712F92FC ] gpsvc C:\Windows\System32\gpsvc.dll 15:37:21.0074 4548 gpsvc - ok 15:37:21.0090 4548 gqtapwpm - ok 15:37:21.0230 4548 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1ca6af498de972d C:\Program Files\Google\Update\GoogleUpdate.exe 15:37:21.0246 4548 gupdate1ca6af498de972d - ok 15:37:21.0293 4548 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 15:37:21.0308 4548 gupdatem - ok 15:37:21.0355 4548 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 15:37:21.0371 4548 gusvc - ok 15:37:21.0386 4548 gvcruzyt - ok 15:37:21.0433 4548 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 15:37:21.0527 4548 HdAudAddService - ok 15:37:21.0542 4548 [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 15:37:21.0574 4548 HDAudBus - ok 15:37:21.0605 4548 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys 15:37:21.0698 4548 HidBth - ok 15:37:21.0745 4548 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys 15:37:21.0823 4548 HidIr - ok 15:37:21.0870 4548 [ 8FA640195279ACE21BEA91396A0054FC ] hidserv C:\Windows\system32\hidserv.dll 15:37:21.0948 4548 hidserv - ok 15:37:21.0995 4548 [ 854CA287AB7FAF949617A788306D967E ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 15:37:22.0026 4548 HidUsb - ok 15:37:22.0057 4548 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll 15:37:22.0104 4548 hkmsvc - ok 15:37:22.0104 4548 hmhwazky - ok 15:37:22.0120 4548 hmzcnucm - ok 15:37:22.0135 4548 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 15:37:22.0166 4548 HpCISSs - ok 15:37:22.0213 4548 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS 15:37:22.0260 4548 HSFHWAZL - ok 15:37:22.0322 4548 [ EC36F1D542ED4252390D446BF6D4DFD0 ] HSF_DPV C:\Windows\system32\DRIVERS\VSTDPV3.SYS 15:37:22.0432 4548 HSF_DPV - ok 15:37:22.0478 4548 [ 96E241624C71211A79C84F50A8E71CAB ] HTTP C:\Windows\system32\drivers\HTTP.sys 15:37:22.0510 4548 HTTP - ok 15:37:22.0510 4548 huotufyo - ok 15:37:22.0556 4548 hwdatacard - ok 15:37:22.0588 4548 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys 15:37:22.0603 4548 i2omp - ok 15:37:22.0650 4548 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 15:37:22.0681 4548 i8042prt - ok 15:37:22.0728 4548 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 15:37:22.0759 4548 iaStorV - ok 15:37:22.0853 4548 [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 15:37:22.0915 4548 idsvc - ok 15:37:23.0227 4548 [ DCE0B53570703CCE580D066F89EF58CD ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys 15:37:23.0648 4548 igfx - ok 15:37:23.0695 4548 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys 15:37:23.0711 4548 iirsp - ok 15:37:23.0758 4548 [ 68E8C415E102E5D79FD7E4A765B8CBA4 ] IKEEXT C:\Windows\System32\ikeext.dll 15:37:23.0820 4548 IKEEXT - ok 15:37:23.0882 4548 [ C6E5276C00EBDEB096BB5EF4B797D1B6 ] int15 C:\Windows\system32\drivers\int15.sys 15:37:23.0898 4548 int15 - ok 15:37:23.0992 4548 [ CF2219A2FED4F8F2E0817A2BF1658799 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys 15:37:24.0116 4548 IntcAzAudAddService - ok 15:37:24.0179 4548 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys 15:37:24.0194 4548 intelide - ok 15:37:24.0241 4548 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 15:37:24.0304 4548 intelppm - ok 15:37:24.0335 4548 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 15:37:24.0491 4548 IPBusEnum - ok 15:37:24.0569 4548 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 15:37:24.0631 4548 IpFilterDriver - ok 15:37:24.0678 4548 [ 6A35D233693EDC29A12742049BC5E37F ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 15:37:24.0709 4548 iphlpsvc - ok 15:37:24.0725 4548 IpInIp - ok 15:37:24.0740 4548 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 15:37:24.0787 4548 IPMIDRV - ok 15:37:24.0834 4548 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 15:37:24.0881 4548 IPNAT - ok 15:37:24.0912 4548 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 15:37:24.0959 4548 IRENUM - ok 15:37:24.0990 4548 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys 15:37:25.0006 4548 isapnp - ok 15:37:25.0037 4548 [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 15:37:25.0052 4548 iScsiPrt - ok 15:37:25.0084 4548 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 15:37:25.0099 4548 iteatapi - ok 15:37:25.0146 4548 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys 15:37:25.0162 4548 iteraid - ok 15:37:25.0177 4548 iugnudez - ok 15:37:25.0271 4548 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe 15:37:25.0286 4548 IviRegMgr - ok 15:37:25.0302 4548 jmzsylmz - ok 15:37:25.0318 4548 jnbosovs - ok 15:37:25.0318 4548 jyftkbgr - ok 15:37:25.0349 4548 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 15:37:25.0364 4548 kbdclass - ok 15:37:25.0380 4548 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 15:37:25.0442 4548 kbdhid - ok 15:37:25.0489 4548 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] KeyIso C:\Windows\system32\lsass.exe 15:37:25.0520 4548 KeyIso - ok 15:37:25.0520 4548 klrntvnk - ok 15:37:25.0536 4548 kquxfouq - ok 15:37:25.0552 4548 [ 7A0CF7908B6824D6A2A1D313E5AE3DCA ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 15:37:25.0583 4548 KSecDD - ok 15:37:25.0630 4548 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll 15:37:25.0708 4548 KtmRm - ok 15:37:25.0739 4548 [ 1925E63C91CF1610AE41BFD539062079 ] LanmanServer C:\Windows\system32\srvsvc.dll 15:37:25.0801 4548 LanmanServer - ok 15:37:25.0848 4548 [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 15:37:25.0879 4548 LanmanWorkstation - ok 15:37:25.0895 4548 lfssgnvy - ok 15:37:25.0910 4548 lguaqttw - ok 15:37:25.0988 4548 [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe 15:37:26.0020 4548 LightScribeService ( UnsignedFile.Multi.Generic ) - warning 15:37:26.0020 4548 LightScribeService - detected UnsignedFile.Multi.Generic (1) 15:37:26.0035 4548 lksnseyp - ok 15:37:26.0066 4548 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 15:37:26.0113 4548 lltdio - ok 15:37:26.0144 4548 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll 15:37:26.0222 4548 lltdsvc - ok 15:37:26.0254 4548 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll 15:37:26.0332 4548 lmhosts - ok 15:37:26.0332 4548 loctzsie - ok 15:37:26.0347 4548 lpptswil - ok 15:37:26.0347 4548 lqybegeo - ok 15:37:26.0378 4548 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 15:37:26.0394 4548 LSI_FC - ok 15:37:26.0425 4548 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 15:37:26.0441 4548 LSI_SAS - ok 15:37:26.0472 4548 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 15:37:26.0488 4548 LSI_SCSI - ok 15:37:26.0504 4548 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys 15:37:26.0567 4548 luafv - ok 15:37:26.0598 4548 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 15:37:26.0613 4548 Mcx2Svc - ok 15:37:26.0660 4548 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys 15:37:26.0676 4548 megasas - ok 15:37:26.0723 4548 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys 15:37:26.0754 4548 MegaSR - ok 15:37:26.0801 4548 mfjmcbdz - ok 15:37:26.0832 4548 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll 15:37:26.0894 4548 MMCSS - ok 15:37:26.0925 4548 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys 15:37:26.0988 4548 Modem - ok 15:37:27.0035 4548 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 15:37:27.0081 4548 monitor - ok 15:37:27.0097 4548 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 15:37:27.0113 4548 mouclass - ok 15:37:27.0128 4548 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 15:37:27.0206 4548 mouhid - ok 15:37:27.0237 4548 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 15:37:27.0253 4548 MountMgr - ok 15:37:27.0331 4548 [ 5C5E45DDABEFBC9F564F1D5C83258B8F ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 15:37:27.0347 4548 MozillaMaintenance - ok 15:37:27.0362 4548 mpelvrzl - ok 15:37:27.0425 4548 [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys 15:37:27.0440 4548 MpFilter - ok 15:37:27.0503 4548 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys 15:37:27.0518 4548 mpio - ok 15:37:27.0659 4548 [ A69630D039C38018689190234F866D77 ] MpKsl923e2562 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9DD092A5-6812-4506-9248-127974941C9B}\MpKsl923e2562.sys 15:37:27.0674 4548 MpKsl923e2562 - ok 15:37:27.0705 4548 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 15:37:27.0737 4548 mpsdrv - ok 15:37:27.0783 4548 [ D1639BA315B0D79DEC49A4B0E1FB929B ] MpsSvc C:\Windows\system32\mpssvc.dll 15:37:27.0861 4548 MpsSvc - ok 15:37:27.0893 4548 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 15:37:27.0908 4548 Mraid35x - ok 15:37:27.0939 4548 [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 15:37:27.0971 4548 MRxDAV - ok 15:37:28.0002 4548 [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 15:37:28.0033 4548 mrxsmb - ok 15:37:28.0064 4548 [ 6B5FA5ADFACAC9DBBE0991F4566D7D55 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 15:37:28.0080 4548 mrxsmb10 - ok 15:37:28.0111 4548 [ 5C80D8159181C7ABF1B14BA703B01E0B ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 15:37:28.0127 4548 mrxsmb20 - ok 15:37:28.0142 4548 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys 15:37:28.0158 4548 msahci - ok 15:37:28.0205 4548 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys 15:37:28.0220 4548 msdsm - ok 15:37:28.0283 4548 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe 15:37:28.0345 4548 MSDTC - ok 15:37:28.0361 4548 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys 15:37:28.0407 4548 Msfs - ok 15:37:28.0470 4548 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 15:37:28.0485 4548 msisadrv - ok 15:37:28.0517 4548 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 15:37:28.0579 4548 MSiSCSI - ok 15:37:28.0595 4548 msiserver - ok 15:37:28.0626 4548 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 15:37:28.0704 4548 MSKSSRV - ok 15:37:28.0782 4548 [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe 15:37:28.0797 4548 MsMpSvc - ok 15:37:28.0829 4548 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 15:37:28.0875 4548 MSPCLOCK - ok 15:37:28.0907 4548 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 15:37:28.0953 4548 MSPQM - ok 15:37:28.0969 4548 [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 15:37:29.0000 4548 MsRPC - ok 15:37:29.0016 4548 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 15:37:29.0031 4548 mssmbios - ok 15:37:29.0047 4548 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 15:37:29.0094 4548 MSTEE - ok 15:37:29.0109 4548 [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup C:\Windows\system32\Drivers\mup.sys 15:37:29.0125 4548 Mup - ok 15:37:29.0156 4548 [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent C:\Windows\system32\qagentRT.dll 15:37:29.0203 4548 napagent - ok 15:37:29.0250 4548 [ 3C21CE48FF529BB73DADB98770B54025 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 15:37:29.0265 4548 NativeWifiP - ok 15:37:29.0312 4548 [ 9BDC71790FA08F0A0B5F10462B1BD0B1 ] NDIS C:\Windows\system32\drivers\ndis.sys 15:37:29.0359 4548 NDIS - ok 15:37:29.0375 4548 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 15:37:29.0406 4548 NdisTapi - ok 15:37:29.0421 4548 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 15:37:29.0453 4548 Ndisuio - ok 15:37:29.0484 4548 [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 15:37:29.0515 4548 NdisWan - ok 15:37:29.0531 4548 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 15:37:29.0562 4548 NDProxy - ok 15:37:29.0577 4548 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 15:37:29.0624 4548 NetBIOS - ok 15:37:29.0640 4548 [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 15:37:29.0687 4548 netbt - ok 15:37:29.0702 4548 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] Netlogon C:\Windows\system32\lsass.exe 15:37:29.0733 4548 Netlogon - ok 15:37:29.0765 4548 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll 15:37:29.0811 4548 Netman - ok 15:37:29.0843 4548 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll 15:37:29.0905 4548 netprofm - ok 15:37:29.0967 4548 [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 15:37:29.0983 4548 NetTcpPortSharing - ok 15:37:30.0061 4548 [ 450D0D2062C54DDA23583A78C0EB63D9 ] Netzmanager Service C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe 15:37:30.0061 4548 Netzmanager Service ( UnsignedFile.Multi.Generic ) - warning 15:37:30.0061 4548 Netzmanager Service - detected UnsignedFile.Multi.Generic (1) 15:37:30.0092 4548 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 15:37:30.0108 4548 nfrd960 - ok 15:37:30.0155 4548 [ 832E098BCA8235436FE2D8AE50AC3718 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys 15:37:30.0170 4548 NisDrv - ok 15:37:30.0217 4548 [ E570ECA850F30EB740C2E9699DF3D2BD ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe 15:37:30.0248 4548 NisSrv - ok 15:37:30.0279 4548 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll 15:37:30.0326 4548 NlaSvc - ok 15:37:30.0342 4548 nmakobim - ok 15:37:30.0357 4548 [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs C:\Windows\system32\drivers\Npfs.sys 15:37:30.0404 4548 Npfs - ok 15:37:30.0435 4548 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll 15:37:30.0482 4548 nsi - ok 15:37:30.0498 4548 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 15:37:30.0545 4548 nsiproxy - ok 15:37:30.0607 4548 [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 15:37:30.0654 4548 Ntfs - ok 15:37:30.0716 4548 [ CB76F68BA0D57C5D25B538981B1C611C ] NTIBackupSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe 15:37:30.0716 4548 NTIBackupSvc - ok 15:37:30.0747 4548 [ 2757D2BA59AEE155209E24942AB127C9 ] NTIDrvr C:\Windows\system32\DRIVERS\NTIDrvr.sys 15:37:30.0763 4548 NTIDrvr - ok 15:37:30.0779 4548 [ DF1C10A75DF7E50195FC417F88A33227 ] NTISchedulerSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe 15:37:30.0794 4548 NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - warning 15:37:30.0794 4548 NTISchedulerSvc - detected UnsignedFile.Multi.Generic (1) 15:37:30.0825 4548 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys 15:37:30.0935 4548 ntrigdigi - ok 15:37:30.0997 4548 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys 15:37:31.0059 4548 Null - ok 15:37:31.0091 4548 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys 15:37:31.0122 4548 nvraid - ok 15:37:31.0153 4548 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys 15:37:31.0169 4548 nvstor - ok 15:37:31.0184 4548 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 15:37:31.0215 4548 nv_agp - ok 15:37:31.0215 4548 NwlnkFlt - ok 15:37:31.0231 4548 NwlnkFwd - ok 15:37:31.0247 4548 nzmbgvme - ok 15:37:31.0325 4548 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 15:37:31.0356 4548 odserv - ok 15:37:31.0418 4548 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 15:37:31.0496 4548 ohci1394 - ok 15:37:31.0496 4548 ojutlavf - ok 15:37:31.0512 4548 ookslhnv - ok 15:37:31.0527 4548 oqvnraux - ok 15:37:31.0559 4548 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 15:37:31.0574 4548 ose - ok 15:37:31.0638 4548 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc C:\Windows\system32\p2psvc.dll 15:37:31.0684 4548 p2pimsvc - ok 15:37:31.0716 4548 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc C:\Windows\system32\p2psvc.dll 15:37:31.0747 4548 p2psvc - ok 15:37:31.0778 4548 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys 15:37:31.0856 4548 Parport - ok 15:37:31.0872 4548 [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr C:\Windows\system32\drivers\partmgr.sys 15:37:31.0887 4548 partmgr - ok 15:37:31.0918 4548 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys 15:37:31.0996 4548 Parvdm - ok 15:37:32.0043 4548 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll 15:37:32.0074 4548 PcaSvc - ok 15:37:32.0074 4548 pcbiiwiv - ok 15:37:32.0106 4548 [ 01B94418DEB235DFF777CC80076354B4 ] pci C:\Windows\system32\drivers\pci.sys 15:37:32.0121 4548 pci - ok 15:37:32.0152 4548 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys 15:37:32.0168 4548 pciide - ok 15:37:32.0215 4548 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 15:37:32.0230 4548 pcmcia - ok 15:37:32.0293 4548 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys 15:37:32.0402 4548 PEAUTH - ok 15:37:32.0496 4548 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll 15:37:32.0667 4548 pla - ok 15:37:32.0730 4548 [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay C:\Windows\system32\umpnpmgr.dll 15:37:32.0823 4548 PlugPlay - ok 15:37:32.0870 4548 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 15:37:32.0932 4548 PNRPAutoReg - ok 15:37:32.0964 4548 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc C:\Windows\system32\p2psvc.dll 15:37:33.0057 4548 PNRPsvc - ok 15:37:33.0135 4548 [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 15:37:33.0166 4548 PolicyAgent - ok 15:37:33.0213 4548 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 15:37:33.0260 4548 PptpMiniport - ok 15:37:33.0260 4548 pqjnmqma - ok 15:37:33.0307 4548 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys 15:37:33.0369 4548 Processor - ok 15:37:33.0400 4548 [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc C:\Windows\system32\profsvc.dll 15:37:33.0478 4548 ProfSvc - ok 15:37:33.0510 4548 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] ProtectedStorage C:\Windows\system32\lsass.exe 15:37:33.0525 4548 ProtectedStorage - ok 15:37:33.0556 4548 [ BFEF604508A0ED1EAE2A73E872555FFB ] PSched C:\Windows\system32\DRIVERS\pacer.sys 15:37:33.0572 4548 PSched - ok 15:37:33.0572 4548 pyofpkri - ok 15:37:33.0588 4548 qaguxzum - ok 15:37:33.0603 4548 qhqacqdw - ok 15:37:33.0619 4548 qikqudhb - ok 15:37:33.0619 4548 qkvropkb - ok 15:37:33.0697 4548 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 15:37:33.0806 4548 ql2300 - ok 15:37:33.0900 4548 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 15:37:33.0915 4548 ql40xx - ok 15:37:33.0915 4548 qpqgvjav - ok 15:37:33.0931 4548 qstzxuhm - ok 15:37:33.0978 4548 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll 15:37:34.0009 4548 QWAVE - ok 15:37:34.0024 4548 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 15:37:34.0040 4548 QWAVEdrv - ok 15:37:34.0056 4548 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 15:37:34.0102 4548 RasAcd - ok 15:37:34.0134 4548 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll 15:37:34.0180 4548 RasAuto - ok 15:37:34.0212 4548 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 15:37:34.0243 4548 Rasl2tp - ok 15:37:34.0290 4548 [ 6E7C284FC5C4EC07AD164D93810385A6 ] RasMan C:\Windows\System32\rasmans.dll 15:37:34.0368 4548 RasMan - ok 15:37:34.0399 4548 [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 15:37:34.0446 4548 RasPppoe - ok 15:37:34.0461 4548 [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 15:37:34.0586 4548 RasSstp - ok 15:37:34.0602 4548 [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 15:37:34.0648 4548 rdbss - ok 15:37:34.0680 4548 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 15:37:34.0711 4548 RDPCDD - ok 15:37:34.0758 4548 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 15:37:34.0804 4548 rdpdr - ok 15:37:34.0820 4548 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 15:37:34.0867 4548 RDPENCDD - ok 15:37:34.0898 4548 [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 15:37:34.0960 4548 RDPWD - ok 15:37:35.0023 4548 [ 001B4278407F4303EFC902A2B16F2453 ] regi C:\Windows\system32\drivers\regi.sys 15:37:35.0038 4548 regi - ok 15:37:35.0070 4548 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll 15:37:35.0116 4548 RemoteAccess - ok 15:37:35.0148 4548 [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry C:\Windows\system32\regsvc.dll 15:37:35.0194 4548 RemoteRegistry - ok 15:37:35.0210 4548 rgxkmttj - ok 15:37:35.0226 4548 rhkplgwu - ok 15:37:35.0241 4548 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe 15:37:35.0272 4548 RpcLocator - ok 15:37:35.0319 4548 [ 301AE00E12408650BADDC04DBC832830 ] RpcSs C:\Windows\system32\rpcss.dll 15:37:35.0366 4548 RpcSs - ok 15:37:35.0366 4548 rpxapolq - ok 15:37:35.0397 4548 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 15:37:35.0444 4548 rspndr - ok 15:37:35.0475 4548 [ 2D19A7469EA19993D0C12E627F4530BC ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys 15:37:35.0506 4548 RTL8169 - ok 15:37:35.0506 4548 rulvxbun - ok 15:37:35.0522 4548 saeacjqj - ok 15:37:35.0538 4548 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] SamSs C:\Windows\system32\lsass.exe 15:37:35.0553 4548 SamSs - ok 15:37:35.0584 4548 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 15:37:35.0600 4548 sbp2port - ok 15:37:35.0631 4548 [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr C:\Windows\System32\SCardSvr.dll 15:37:35.0709 4548 SCardSvr - ok 15:37:35.0772 4548 [ 7B587B8A6D4A99F79D2902D0385F29BD ] Schedule C:\Windows\system32\schedsvc.dll 15:37:35.0818 4548 Schedule - ok 15:37:35.0850 4548 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc C:\Windows\System32\certprop.dll 15:37:35.0896 4548 SCPolicySvc - ok 15:37:35.0928 4548 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll 15:37:35.0974 4548 SDRSVC - ok 15:37:35.0974 4548 sdyslqfg - ok 15:37:36.0021 4548 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 15:37:36.0099 4548 secdrv - ok 15:37:36.0115 4548 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll 15:37:36.0193 4548 seclogon - ok 15:37:36.0193 4548 sejafszk - ok 15:37:36.0224 4548 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll 15:37:36.0286 4548 SENS - ok 15:37:36.0333 4548 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys 15:37:36.0411 4548 Serenum - ok 15:37:36.0427 4548 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys 15:37:36.0520 4548 Serial - ok 15:37:36.0552 4548 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys 15:37:36.0598 4548 sermouse - ok 15:37:36.0645 4548 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll 15:37:36.0692 4548 SessionEnv - ok 15:37:36.0723 4548 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 15:37:36.0754 4548 sffdisk - ok 15:37:36.0770 4548 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 15:37:36.0832 4548 sffp_mmc - ok 15:37:36.0895 4548 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 15:37:36.0926 4548 sffp_sd - ok 15:37:36.0942 4548 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 15:37:37.0035 4548 sfloppy - ok 15:37:37.0098 4548 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll 15:37:37.0176 4548 SharedAccess - ok 15:37:37.0207 4548 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 15:37:37.0238 4548 ShellHWDetection - ok 15:37:37.0269 4548 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys 15:37:37.0285 4548 sisagp - ok 15:37:37.0316 4548 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 15:37:37.0332 4548 SiSRaid2 - ok 15:37:37.0363 4548 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 15:37:37.0394 4548 SiSRaid4 - ok 15:37:37.0472 4548 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe 15:37:37.0488 4548 SkypeUpdate - ok 15:37:37.0597 4548 [ 0BA91E1358AD25236863039BB2609A2E ] slsvc C:\Windows\system32\SLsvc.exe 15:37:37.0846 4548 slsvc - ok 15:37:37.0878 4548 [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify C:\Windows\system32\SLUINotify.dll 15:37:37.0924 4548 SLUINotify - ok 15:37:37.0956 4548 [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb C:\Windows\system32\DRIVERS\smb.sys 15:37:38.0002 4548 Smb - ok 15:37:38.0018 4548 smdnbrfu - ok 15:37:38.0049 4548 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 15:37:38.0080 4548 SNMPTRAP - ok 15:37:38.0096 4548 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys 15:37:38.0112 4548 spldr - ok 15:37:38.0143 4548 [ 3665F79026A3F91FBCA63F2C65A09B19 ] Spooler C:\Windows\System32\spoolsv.exe 15:37:38.0158 4548 Spooler - ok 15:37:38.0190 4548 [ 2252AEF839B1093D16761189F45AF885 ] srv C:\Windows\system32\DRIVERS\srv.sys 15:37:38.0221 4548 srv - ok 15:37:38.0252 4548 [ B7FF59408034119476B00A81BB53D5D1 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 15:37:38.0268 4548 srv2 - ok 15:37:38.0283 4548 [ 2ACCC9B12AF02030F531E6CCA6F8B76E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 15:37:38.0314 4548 srvnet - ok 15:37:38.0346 4548 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 15:37:38.0392 4548 SSDPSRV - ok 15:37:38.0439 4548 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll 15:37:38.0455 4548 SstpSvc - ok 15:37:38.0502 4548 [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc C:\Windows\System32\wiaservc.dll 15:37:38.0548 4548 stisvc - ok 15:37:38.0548 4548 sukifpdx - ok 15:37:38.0595 4548 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 15:37:38.0611 4548 swenum - ok 15:37:38.0673 4548 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 15:37:38.0720 4548 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning 15:37:38.0720 4548 SwitchBoard - detected UnsignedFile.Multi.Generic (1) 15:37:38.0767 4548 [ B36C7CDB86F7F7A8E884479219766950 ] swprv C:\Windows\System32\swprv.dll 15:37:38.0860 4548 swprv - ok 15:37:38.0907 4548 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 15:37:38.0923 4548 Symc8xx - ok 15:37:38.0954 4548 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 15:37:38.0970 4548 Sym_hi - ok 15:37:39.0001 4548 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 15:37:39.0016 4548 Sym_u3 - ok 15:37:39.0063 4548 [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain C:\Windows\system32\sysmain.dll 15:37:39.0141 4548 SysMain - ok 15:37:39.0141 4548 szfeofbd - ok 15:37:39.0157 4548 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll 15:37:39.0204 4548 TabletInputService - ok 15:37:39.0266 4548 [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv C:\Windows\System32\tapisrv.dll 15:37:39.0313 4548 TapiSrv - ok 15:37:39.0328 4548 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll 15:37:39.0375 4548 TBS - ok 15:37:39.0438 4548 [ 6216A954ED7045B62880A92D6C9B9FC7 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 15:37:39.0484 4548 Tcpip - ok 15:37:39.0516 4548 [ 6216A954ED7045B62880A92D6C9B9FC7 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 15:37:39.0562 4548 Tcpip6 - ok 15:37:39.0594 4548 [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 15:37:39.0625 4548 tcpipreg - ok 15:37:39.0656 4548 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 15:37:39.0703 4548 TDPIPE - ok 15:37:39.0734 4548 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 15:37:39.0765 4548 TDTCP - ok 15:37:39.0796 4548 [ D09276B1FAB033CE1D40DCBDF303D10F ] tdx C:\Windows\system32\DRIVERS\tdx.sys 15:37:39.0828 4548 tdx - ok 15:37:39.0874 4548 [ A048056F5E1A96A9BF3071B91741A5AA ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 15:37:39.0890 4548 TermDD - ok 15:37:39.0921 4548 [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService C:\Windows\System32\termsrv.dll 15:37:40.0030 4548 TermService - ok 15:37:40.0062 4548 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] Themes C:\Windows\system32\shsvcs.dll 15:37:40.0077 4548 Themes - ok 15:37:40.0108 4548 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll 15:37:40.0140 4548 THREADORDER - ok 15:37:40.0171 4548 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll 15:37:40.0249 4548 TrkWks - ok 15:37:40.0296 4548 [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 15:37:40.0342 4548 TrustedInstaller - ok 15:37:40.0374 4548 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 15:37:40.0436 4548 tssecsrv - ok 15:37:40.0498 4548 [ 195664ACFB0DD5A296672E0A7B20F380 ] TuneUp.Defrag C:\Windows\System32\TuneUpDefragService.exe 15:37:40.0530 4548 TuneUp.Defrag - ok 15:37:40.0576 4548 [ F21C3B0BD8CF9509CBB333001BC6C24D ] TuneUp.ProgramStatisticsSvc C:\Windows\System32\TUProgSt.exe 15:37:40.0623 4548 TuneUp.ProgramStatisticsSvc - ok 15:37:40.0670 4548 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 15:37:40.0686 4548 tunmp - ok 15:37:40.0701 4548 [ 6042505FF6FA9AC1EF7684D0E03B6940 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 15:37:40.0717 4548 tunnel - ok 15:37:40.0748 4548 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys 15:37:40.0764 4548 uagp35 - ok 15:37:40.0795 4548 [ F763E070843EE2803DE1395002B42938 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys 15:37:40.0810 4548 UBHelper - ok 15:37:40.0842 4548 [ 8B5088058FA1D1CD897A2113CCFF6C58 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 15:37:40.0888 4548 udfs - ok 15:37:40.0904 4548 uepbqtfa - ok 15:37:40.0951 4548 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 15:37:40.0998 4548 UI0Detect - ok 15:37:41.0013 4548 ujaqhsqy - ok 15:37:41.0044 4548 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 15:37:41.0076 4548 uliagpkx - ok 15:37:41.0185 4548 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys 15:37:41.0200 4548 uliahci - ok 15:37:41.0247 4548 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys 15:37:41.0263 4548 UlSata - ok 15:37:41.0294 4548 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 15:37:41.0325 4548 ulsata2 - ok 15:37:41.0356 4548 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 15:37:41.0403 4548 umbus - ok 15:37:41.0450 4548 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll 15:37:41.0497 4548 upnphost - ok 15:37:41.0544 4548 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 15:37:41.0590 4548 usbccgp - ok 15:37:41.0606 4548 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys 15:37:41.0685 4548 usbcir - ok 15:37:41.0716 4548 [ CEBE90821810E76320155BEBA722FCF9 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 15:37:41.0763 4548 usbehci - ok 15:37:41.0794 4548 [ CC6B28E4CE39951357963119CE47B143 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 15:37:41.0841 4548 usbhub - ok 15:37:41.0872 4548 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys 15:37:41.0950 4548 usbohci - ok 15:37:41.0981 4548 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 15:37:42.0028 4548 usbprint - ok 15:37:42.0044 4548 [ 87BA6B83C5D19B69160968D07D6E2982 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 15:37:42.0106 4548 USBSTOR - ok 15:37:42.0153 4548 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 15:37:42.0184 4548 usbuhci - ok 15:37:42.0215 4548 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 15:37:42.0262 4548 usbvideo - ok 15:37:42.0293 4548 [ 032A0ACC3909AE7215D524E29D536797 ] UxSms C:\Windows\System32\uxsms.dll 15:37:42.0371 4548 UxSms - ok 15:37:42.0418 4548 [ A98E8E3CF1E8375B7E13596DE52F558C ] UxTuneUp C:\Windows\System32\uxtuneup.dll 15:37:42.0434 4548 UxTuneUp - ok 15:37:42.0465 4548 [ B13BC395B9D6116628F5AF47E0802AC4 ] vds C:\Windows\System32\vds.exe 15:37:42.0543 4548 vds - ok 15:37:42.0559 4548 vewtcbpb - ok 15:37:42.0605 4548 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 15:37:42.0637 4548 vga - ok 15:37:42.0652 4548 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys 15:37:42.0699 4548 VgaSave - ok 15:37:42.0699 4548 vhmlfgnv - ok 15:37:42.0730 4548 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys 15:37:42.0746 4548 viaagp - ok 15:37:42.0777 4548 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys 15:37:42.0824 4548 ViaC7 - ok 15:37:42.0871 4548 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys 15:37:42.0886 4548 viaide - ok 15:37:42.0886 4548 vildfska - ok 15:37:42.0902 4548 vlqoefga - ok 15:37:42.0917 4548 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys 15:37:42.0933 4548 volmgr - ok 15:37:42.0964 4548 [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 15:37:42.0995 4548 volmgrx - ok 15:37:43.0011 4548 [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap C:\Windows\system32\drivers\volsnap.sys 15:37:43.0027 4548 volsnap - ok 15:37:43.0058 4548 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 15:37:43.0073 4548 vsmraid - ok 15:37:43.0136 4548 [ D5FB73D19C46ADE183F968E13F186B23 ] VSS C:\Windows\system32\vssvc.exe 15:37:43.0261 4548 VSS - ok 15:37:43.0307 4548 [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time C:\Windows\system32\w32time.dll 15:37:43.0370 4548 W32Time - ok 15:37:43.0417 4548 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 15:37:43.0495 4548 WacomPen - ok 15:37:43.0526 4548 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 15:37:43.0573 4548 Wanarp - ok 15:37:43.0573 4548 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 15:37:43.0604 4548 Wanarpv6 - ok 15:37:43.0651 4548 [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc C:\Windows\System32\wcncsvc.dll 15:37:43.0682 4548 wcncsvc - ok 15:37:43.0697 4548 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 15:37:43.0775 4548 WcsPlugInService - ok 15:37:43.0822 4548 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys 15:37:43.0838 4548 Wd - ok 15:37:43.0869 4548 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 15:37:43.0900 4548 Wdf01000 - ok 15:37:43.0931 4548 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll 15:37:44.0025 4548 WdiServiceHost - ok 15:37:44.0025 4548 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll 15:37:44.0072 4548 WdiSystemHost - ok 15:37:44.0072 4548 wduvamgn - ok 15:37:44.0119 4548 [ CF9A5F41789B642DB967021DE06A2713 ] WebClient C:\Windows\System32\webclnt.dll 15:37:44.0165 4548 WebClient - ok 15:37:44.0212 4548 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll 15:37:44.0243 4548 Wecsvc - ok 15:37:44.0259 4548 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll 15:37:44.0306 4548 wercplsupport - ok 15:37:44.0353 4548 [ FD1965AAA112C6818A30AB02742D0461 ] WerSvc C:\Windows\System32\WerSvc.dll 15:37:44.0399 4548 WerSvc - ok 15:37:44.0415 4548 wgriqhda - ok 15:37:44.0415 4548 whqdilhl - ok 15:37:44.0446 4548 wikoztsj - ok 15:37:44.0509 4548 [ 5C7BDCF5864DB00323FE2D90FA26A8A2 ] winachsf C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 15:37:44.0602 4548 winachsf - ok 15:37:44.0649 4548 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 15:37:44.0665 4548 WinDefend - ok 15:37:44.0680 4548 WinHttpAutoProxySvc - ok 15:37:44.0727 4548 [ 00B79A7C984678F24CF052E5BEB3A2F5 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 15:37:44.0774 4548 Winmgmt - ok 15:37:44.0852 4548 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll 15:37:44.0914 4548 WinRM - ok 15:37:44.0977 4548 [ 275F4346E569DF56CFB95243BD6F6FF0 ] Wlansvc C:\Windows\System32\wlansvc.dll 15:37:45.0101 4548 Wlansvc - ok 15:37:45.0133 4548 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 15:37:45.0164 4548 WmiAcpi - ok 15:37:45.0242 4548 [ ABA4CF9F856D9A3A25F4DDD7690A6E9D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 15:37:45.0304 4548 wmiApSrv - ok 15:37:45.0382 4548 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 15:37:45.0445 4548 WMPNetworkSvc - ok 15:37:45.0507 4548 [ 5D94CD167751294962BA238D82DD1BB8 ] WPCSvc C:\Windows\System32\wpcsvc.dll 15:37:45.0538 4548 WPCSvc - ok 15:37:45.0554 4548 [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 15:37:45.0601 4548 WPDBusEnum - ok 15:37:45.0616 4548 wpddpvvm - ok 15:37:45.0679 4548 [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys 15:37:45.0710 4548 WpdUsb - ok 15:37:45.0803 4548 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 15:37:45.0866 4548 WPFFontCache_v0400 - ok 15:37:45.0866 4548 wpmqlqgd - ok 15:37:45.0897 4548 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 15:37:45.0928 4548 ws2ifsl - ok 15:37:45.0959 4548 [ 683DD16B590372F2C9661D277F35E49C ] wscsvc C:\Windows\System32\wscsvc.dll 15:37:45.0991 4548 wscsvc - ok 15:37:45.0991 4548 WSearch - ok 15:37:46.0084 4548 [ 6298277B73C77FA99106B271A7525163 ] wuauserv C:\Windows\system32\wuaueng.dll 15:37:46.0225 4548 wuauserv - ok 15:37:46.0318 4548 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 15:37:46.0365 4548 WUDFRd - ok 15:37:46.0396 4548 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll 15:37:46.0443 4548 wudfsvc - ok 15:37:46.0459 4548 xvysrriv - ok 15:37:46.0474 4548 ycqhnloq - ok 15:37:46.0474 4548 zhhohjdn - ok 15:37:46.0505 4548 zpnnlqgu - ok 15:37:46.0505 4548 ================ Scan global =============================== 15:37:46.0537 4548 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll 15:37:46.0583 4548 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll 15:37:46.0615 4548 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll 15:37:46.0661 4548 [ 2B336AB6286D6C81FA02CBAB914E3C6C ] C:\Windows\system32\services.exe 15:37:46.0677 4548 [Global] - ok 15:37:46.0677 4548 ================ Scan MBR ================================== 15:37:46.0693 4548 [ EF9CDC51B437D322D54016B68F003416 ] \Device\Harddisk0\DR0 15:37:51.0170 4548 \Device\Harddisk0\DR0 - ok 15:37:51.0310 4548 ================ Scan VBR ================================== 15:37:51.0310 4548 [ 2BA19E89FC27223F78C3776947104B88 ] \Device\Harddisk0\DR0\Partition1 15:37:51.0310 4548 \Device\Harddisk0\DR0\Partition1 - ok 15:37:51.0341 4548 ============================================================ 15:37:51.0341 4548 Scan finished 15:37:51.0341 4548 ============================================================ 15:37:51.0373 5388 Detected object count: 6 15:37:51.0373 5388 Actual detected object count: 6 15:38:20.0358 5388 BUNAgentSvc ( UnsignedFile.Multi.Generic ) - skipped by user 15:38:20.0358 5388 BUNAgentSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:38:20.0374 5388 ETService ( UnsignedFile.Multi.Generic ) - skipped by user 15:38:20.0374 5388 ETService ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:38:20.0374 5388 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user 15:38:20.0374 5388 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:38:20.0374 5388 Netzmanager Service ( UnsignedFile.Multi.Generic ) - skipped by user 15:38:20.0374 5388 Netzmanager Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:38:20.0374 5388 NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - skipped by user 15:38:20.0374 5388 NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:38:20.0390 5388 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user 15:38:20.0390 5388 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip |
|
04.07.2013, 15:08
| #14 |
| /// Malware-holic | Trojanisches Pferd "zeus2" auf meinem Computer Hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.07.2013, 15:34
| #15 |
| | Trojanisches Pferd "zeus2" auf meinem Computer Combofix Logfile: Code:
ATTFilter ComboFix 13-07-04.01 - Hanna 04.07.2013 16:19:01.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3001.1241 [GMT 2:00]
ausgeführt von:: c:\users\Hanna\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\0tbpw.pad
c:\users\Hanna\AppData\Roaming\14001.004
c:\users\Hanna\AppData\Roaming\14001.004\chrome.manifest
c:\users\Hanna\AppData\Roaming\14001.004\components\AcroFF.txt
c:\users\Hanna\AppData\Roaming\14001.004\install.rdf
c:\users\Hanna\AppData\Roaming\14001.005
c:\users\Hanna\AppData\Roaming\14001.005\chrome.manifest
c:\users\Hanna\AppData\Roaming\14001.005\components\AcroFF.txt
c:\users\Hanna\AppData\Roaming\14001.005\install.rdf
c:\users\Hanna\AppData\Roaming\14001.006
c:\users\Hanna\AppData\Roaming\14001.006\chrome.manifest
c:\users\Hanna\AppData\Roaming\14001.006\components\AcroFF.txt
c:\users\Hanna\AppData\Roaming\14001.006\install.rdf
c:\users\Hanna\AppData\Roaming\14001.008
c:\users\Hanna\AppData\Roaming\14001.008\chrome.manifest
c:\users\Hanna\AppData\Roaming\14001.008\components\AcroFF.txt
c:\users\Hanna\AppData\Roaming\14001.008\install.rdf
c:\users\Hanna\AppData\Roaming\14001.009
c:\users\Hanna\AppData\Roaming\14001.009\chrome.manifest
c:\users\Hanna\AppData\Roaming\14001.009\components\AcroFF.txt
c:\users\Hanna\AppData\Roaming\14001.009\install.rdf
c:\users\Hanna\AppData\Roaming\14001.010
c:\users\Hanna\AppData\Roaming\14001.010\chrome.manifest
c:\users\Hanna\AppData\Roaming\14001.010\components\AcroFF.txt
c:\users\Hanna\AppData\Roaming\14001.010\install.rdf
c:\users\Hanna\AppData\Roaming\14001.011
c:\users\Hanna\AppData\Roaming\14001.011\chrome.manifest
c:\users\Hanna\AppData\Roaming\14001.011\components\AcroFF.txt
c:\users\Hanna\AppData\Roaming\14001.011\install.rdf
c:\users\Hanna\AppData\Roaming\14001.012
c:\users\Hanna\AppData\Roaming\14001.012\chrome.manifest
c:\users\Hanna\AppData\Roaming\14001.012\components\AcroFF.txt
c:\users\Hanna\AppData\Roaming\14001.012\install.rdf
c:\users\Hanna\AppData\Roaming\14001.016
c:\users\Hanna\AppData\Roaming\14001.016\chrome.manifest
c:\users\Hanna\AppData\Roaming\14001.016\components\AcroFF.txt
c:\users\Hanna\AppData\Roaming\14001.016\install.rdf
c:\users\Hanna\AppData\Roaming\14001.017
c:\users\Hanna\AppData\Roaming\14001.017\chrome.manifest
c:\users\Hanna\AppData\Roaming\14001.017\components\AcroFF.txt
c:\users\Hanna\AppData\Roaming\14001.017\install.rdf
c:\users\Hanna\AppData\Roaming\14001.018
c:\users\Hanna\AppData\Roaming\14001.018\chrome.manifest
c:\users\Hanna\AppData\Roaming\14001.018\components\AcroFF.txt
c:\users\Hanna\AppData\Roaming\14001.018\install.rdf
c:\users\Hanna\AppData\Roaming\14001.019
c:\users\Hanna\AppData\Roaming\14001.019\chrome.manifest
c:\users\Hanna\AppData\Roaming\14001.019\components\AcroFF.txt
c:\users\Hanna\AppData\Roaming\14001.019\components\AcroFF019.dll
c:\users\Hanna\AppData\Roaming\14001.019\install.rdf
c:\users\Hanna\AppData\Roaming\AcroIEHelpe.txt
c:\users\Hanna\AppData\Roaming\i9p06hy1.default.tmp
c:\users\Hanna\AppData\Roaming\Qaifu\soidl.exe
c:\users\Hanna\AppData\Roaming\srvblck5.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-06-04 bis 2013-07-04 ))))))))))))))))))))))))))))))
.
.
2013-07-04 14:28 . 2013-07-04 14:28 -------- d-----w- c:\users\Gast\AppData\Local\temp
2013-07-04 14:28 . 2013-07-04 14:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-04 12:58 . 2013-07-04 12:58 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9DD092A5-6812-4506-9248-127974941C9B}\MpKsl923e2562.sys
2013-07-04 12:47 . 2013-07-04 12:54 -------- dc----w- C:\_OTL
2013-07-04 11:04 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9DD092A5-6812-4506-9248-127974941C9B}\mpengine.dll
2013-07-02 21:51 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-27 07:56 . 2013-07-01 18:57 -------- d-----w- c:\program files\Mozilla Thunderbird
2013-06-21 08:50 . 2013-06-21 08:46 724464 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{94E0AFD7-D92C-462B-8B3A-748C25C1395D}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 11:25 . 2013-04-14 14:13 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-12 11:25 . 2011-08-18 18:00 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-26 10:30 . 2011-04-01 14:18 724464 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-02 15:28 . 2009-10-11 18:23 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-02-16 00:34 . 2012-02-11 08:48 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-11-09 2331672]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
2009-11-09 17:38 2331672 -c--a-w- c:\program files\DVDVideoSoft\tbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-11-09 2331672]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-11-09 2331672]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Hanna\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Hanna\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Hanna\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-18 68856]
"FilterHost"="c:\users\Hanna\AppData\Roaming\mmserver\FilterHost.exe" [2010-01-18 827392]
"SearchEngineProtection"="c:\program files\Gamesbar\SearchEngineProtection.exe" [2010-07-05 544768]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18642024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-27 6244896]
"WarReg_PopUp"="c:\program files\eMachines\WR_PopUp\WarReg_PopUp.exe" [2008-05-09 49152]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-25 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-06 1848648]
"AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2009-11-11 771360]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2012-12-12 163000]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
c:\users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\users\Hanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Hanna\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
Netzmanager.lnk - c:\program files\Netzmanager\netzmanager.exe /Autostart [2010-3-22 1540096]
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 67016256
*NewlyCreated* - MPKSL923E2562
*Deregistered* - 67016256
*Deregistered* - ugloipog
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-14 11:25]
.
2013-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-21 21:49]
.
2013-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-21 21:49]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0209&m=e720
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Hanna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Hanna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C5DE2AF7-7FDA-4FA8-87BF-290CD98962D2}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Hanna\AppData\Roaming\Mozilla\Firefox\Profiles\i9p06hy1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2866295&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/webhp?rls=ig
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
HKCU-Run-NvCplDaemonTool - c:\users\Hanna\floadu1C.dll
HKCU-Run-{0C6A3A70-0304-0E2A-A1CE-9AA25A0A27EE} - c:\users\Hanna\AppData\Roaming\Qaifu\soidl.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-07-04 16:28
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
c:\users\Hanna\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-07-04 16:31:12
ComboFix-quarantined-files.txt 2013-07-04 14:31
.
Vor Suchlauf: 11 Verzeichnis(se), 211.392.888.832 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 211.360.600.064 Bytes frei
.
- - End Of File - - 00CCBA36B1CE9CE7DFE942B7DA9CFB6E
EF9CDC51B437D322D54016B68F003416 |
|
| Themen zu Trojanisches Pferd "zeus2" auf meinem Computer |
| brief, compu, computer, dankbar, gesperrt, gestern, nichts, pferd, troja, trojanische, trojanische pferd, trojanisches, trojanisches pferd, zeus2 |
WARNUNG an die MITLESER: 
Hybrid-Darstellung
