| |
| |||||||
Log-Analyse und Auswertung: security essentials meldet MalewareWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
08.07.2013, 12:08
| #1 | |
 |  security essentials meldet Maleware Hallo Forumuser, Ich hatte heut vom security essentials vermutlich nur eine Fehlmeldung. Möchte dennoch auf Nummer Sicher gehen und euch um Hilfe bitten. Die Fehlermeldung kam aus dem Ordner C:\Program Files (x86)\LyricsWoofer Ich habe keine Ahnung was das für ein Ordner ist und wofür der gut ist. Es könnte sein das dies zum CAD Programm vectorworks gehört bin mir aber nicht sicher. Anbei die geforderten Log fils aus eurem Hilfsthread: Zitat:
Code:
ATTFilter OTL logfile created on: 08.07.2013 12:58:07 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\XXXXXXX\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16618) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,98 Gb Total Physical Memory | 3,41 Gb Available Physical Memory | 57,07% Memory free 11,96 Gb Paging File | 9,29 Gb Available in Paging File | 77,65% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 450,66 Gb Total Space | 337,30 Gb Free Space | 74,85% Space Free | Partition Type: NTFS Computer Name: ANNEGRET-PC | User Name: Annegret | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.08 10:40:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\XXXXXXX\Desktop\OTL.exe PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2010.12.09 07:27:50 | 000,311,376 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2010.10.06 06:08:48 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.10.06 06:08:44 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.04.27 04:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010.01.29 02:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2010.10.28 04:38:16 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2013.06.11 21:08:16 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.01.27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2013.01.27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.03.26 20:20:56 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.12.09 07:27:50 | 000,311,376 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2010.10.29 20:22:12 | 000,868,224 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2010.10.22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Disabled | Stopped] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2010.10.08 03:24:16 | 000,150,016 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV - [2010.10.06 06:08:48 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.10.06 06:08:44 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.29 02:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.01.20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.12 16:53:47 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2012.02.12 16:53:47 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.10.28 05:11:46 | 007,877,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.10.28 04:03:40 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.10.08 03:23:38 | 000,019,192 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2010.09.30 07:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.09.30 07:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.09.27 09:24:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2010.09.14 04:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.07.20 11:43:22 | 000,247,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010.05.11 12:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010.05.05 23:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3209409606-3173325914-3703126598-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKU\S-1-5-21-3209409606-3173325914-3703126598-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKU\S-1-5-21-3209409606-3173325914-3703126598-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3209409606-3173325914-3703126598-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: langpack-de%40firefox.mozilla.org:18.0.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.06.11 16:58:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.03.01 07:55:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.07.05 20:47:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.07.08 09:40:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 18.0.1\extensions\\Components: C:\Program Files\\Waterfox\components [2013.07.08 09:53:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 18.0.1\extensions\\Plugins: C:\Program Files\\Waterfox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.06.11 16:58:46 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lwoofer@lyricswoofer.co: C:\Program Files (x86)\LyricsWoofer\116.xpi [2013.07.08 05:41:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXXXXX\AppData\Roaming\mozilla\Extensions [2013.07.08 09:59:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXXXXX\AppData\Roaming\mozilla\Firefox\Profiles\02u9231j.default\extensions [2013.07.08 06:22:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXXXXX\AppData\Roaming\mozilla\Firefox\Profiles\s18df7te.default\extensions [2013.07.08 09:56:23 | 000,300,446 | ---- | M] () (No name found) -- C:\Users\XXXXXXX\AppData\Roaming\mozilla\firefox\profiles\02u9231j.default\extensions\langpack-de@firefox.mozilla.org.xpi [2013.07.08 09:59:46 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\XXXXXXX\AppData\Roaming\mozilla\firefox\profiles\02u9231j.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.07.08 06:17:25 | 000,300,446 | ---- | M] () (No name found) -- C:\Users\XXXXXXX\AppData\Roaming\mozilla\firefox\profiles\s18df7te.default\extensions\langpack-de@firefox.mozilla.org.xpi [2013.07.08 06:22:06 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\XXXXXXX\AppData\Roaming\mozilla\firefox\profiles\s18df7te.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.07.05 20:47:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.07.05 20:47:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.03.17 21:57:30 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (LyricsWoofer) - {73F8F433-14C8-48AA-8412-54BC6F8D3FA3} - C:\Program Files (x86)\LyricsWoofer\116.dll (Lyrics Woofer LTD) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-3209409606-3173325914-3703126598-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\XXXXXXX\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\XXXXXXX\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5B69A84-AB52-4A15-B29E-FDA71F5106C3}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D93B8F14-7F94-442C-B8B0-BC451B2668DA}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{031f7543-1a82-11e2-8241-ec55f98b85f2}\Shell - "" = AutoRun O33 - MountPoints2\{031f7543-1a82-11e2-8241-ec55f98b85f2}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{b866c25d-874a-11e2-b7a8-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{b866c25d-874a-11e2-b7a8-806e6f6e6963}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\index.html O33 - MountPoints2\{f605926b-95be-11e0-aba6-ec55f98b85f2}\Shell - "" = AutoRun O33 - MountPoints2\{f605926b-95be-11e0-aba6-ec55f98b85f2}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.07.08 10:40:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\XXXXXXX\Desktop\OTL.exe [2013.07.08 05:37:09 | 000,000,000 | ---D | C] -- C:\Program Files\Waterfox [2013.07.08 05:37:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waterfox [2013.07.08 05:35:19 | 000,000,000 | ---D | C] -- C:\Users\XXXXXXX\AppData\Roaming\Waterfox Limited [2013.07.08 04:22:14 | 000,000,000 | ---D | C] -- C:\Users\XXXXXXX\AppData\Local\Programs [2013.07.08 03:59:15 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging [2013.07.08 03:54:32 | 000,000,000 | ---D | C] -- C:\Users\XXXXXXX\AppData\Roaming\Bitdefender [2013.07.08 03:52:28 | 000,000,000 | ---D | C] -- C:\Users\XXXXXXX\AppData\Roaming\QuickScan [2013.07.08 03:51:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender [2013.07.08 03:51:00 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender [2013.07.08 03:49:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender [2013.07.08 03:49:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Bitdefender [2013.07.04 20:59:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.07.04 20:58:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.07.04 20:58:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.07.04 20:27:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client [2013.07.04 20:27:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2013.07.04 17:51:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.07.02 16:11:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyricsWoofer ========== Files - Modified Within 30 Days ========== [2013.07.08 12:08:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.07.08 11:29:10 | 000,000,000 | ---- | M] () -- C:\Users\XXXXXXX\defogger_reenable [2013.07.08 11:28:31 | 000,050,477 | ---- | M] () -- C:\Users\XXXXXXX\Desktop\Defogger.exe [2013.07.08 11:19:02 | 000,377,856 | ---- | M] () -- C:\Users\XXXXXXX\Desktop\gmer_2.1.19163.exe [2013.07.08 10:40:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\XXXXXXX\Desktop\OTL.exe [2013.07.08 09:53:47 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\Waterfox.lnk [2013.07.08 09:50:41 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.08 09:50:41 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.08 09:49:54 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.07.08 09:47:48 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.07.08 09:47:48 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.07.08 09:47:48 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.07.08 09:47:48 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.07.08 09:47:48 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.07.08 09:42:36 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\LyricsWoofer Update.job [2013.07.08 09:41:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.08 09:41:19 | 522,604,543 | -HS- | M] () -- C:\hiberfil.sys [2013.07.08 04:09:11 | 000,597,242 | ---- | M] () -- C:\ProgramData\1373248220.bdinstall.bin [2013.07.08 03:59:47 | 000,253,404 | -H-- | M] () -- C:\bdr-ld01 [2013.07.08 03:59:47 | 000,009,216 | -H-- | M] () -- C:\bdr-ld01.mbr [2013.07.08 03:59:47 | 000,000,684 | -H-- | M] () -- C:\bdr-cf01 [2013.07.07 13:21:28 | 000,000,287 | ---- | M] () -- C:\Users\XXXXXXX\AppData\Local\VersionChecker_16.xml [2013.07.04 20:57:13 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2013.06.27 11:42:50 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.06.27 11:42:50 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf ========== Files Created - No Company Name ========== [2013.07.08 11:29:10 | 000,000,000 | ---- | C] () -- C:\Users\XXXXXXX\defogger_reenable [2013.07.08 11:28:30 | 000,050,477 | ---- | C] () -- C:\Users\XXXXXXX\Desktop\Defogger.exe [2013.07.08 11:19:01 | 000,377,856 | ---- | C] () -- C:\Users\XXXXXXX\Desktop\gmer_2.1.19163.exe [2013.07.08 09:53:47 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\Waterfox.lnk [2013.07.08 04:09:11 | 000,597,242 | ---- | C] () -- C:\ProgramData\1373248220.bdinstall.bin [2013.07.08 03:59:47 | 000,000,684 | -H-- | C] () -- C:\bdr-cf01 [2013.07.08 03:54:29 | 002,510,608 | -H-- | C] () -- C:\bdr-bz01 [2013.07.08 03:54:29 | 000,009,216 | -H-- | C] () -- C:\bdr-ld01.mbr [2013.07.08 03:54:28 | 037,133,532 | -H-- | C] () -- C:\bdr-im01.gz [2013.07.08 03:54:28 | 000,253,404 | -H-- | C] () -- C:\bdr-ld01 [2013.07.04 20:57:13 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif [2013.07.04 20:27:38 | 000,002,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2013.07.02 16:11:47 | 000,000,410 | ---- | C] () -- C:\Windows\tasks\LyricsWoofer Update.job [2013.06.27 11:42:50 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.06.27 11:42:50 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.03.29 16:57:20 | 000,010,866 | ---- | C] () -- C:\Users\XXXXXXX\muffe.JPG [2012.05.01 21:59:08 | 000,004,608 | ---- | C] () -- C:\Users\XXXXXXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.03.21 16:41:34 | 000,145,836 | ---- | C] () -- C:\Users\XXXXXXX\Niedziela Heidi Bewerbung als kaufmännische Mitarbeiterin.pdf [2012.01.07 14:01:15 | 000,000,126 | ---- | C] () -- C:\Windows\SHISETUP.SYS [2011.12.14 13:16:08 | 000,182,912 | ---- | C] () -- C:\Windows\hpoins38.dat [2011.12.14 13:16:08 | 000,000,548 | ---- | C] () -- C:\Windows\hpomdl38.dat [2011.09.11 14:24:23 | 000,000,287 | ---- | C] () -- C:\Users\XXXXXXX\AppData\Local\VersionChecker_16.xml [2011.09.07 02:52:31 | 000,000,701 | ---- | C] () -- C:\Users\XXXXXXX\XXXXXXX - Verknüpfung.lnk [2011.08.23 19:59:19 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2011.08.06 17:12:35 | 000,000,359 | ---- | C] () -- C:\Users\XXXXXXX\AppData\Roaming\Gangsters2Setup.lnk [2011.06.18 22:47:31 | 000,015,389 | ---- | C] () -- C:\Users\XXXXXXX\Ummeldung in die Ambulante Pflege.odt [2011.06.18 20:44:31 | 000,014,109 | ---- | C] () -- C:\Users\XXXXXXX\Freistellung nach PflegeZG.odt [2011.06.11 16:49:09 | 000,002,586 | ---- | C] () -- C:\Users\XXXXXXX\animierte-auto-bilder-110.gif [2010.12.10 21:09:56 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.07.08 03:54:32 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXX\AppData\Roaming\Bitdefender [2012.04.16 14:13:38 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXX\AppData\Roaming\Canneverbe Limited [2013.03.07 13:43:35 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXX\AppData\Roaming\DesktopIconForAmazon [2011.11.06 19:54:11 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXX\AppData\Roaming\DVDVideoSoft [2011.08.05 17:07:37 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXX\AppData\Roaming\DVDVideoSoftIEHelpers [2012.02.04 10:28:39 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXX\AppData\Roaming\eu.computerworks.vectorworks.2011.help.deu.07222458214E034A0B494E83FAD6744C17D2B914.1 [2013.04.29 22:18:07 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXX\AppData\Roaming\ICQ [2013.07.08 09:40:13 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXX\AppData\Roaming\IrfanView [2013.05.28 14:26:53 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXX\AppData\Roaming\Kalypso Media [2012.09.08 18:28:35 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXX\AppData\Roaming\Lexware [2012.02.04 10:33:36 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXX\AppData\Roaming\MAXON [2011.09.11 14:23:20 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXX\AppData\Roaming\Nemetschek [2011.09.27 20:31:58 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXX\AppData\Roaming\OCS [2011.06.11 17:03:11 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXX\AppData\Roaming\OpenOffice.org [2011.09.27 20:32:01 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXX\AppData\Roaming\Opera [2013.07.08 03:52:28 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXX\AppData\Roaming\QuickScan [2012.05.17 20:29:46 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXX\AppData\Roaming\runic games [2013.03.22 18:27:04 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXX\AppData\Roaming\SQL Anywhere 12 [2013.07.08 05:35:19 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXX\AppData\Roaming\Waterfox Limited ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:CDFF58FE @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685 @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E36F5B57 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E1F04E8D @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:4D066AD2 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:798A3728 < End of report > [/color] ========== Alternate Data Streams ========== @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:CDFF58FE @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685 @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E36F5B57 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E1F04E8D @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:4D066AD2 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:798A3728 < End of report > |
|
08.07.2013, 12:10
| #2 |
| /// Malware-holic   | security essentials meldet Maleware Hi, und die Meldung sollen wir erraen? poste sie bitte mal
__________________
__________________ |
|
08.07.2013, 12:12
| #3 |
| | security essentials meldet Maleware OLE Extras Log:
__________________Code:
ATTFilter OTL Extras logfile created on: 08.07.2013 12:24:10 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Annegret\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16618)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5,98 Gb Total Physical Memory | 3,89 Gb Available Physical Memory | 65,11% Memory free
11,96 Gb Paging File | 9,81 Gb Available in Paging File | 82,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,66 Gb Total Space | 337,31 Gb Free Space | 74,85% Space Free | Partition Type: NTFS
Computer Name: XXXXXX-PC | User Name: XYXXXXXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (All) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3209409606-3173325914-3703126598-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Waterfox\waterfox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L"
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L"
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E1B62F-3547-4CAC-8E31-D5BC962EB129}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{211D8C8D-51D0-488B-BEFB-04EDD2C63912}" = rport=10243 | protocol=6 | dir=out | app=system |
"{278F7C03-D7B3-465A-92F7-F6CA6AEE8499}" = lport=139 | protocol=6 | dir=in | app=system |
"{2CF7BF09-6126-4345-8D1B-E1AA55A8F0A1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3E51154C-5B08-48E5-AD8C-6C857562F42B}" = rport=138 | protocol=17 | dir=out | app=system |
"{51FC27D0-AFDB-471B-9AD6-CB1CF2F2641C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{54A0DFF3-1E2E-460A-AD6A-E355FBD181CB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{76C2CD65-FE58-4ECF-845B-41C3843D675E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7DCAC1AE-502C-40FF-BCD3-5608DA47D87E}" = rport=139 | protocol=6 | dir=out | app=system |
"{88307942-38FE-4C1B-8E4B-96F90C825313}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{920D45B3-CC1C-4DD8-8252-B338C2C10F93}" = rport=137 | protocol=17 | dir=out | app=system |
"{93C46A24-0C9A-49FC-AB39-C0D658E53A90}" = lport=445 | protocol=6 | dir=in | app=system |
"{95FA6394-212C-42EE-886E-568A48BF9559}" = lport=2869 | protocol=6 | dir=in | app=system |
"{965407A4-6A81-40BF-9569-A494D571804E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AC4C0A45-A5C5-42FE-BF8D-97F34547678A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B9F7DB60-1B97-4BFB-996E-CD592E587A0D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CBB62D23-3F45-4029-9C05-4DD766602CFF}" = rport=445 | protocol=6 | dir=out | app=system |
"{DA81A951-06B1-45EB-B8C6-431271446B16}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=datei- und druckerfreigabe (spoolerdienst - rpc-epmap) |
"{DB4ABC81-3B1D-4C96-B483-5CB2879DF764}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F55759A3-FAF2-4692-829F-3888FCA4A819}" = lport=138 | protocol=17 | dir=in | app=system |
"{F60CB3A5-D867-446B-9C0A-F56C34ED79F2}" = lport=137 | protocol=17 | dir=in | app=system |
"{FAF8AFB9-8210-4F51-9719-040298BA60E5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FFE08880-DD1E-40E5-814E-FBBB61CBE705}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06D7B287-5206-4FB2-909E-E2294CE859CB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{0901176F-D3C1-4A8D-AA13-9821FF2FE3B0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0955647F-6B8C-493B-B3A5-2CF4D1D88758}" = protocol=58 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv6 ausgehend) |
"{12F25059-88A3-47EC-A273-C3B0C7CC005B}" = protocol=58 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv6 eingehend) |
"{1C091253-00ED-492D-BD8B-83A4D2EE7D9C}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{242E816C-036A-4CAA-93F9-5313D42073AD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{2830CED2-C9BB-44BA-A014-F8177D3A3DBD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{2AFD6FA3-2EA5-4EC8-A280-834988CEF58D}" = protocol=1 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv4 eingehend) |
"{2C0A0D96-469A-4986-8E3A-55B995F14973}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{2CE024C8-CE76-46D9-8812-5A2EFD232DFB}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{31CCF07E-2980-46EA-9F45-A02A68E8859E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{32BC5262-091D-41BA-853C-01A3B5C06426}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{37FB15B6-BB5F-4D4C-A329-7E4137FE328B}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{3C19E63B-000C-4813-AE07-57FB0CD2F6FE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3D19EB1A-F7FC-4B28-B143-7AC0FCC4AF8D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3DA67057-9238-49AC-8FBE-3D9E31C7C18F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{42709CA2-5C3D-4183-8C97-32B7F71F242E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{46574079-EC29-4105-8D3B-C0BB08B7C773}" = protocol=1 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv4 ausgehend) |
"{486FE960-C042-4F12-A749-D50BB8B7E19C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4FE07026-8D6E-46A0-B8D3-2F321CFB96A9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{548DE6E6-9EF6-478A-B483-9A9E4E0BBBA7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5743479C-F211-42F5-9181-56EAFBAB5DB9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{5E04B880-4AFB-4A38-A98D-1ED1F0A3CD4B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{6DEA88ED-FBA9-48A9-BB61-F80E07623286}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{854A7D04-309C-477A-ACA2-1DA6E4E8486D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9AAADF0F-490A-4142-B3B5-4D6B259757C2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{9ACE2827-B720-40CF-A56D-97D9A11F3AC1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9B7BAA31-40FE-4F10-9FED-6407F6C08DB3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9C5C13E5-57DD-4018-A3E6-CEB8A69500BD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A6131306-8AED-499D-BFF4-A3A6CC58AA93}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{A9E18337-153C-4531-A4F9-0983E9695B32}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{B48F1255-4FF7-46C7-8CF6-362AD2A3297C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{BA932289-9B36-4ED9-BD1C-3BE852A64C16}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{BE2CCB76-6649-41F0-AA47-60362AD1DC8A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D19A3FDF-D874-4EE2-83B1-21FB7D78F327}" = protocol=6 | dir=out | app=system |
"{D91AC262-C5EB-47E4-BC05-AE6C048AB027}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D92AD730-1622-472D-A03B-5AAD40A5A9B0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DE9417B7-9704-45CD-9311-E8FAED57FA4F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{E438A561-4169-4511-AED7-AEB9C99F053C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"TCP Query User{1D3799D4-B338-4CB2-B9C5-D16B4C9D71A9}C:\program files (x86)\vectorworks2011\vectorworks2011e.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vectorworks2011\vectorworks2011e.exe |
"TCP Query User{5602EAC6-2520-4C49-B064-6DCC28C25146}C:\program files (x86)\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=c:\program files (x86)\anno 1701\anno1701.exe |
"TCP Query User{5A758742-7DEB-4DB3-B80B-8727E50AAC06}C:\corpora\s7\dbeng7.exe" = protocol=6 | dir=in | app=c:\corpora\s7\dbeng7.exe |
"TCP Query User{6BBB884C-B8F9-40ED-A9FF-5496CDD2B11E}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{86837351-8F88-4B50-AD39-6C929BFD6A36}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{E67809DD-B12E-40A6-BC08-06B12B73C856}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{EA55D4B6-0DD0-4C06-945A-7A4A3FBABDD1}C:\program files (x86)\vectorworks2011\vectorworks2011e.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vectorworks2011\vectorworks2011e.exe |
"TCP Query User{F6443466-89DB-46C2-B870-5858557B68DA}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{11520128-A1F5-43B8-A2AB-BA65C92A93E5}C:\program files (x86)\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=c:\program files (x86)\anno 1701\anno1701.exe |
"UDP Query User{1C651B5C-A83B-4F90-8C05-2B6340984B5F}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{50A124F6-622B-4E01-BF1F-1FFCE050C9C9}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{54CB1E9E-2FDF-496D-8ED9-CB110834798E}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{71BDFA21-F1DE-4D5C-B343-723324BF16A5}C:\corpora\s7\dbeng7.exe" = protocol=17 | dir=in | app=c:\corpora\s7\dbeng7.exe |
"UDP Query User{79FAF7E1-9DAA-4D82-93A4-58BF04F7DAF6}C:\program files (x86)\vectorworks2011\vectorworks2011e.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vectorworks2011\vectorworks2011e.exe |
"UDP Query User{F19019BB-DF7E-4865-9B59-4FB5B94B5CBD}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{F537BF14-9753-4AD7-A859-E9436EE47A4C}C:\program files (x86)\vectorworks2011\vectorworks2011e.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vectorworks2011\vectorworks2011e.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{59C83C08-63F4-4AEC-81D6-392C5E23B843}" = HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{982C480E-5BE0-2714-E584-83E88F8A31C3}" = ccc-utility64
"{A253A57F-4319-49B5-B405-64587FFBCFE2}" = HP Photosmart B109a-m All-in-One Driver Software 14.0 Rel. 6
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
"{C788B026-20BD-4E96-B698-533F1D6C5013}" = 64 Bit HP CIO Components Installer
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{E69F8CE0-7EA0-63A9-5A5B-D8FD9BDCC219}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FD7DEB7B-8CEA-44E5-AB2D-7C66786C0563}" = Waterfox
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"{05BA6FCD-1701-4AB9-8A1B-59008261695E}" = PS_AIO_06_B109a-m_SW_Min
"{063541C9-B4CA-CD49-080C-AEDE45067CEB}" = CCC Help Portuguese
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07580AC7-1B74-92E7-F405-9AD4019CA577}" = CCC Help Thai
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.6 Build #5618 Banner Remover 1.0
"{0F63FE0E-3279-7399-CAAB-E9B19A570F40}" = Vectorworks 2011 Hilfe
"{10AD2C1F-9825-F220-7870-CD7B946D367E}" = CCC Help Spanish
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{1B192700-C368-49C1-BF81-D2F9BA065534}" = Catalyst Control Center - Branding
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23E26695-3815-012F-1CAF-C6C3564DBCBF}" = ccc-core-static
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{29A4502B-1FA5-72E0-92F1-AC8F2EF16D51}" = CCC Help Danish
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{320795BA-446B-C1F7-9560-CC171192DC21}" = CCC Help Turkish
"{334BEF1F-EE5B-295F-BED0-728F7F45328B}" = CCC Help Polish
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{47772E7F-6942-B7A3-1B31-74D30343064B}" = CCC Help Norwegian
"{485E3D4A-35FB-CED2-3CF5-FAD4CCFE46BD}" = CCC Help Hungarian
"{4A6D25EA-5390-CEE6-305E-F28B192C806C}" = CCC Help Finnish
"{4F64A46D-67F7-4497-AEA2-313D4305A5F6}" = Torchlight
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{557018DC-309C-5BCC-0587-B2D86BA20613}" = CCC Help Greek
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{60101C13-2C13-48FB-855D-33D9F3013133}" = B109a-m
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{704ED517-BB7F-7654-2185-627ACCB20179}" = Catalyst Control Center Localization All
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B284AC2-4756-6779-9274-FE20EE9216B7}" = Catalyst Control Center InstallProxy
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{800BE8AA-C912-E42D-E97F-BA533A2C851F}" = CCC Help Korean
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.7.0
"{83429F57-1A80-EB5B-8E60-C215D025A18B}" = CCC Help Italian
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F9A2D22-7E30-4546-B817-10644FFB9935}" = B110
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B3119BF5-2502-B6A6-45AA-A1FE5D82FFD7}" = CCC Help Russian
"{B343B0E3-212A-40B9-8207-1BD299228F5D}" = Fallout 3 - The Garden of Eden Creation Kit
"{B4C7BC58-3914-9EF9-E2B9-52216DFE899D}" = Catalyst Control Center Graphics Previews Vista
"{B722FA60-A6EF-A3F5-DD4B-C826CDA16114}" = CCC Help Japanese
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CC7BBA77-7C6F-115C-4B47-0E3EE2610C13}" = CCC Help German
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{DBCCC93B-F646-EB40-4AB1-55D4BE0E5D30}" = CCC Help Dutch
"{DBD55196-4BE4-CAAC-1447-4AF6657EEAD6}" = CCC Help Czech
"{E1161FE3-E090-512B-BE20-AA276C2766CA}" = CCC Help Swedish
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E5B8B8A6-BBD9-0B5F-1AA1-A95161C16247}" = CCC Help Chinese Traditional
"{E5F1F9B2-90C3-83E2-888F-2725AACA93BD}" = CCC Help French
"{E87C0C8B-82D6-7C51-B1A3-01EAF3314F7F}" = CCC Help English
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2E90747-42A1-E42F-C104-48239458946A}" = CCC Help Chinese Standard
"{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FA3FDB06-3368-4579-B2F2-5AE8AD6E7871}" = TAXMAN 2012
"{FCDDB05A-1B35-453B-47B5-AD75809BBBF9}" = PX Profile Update
"{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"5513-1208-7298-9440" = JDownloader 0.9
"Acer Registration" = Acer Registration
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Airline Tycoon - Deluxe" = Airline Tycoon - Deluxe
"AirlineTycoon2_is1" = Airline Tycoon 2 v1.01
"DivX Setup" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"eu.computerworks.vectorworks.2011.help.deu.07222458214E034A0B494E83FAD6744C17D2B914.1" = Vectorworks 2011 Hilfe
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"IrfanView" = IrfanView (remove only)
"LManager" = Launch Manager
"lwoofer@lyricswoofer.co" = LyricsWoofer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Mozilla Firefox 23.0 (x86 de)" = Mozilla Firefox 23.0 (x86 de)
"WEKA VOB_MUSTERBRIEFE UND _FORMULARE STAND 10_10" = WEKA VOB-Musterbriefe und -Formulare Stand 10.10
"Winamp" = Winamp
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3209409606-3173325914-3703126598-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.04.2013 11:24:40 | Computer Name = XXXXXX-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 25.04.2013 13:20:07 | Computer Name = XXXXXX-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 25.04.2013 14:06:11 | Computer Name = XXXXXX-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 28.04.2013 14:42:22 | Computer Name = XXXXXX-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 28.04.2013 17:20:44 | Computer Name = XXXXXX-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 02.05.2013 04:43:46 | Computer Name = XXXXXX-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 06.05.2013 09:37:05 | Computer Name = XXXXXX-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 07.05.2013 13:22:13 | Computer Name = XXXXXX-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 11.05.2013 14:09:25 | Computer Name = XXXXXX-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 13.05.2013 06:31:01 | Computer Name = XXXXXX-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
[ System Events ]
Error - 08.07.2013 03:18:35 | Computer Name = XXXXXX-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 08.07.2013 03:18:35 | Computer Name = XXXXXX-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 08.07.2013 03:18:35 | Computer Name = XXXXXX-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 08.07.2013 03:18:35 | Computer Name = XXXXXX-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 08.07.2013 03:18:35 | Computer Name = XXXXXX-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 08.07.2013 03:33:01 | Computer Name = XXXXXX-PC | Source = DCOM | ID = 10005
Description =
Error - 08.07.2013 03:41:42 | Computer Name = XXXXXX-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ccdglsvc" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 08.07.2013 03:41:53 | Computer Name = XXXXXX-PC | Source = Microsoft Antimalware | ID = 2004
Description = Beim Laden der Signaturen wurde von %%860 ein Fehler festgestellt.
Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen. Versuchte
Signaturen: %%824 Fehlercode: 0x80070002 Fehlerbeschreibung: Das System kann die
angegebene Datei nicht finden. Signaturversion: 0.0.0.0;0.0.0.0 Modulversion: 0.0.0.0
Error - 08.07.2013 03:42:20 | Computer Name = XXXXXX-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473535.
Error - 08.07.2013 03:42:20 | Computer Name = XXXXXX-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
< End of report >
Geändert von King pin (08.07.2013 um 12:28 Uhr) |
|
08.07.2013, 12:13
| #4 |
| /// Malware-holic | security essentials meldet Maleware ok, noch meine Frage beantworten bitte.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.07.2013, 12:20
| #5 |
| | security essentials meldet Maleware Moment hab das Log File noch gefunden Der erkannte schädling heist: Adware: Win32/AddLyrics Und befindet sich in C:\Program Files (x86)\LyricsWoofer\116.dll Hier noch das im Hilfsthread geforderte GMER Log: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-08 12:14:25
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000BPVT-22HXZT1 rev.01.01A01 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Annegret\AppData\Local\Temp\kxdoqkow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000762d1465 2 bytes [2D, 76]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762d14bb 2 bytes [2D, 76]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [404:1828] 000007fef97544e0
Thread C:\Windows\System32\svchost.exe [404:3388] 000007fefa4f88f8
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [952:2932] 000007fefc002a7c
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [952:2816] 000007fef349d618
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [952:2428] 000007fef349d618
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [952:2440] 000007fef9995124
---- EOF - GMER 2.1 ----
leider kann ich den PC nicht Formatieren da hier zu viele wichtige Datein drauf sind(Meisterprüfungsunterlagen, CAD Datein und ein CAD Programm (Vektorworks) welches sich nur 1 mal registriern lässt(Schülerversion) da ich bis heut Abend leider bei einem Geschäftstermin bin. Bitte nicht wundern wenn ich nicht gleich antworten kann. Ich hoffe aber die daten helfen euch weiter mir zu helfen.  Geändert von King pin (08.07.2013 um 12:25 Uhr) |
|
08.07.2013, 13:18
| #6 |
| /// Malware-holic | security essentials meldet Maleware Hi, eine solche aussage: "ich kann nicht formatieren, wegen wichtige Daten" lässt mich immer aufhorchen. 1. gibt es keine Backups, wenn nich frage ich mich immer, ob die Daten tatsächlich so wichtig sind, denn von wichtigen Dingen hat man doch kopieen! 2. poste mal bitte alle Malwarebytes Logs mit funden. http://www.trojaner-board.de/125889-...en-posten.html 3. da du sagst Geschäftstermin, ist das ein firmen PC, wenn ja, habt ihr ne IT Abteilung?
__________________ --> security essentials meldet Maleware |
|
08.07.2013, 19:13
| #7 |
| | security essentials meldet Maleware Nein ist kein IT- PC, es handelte sich um ein Termin mit einem Lieferranten für Furnierhölzer. Ich mache grad meinen tischlermeister. Und! Nartürlich gibt es Backups aber dieses LyricsWoofer ist da auch schon drauf ca 1 viertel jahr zurück... ich hab jetzt alle wichtigen CAD datein und die ganzen Kalkulationen des Stückes auf nem USB gespeichert. frage mich aber ob es Sinn macht mein laufendes System zu formatieren. Bin eigentlich ziehmlich vorsichtig mit installieren von irgendwelchen programmen darum frag ich ob das überhaupt eine Schadsoftware ist. MBan reagiert seit heute nicht mehr(Seit dem Fund) versuch es grad gewaltsam vom system zu löschen und neu zu installieren. Kann ein fehler von Mban sein da ich es lang nicht benutzt habe (Aktualisierungsfehler) oder eben wegen dem Fund sein.... Ich melde mich sobald ich den Log habe vom Scan |
|
08.07.2013, 19:17
| #8 |
| /// Malware-holic | security essentials meldet Maleware ok lass das mit der Deinstalation erst mal. es wird bittte nich selbst irgendwas gelöscht. zumindest nicht während der Reinigung, über Probleme kannst du natürlich gern berichten. Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.07.2013, 19:28
| #9 |
| | security essentials meldet Maleware hab nix gelöscht, kann nur mBan nicht ausführen. hier das Log: Code:
ATTFilter 20:22:06.0965 4032 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:22:07.0293 4032 ============================================================
20:22:07.0293 4032 Current date / time: 2013/07/08 20:22:07.0293
20:22:07.0293 4032 SystemInfo:
20:22:07.0293 4032
20:22:07.0293 4032 OS Version: 6.1.7601 ServicePack: 1.0
20:22:07.0293 4032 Product type: Workstation
20:22:07.0293 4032 ComputerName: ANNEGRET-PC
20:22:07.0293 4032 UserName: Annegret
20:22:07.0293 4032 Windows directory: C:\Windows
20:22:07.0293 4032 System windows directory: C:\Windows
20:22:07.0293 4032 Running under WOW64
20:22:07.0293 4032 Processor architecture: Intel x64
20:22:07.0293 4032 Number of processors: 4
20:22:07.0293 4032 Page size: 0x1000
20:22:07.0293 4032 Boot type: Normal boot
20:22:07.0293 4032 ============================================================
20:22:09.0180 4032 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:22:09.0180 4032 ============================================================
20:22:09.0180 4032 \Device\Harddisk0\DR0:
20:22:09.0180 4032 MBR partitions:
20:22:09.0180 4032 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
20:22:09.0180 4032 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x38553000
20:22:09.0180 4032 ============================================================
20:22:09.0212 4032 C: <-> \Device\Harddisk0\DR0\Partition2
20:22:09.0212 4032 ============================================================
20:22:09.0212 4032 Initialize success
20:22:09.0212 4032 ============================================================
20:22:38.0711 3332 ============================================================
20:22:38.0711 3332 Scan started
20:22:38.0711 3332 Mode: Manual; SigCheck; TDLFS;
20:22:38.0711 3332 ============================================================
20:22:39.0242 3332 ================ Scan system memory ========================
20:22:39.0242 3332 System memory - ok
20:22:39.0242 3332 ================ Scan services =============================
20:22:39.0632 3332 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:22:40.0131 3332 1394ohci - ok
20:22:40.0225 3332 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:22:40.0225 3332 ACPI - ok
20:22:40.0256 3332 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:22:40.0381 3332 AcpiPmi - ok
20:22:40.0599 3332 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:22:40.0630 3332 AdobeFlashPlayerUpdateSvc - ok
20:22:40.0724 3332 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:22:40.0771 3332 adp94xx - ok
20:22:40.0771 3332 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:22:40.0786 3332 adpahci - ok
20:22:40.0786 3332 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:22:40.0802 3332 adpu320 - ok
20:22:40.0833 3332 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:22:41.0036 3332 AeLookupSvc - ok
20:22:41.0129 3332 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
20:22:41.0192 3332 AFD - ok
20:22:41.0239 3332 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:22:41.0270 3332 agp440 - ok
20:22:41.0301 3332 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
20:22:41.0379 3332 ALG - ok
20:22:41.0395 3332 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
20:22:41.0426 3332 aliide - ok
20:22:41.0535 3332 [ 9CB927E76D3F65A02741A4D9A690178C ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:22:41.0644 3332 AMD External Events Utility - ok
20:22:41.0675 3332 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
20:22:41.0691 3332 amdide - ok
20:22:41.0785 3332 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:22:41.0878 3332 AmdK8 - ok
20:22:43.0516 3332 [ B8660FB5431F136635FB6446AC67FAAE ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:22:43.0657 3332 amdkmdag - ok
20:22:43.0703 3332 [ 5FC9D833F726383D9D60205F5A3CF16B ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
20:22:43.0766 3332 amdkmdap - ok
20:22:43.0797 3332 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:22:43.0844 3332 AmdPPM - ok
20:22:43.0891 3332 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:22:43.0922 3332 amdsata - ok
20:22:43.0969 3332 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:22:44.0000 3332 amdsbs - ok
20:22:44.0015 3332 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:22:44.0031 3332 amdxata - ok
20:22:44.0093 3332 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
20:22:44.0312 3332 AppID - ok
20:22:44.0327 3332 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:22:44.0405 3332 AppIDSvc - ok
20:22:44.0437 3332 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
20:22:44.0515 3332 Appinfo - ok
20:22:44.0530 3332 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
20:22:44.0546 3332 arc - ok
20:22:44.0561 3332 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:22:44.0577 3332 arcsas - ok
20:22:44.0624 3332 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:22:44.0686 3332 AsyncMac - ok
20:22:44.0764 3332 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
20:22:44.0795 3332 atapi - ok
20:22:44.0998 3332 [ E642491F64E58CD5BC8FB8B347DCF65F ] athr C:\Windows\system32\DRIVERS\athrx.sys
20:22:45.0045 3332 athr - ok
20:22:45.0185 3332 [ 2D648572BA9A610952FCAFBA1E119C2D ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
20:22:45.0263 3332 AtiHdmiService - ok
20:22:45.0357 3332 [ FC0E8778C000291CAF60EB88C011E931 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
20:22:45.0388 3332 atksgt - ok
20:22:45.0466 3332 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:22:45.0560 3332 AudioEndpointBuilder - ok
20:22:45.0575 3332 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:22:45.0607 3332 AudioSrv - ok
20:22:45.0700 3332 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:22:45.0841 3332 AxInstSV - ok
20:22:45.0903 3332 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
20:22:45.0997 3332 b06bdrv - ok
20:22:46.0075 3332 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:22:46.0153 3332 b57nd60a - ok
20:22:46.0231 3332 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:22:46.0309 3332 BDESVC - ok
20:22:46.0324 3332 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:22:46.0387 3332 Beep - ok
20:22:46.0465 3332 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
20:22:46.0574 3332 BFE - ok
20:22:46.0745 3332 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
20:22:46.0823 3332 BITS - ok
20:22:46.0839 3332 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:22:46.0855 3332 blbdrive - ok
20:22:46.0917 3332 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:22:46.0979 3332 bowser - ok
20:22:46.0995 3332 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:22:47.0182 3332 BrFiltLo - ok
20:22:47.0198 3332 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:22:47.0260 3332 BrFiltUp - ok
20:22:47.0369 3332 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
20:22:47.0432 3332 Browser - ok
20:22:47.0479 3332 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:22:47.0557 3332 Brserid - ok
20:22:47.0572 3332 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:22:47.0603 3332 BrSerWdm - ok
20:22:47.0619 3332 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:22:47.0666 3332 BrUsbMdm - ok
20:22:47.0666 3332 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:22:47.0681 3332 BrUsbSer - ok
20:22:47.0697 3332 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:22:47.0744 3332 BTHMODEM - ok
20:22:47.0759 3332 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
20:22:47.0837 3332 bthserv - ok
20:22:47.0931 3332 ccdglsvc - ok
20:22:47.0978 3332 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:22:48.0056 3332 cdfs - ok
20:22:48.0118 3332 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:22:48.0181 3332 cdrom - ok
20:22:48.0227 3332 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
20:22:48.0321 3332 CertPropSvc - ok
20:22:48.0368 3332 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:22:48.0399 3332 circlass - ok
20:22:48.0461 3332 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
20:22:48.0477 3332 CLFS - ok
20:22:48.0555 3332 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:22:48.0586 3332 clr_optimization_v2.0.50727_32 - ok
20:22:48.0633 3332 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:22:48.0649 3332 clr_optimization_v2.0.50727_64 - ok
20:22:48.0742 3332 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:22:48.0773 3332 clr_optimization_v4.0.30319_32 - ok
20:22:48.0836 3332 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:22:48.0851 3332 clr_optimization_v4.0.30319_64 - ok
20:22:48.0867 3332 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:22:48.0898 3332 CmBatt - ok
20:22:48.0929 3332 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:22:48.0929 3332 cmdide - ok
20:22:49.0007 3332 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
20:22:49.0070 3332 CNG - ok
20:22:49.0101 3332 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:22:49.0132 3332 Compbatt - ok
20:22:49.0179 3332 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:22:49.0257 3332 CompositeBus - ok
20:22:49.0273 3332 COMSysApp - ok
20:22:49.0288 3332 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:22:49.0304 3332 crcdisk - ok
20:22:49.0397 3332 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:22:49.0429 3332 CryptSvc - ok
20:22:49.0522 3332 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:22:49.0600 3332 DcomLaunch - ok
20:22:49.0663 3332 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
20:22:49.0756 3332 defragsvc - ok
20:22:49.0803 3332 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:22:49.0897 3332 DfsC - ok
20:22:49.0959 3332 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
20:22:50.0053 3332 Dhcp - ok
20:22:50.0068 3332 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
20:22:50.0146 3332 discache - ok
20:22:50.0209 3332 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:22:50.0224 3332 Disk - ok
20:22:50.0271 3332 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:22:50.0333 3332 Dnscache - ok
20:22:50.0411 3332 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:22:50.0489 3332 dot3svc - ok
20:22:50.0583 3332 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
20:22:50.0614 3332 Dot4 - ok
20:22:50.0677 3332 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
20:22:50.0708 3332 Dot4Print - ok
20:22:50.0723 3332 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
20:22:50.0755 3332 dot4usb - ok
20:22:50.0801 3332 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
20:22:50.0879 3332 DPS - ok
20:22:50.0926 3332 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:22:50.0973 3332 drmkaud - ok
20:22:51.0301 3332 [ 470F7F19188AB45463F8B612D6DDE7C8 ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
20:22:51.0332 3332 DsiWMIService - ok
20:22:51.0410 3332 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:22:51.0457 3332 DXGKrnl - ok
20:22:51.0488 3332 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:22:51.0566 3332 EapHost - ok
20:22:52.0049 3332 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
20:22:52.0221 3332 ebdrv - ok
20:22:52.0268 3332 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
20:22:52.0361 3332 EFS - ok
20:22:52.0486 3332 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:22:52.0564 3332 ehRecvr - ok
20:22:52.0580 3332 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
20:22:52.0658 3332 ehSched - ok
20:22:52.0705 3332 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:22:52.0736 3332 elxstor - ok
20:22:52.0845 3332 [ 8E12D885D17EC5FA4F52D2C6E953E285 ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
20:22:52.0876 3332 ePowerSvc - ok
20:22:52.0907 3332 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:22:52.0954 3332 ErrDev - ok
20:22:53.0032 3332 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
20:22:53.0126 3332 EventSystem - ok
20:22:53.0188 3332 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
20:22:53.0235 3332 exfat - ok
20:22:53.0266 3332 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:22:53.0344 3332 fastfat - ok
20:22:53.0438 3332 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
20:22:53.0547 3332 Fax - ok
20:22:53.0563 3332 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:22:53.0609 3332 fdc - ok
20:22:53.0641 3332 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:22:53.0719 3332 fdPHost - ok
20:22:53.0750 3332 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:22:53.0843 3332 FDResPub - ok
20:22:53.0875 3332 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:22:53.0921 3332 FileInfo - ok
20:22:53.0937 3332 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:22:53.0999 3332 Filetrace - ok
20:22:54.0171 3332 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:22:54.0218 3332 FLEXnet Licensing Service - ok
20:22:54.0249 3332 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:22:54.0311 3332 flpydisk - ok
20:22:54.0358 3332 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:22:54.0389 3332 FltMgr - ok
20:22:54.0452 3332 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
20:22:54.0592 3332 FontCache - ok
20:22:54.0670 3332 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:22:54.0701 3332 FontCache3.0.0.0 - ok
20:22:54.0701 3332 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:22:54.0717 3332 FsDepends - ok
20:22:54.0748 3332 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:22:54.0764 3332 Fs_Rec - ok
20:22:54.0857 3332 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:22:54.0889 3332 fvevol - ok
20:22:54.0904 3332 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:22:54.0920 3332 gagp30kx - ok
20:22:54.0982 3332 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
20:22:55.0091 3332 gpsvc - ok
20:22:55.0154 3332 [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
20:22:55.0169 3332 GREGService - ok
20:22:55.0185 3332 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:22:55.0247 3332 hcw85cir - ok
20:22:55.0294 3332 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:22:55.0357 3332 HdAudAddService - ok
20:22:55.0419 3332 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
20:22:55.0481 3332 HDAudBus - ok
20:22:55.0497 3332 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:22:55.0544 3332 HidBatt - ok
20:22:55.0544 3332 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:22:55.0575 3332 HidBth - ok
20:22:55.0606 3332 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:22:55.0653 3332 HidIr - ok
20:22:55.0700 3332 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
20:22:55.0793 3332 hidserv - ok
20:22:55.0871 3332 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:22:55.0903 3332 HidUsb - ok
20:22:55.0934 3332 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:22:55.0996 3332 hkmsvc - ok
20:22:56.0027 3332 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:22:56.0090 3332 HomeGroupListener - ok
20:22:56.0137 3332 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:22:56.0183 3332 HomeGroupProvider - ok
20:22:56.0402 3332 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
20:22:56.0917 3332 hpqcxs08 - ok
20:22:57.0010 3332 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
20:22:57.0041 3332 hpqddsvc - ok
20:22:57.0135 3332 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:22:57.0166 3332 HpSAMD - ok
20:22:57.0275 3332 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
20:22:57.0322 3332 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
20:22:57.0322 3332 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
20:22:57.0369 3332 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:22:57.0478 3332 HTTP - ok
20:22:57.0525 3332 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:22:57.0541 3332 hwpolicy - ok
20:22:57.0587 3332 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:22:57.0619 3332 i8042prt - ok
20:22:57.0728 3332 [ F7CE9BE72EDAC499B713ECA6DAE5D26F ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
20:22:57.0759 3332 iaStor - ok
20:22:57.0821 3332 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:22:57.0837 3332 iaStorV - ok
20:22:57.0977 3332 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:22:58.0024 3332 idsvc - ok
20:22:58.0055 3332 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:22:58.0071 3332 iirsp - ok
20:22:58.0102 3332 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
20:22:58.0165 3332 IKEEXT - ok
20:22:58.0258 3332 [ F4C031439501F6C1D336A36D7CB58F4F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:22:58.0305 3332 IntcAzAudAddService - ok
20:22:58.0352 3332 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
20:22:58.0367 3332 intelide - ok
20:22:58.0414 3332 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:22:58.0461 3332 intelppm - ok
20:22:58.0492 3332 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:22:58.0586 3332 IPBusEnum - ok
20:22:58.0633 3332 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:22:58.0695 3332 IpFilterDriver - ok
20:22:58.0789 3332 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:22:58.0835 3332 iphlpsvc - ok
20:22:58.0851 3332 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:22:58.0898 3332 IPMIDRV - ok
20:22:58.0929 3332 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:22:58.0976 3332 IPNAT - ok
20:22:59.0023 3332 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:22:59.0101 3332 IRENUM - ok
20:22:59.0116 3332 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:22:59.0132 3332 isapnp - ok
20:22:59.0163 3332 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:22:59.0179 3332 iScsiPrt - ok
20:22:59.0225 3332 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
20:22:59.0241 3332 kbdclass - ok
20:22:59.0288 3332 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
20:22:59.0335 3332 kbdhid - ok
20:22:59.0366 3332 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
20:22:59.0397 3332 KeyIso - ok
20:22:59.0444 3332 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:22:59.0459 3332 KSecDD - ok
20:22:59.0522 3332 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:22:59.0553 3332 KSecPkg - ok
20:22:59.0569 3332 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:22:59.0615 3332 ksthunk - ok
20:22:59.0678 3332 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
20:22:59.0756 3332 KtmRm - ok
20:22:59.0818 3332 [ 0E154DA6CA9105354A07D0C576804037 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
20:22:59.0834 3332 L1C - ok
20:22:59.0881 3332 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
20:22:59.0974 3332 LanmanServer - ok
20:23:00.0021 3332 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:23:00.0099 3332 LanmanWorkstation - ok
20:23:00.0411 3332 [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
20:23:00.0427 3332 lirsgt - ok
20:23:00.0614 3332 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:23:00.0692 3332 lltdio - ok
20:23:00.0739 3332 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:23:00.0832 3332 lltdsvc - ok
20:23:00.0848 3332 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:23:00.0895 3332 lmhosts - ok
20:23:00.0941 3332 [ 926EBA26A8B49D1597751CED06B50862 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
20:23:00.0973 3332 LMS - ok
20:23:01.0035 3332 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:23:01.0051 3332 LSI_FC - ok
20:23:01.0082 3332 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:23:01.0113 3332 LSI_SAS - ok
20:23:01.0129 3332 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:23:01.0144 3332 LSI_SAS2 - ok
20:23:01.0160 3332 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:23:01.0160 3332 LSI_SCSI - ok
20:23:01.0191 3332 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
20:23:01.0238 3332 luafv - ok
20:23:01.0285 3332 [ 23A854450DAB5C9B7A42AB9BE6F2E4BD ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
20:23:01.0285 3332 MBAMProtector - ok
20:23:01.0409 3332 [ 94E920BE59B9AB65D95E582DBAA136AC ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:23:01.0441 3332 MBAMService - ok
20:23:01.0487 3332 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:23:01.0534 3332 Mcx2Svc - ok
20:23:01.0550 3332 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:23:01.0565 3332 megasas - ok
20:23:01.0565 3332 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:23:01.0581 3332 MegaSR - ok
20:23:01.0628 3332 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
20:23:01.0659 3332 MEIx64 - ok
20:23:01.0737 3332 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
20:23:01.0768 3332 Microsoft Office Groove Audit Service - ok
20:23:01.0799 3332 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
20:23:01.0877 3332 MMCSS - ok
20:23:01.0893 3332 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:23:01.0924 3332 Modem - ok
20:23:01.0955 3332 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:23:02.0018 3332 monitor - ok
20:23:02.0049 3332 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:23:02.0049 3332 mouclass - ok
20:23:02.0096 3332 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:23:02.0111 3332 mouhid - ok
20:23:02.0174 3332 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:23:02.0189 3332 mountmgr - ok
20:23:02.0267 3332 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
20:23:02.0314 3332 MpFilter - ok
20:23:02.0330 3332 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
20:23:02.0361 3332 mpio - ok
20:23:02.0377 3332 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:23:02.0408 3332 mpsdrv - ok
20:23:02.0533 3332 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:23:02.0611 3332 MpsSvc - ok
20:23:02.0689 3332 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:23:02.0735 3332 MRxDAV - ok
20:23:02.0798 3332 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:23:02.0876 3332 mrxsmb - ok
20:23:02.0907 3332 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:23:02.0938 3332 mrxsmb10 - ok
20:23:02.0969 3332 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:23:02.0985 3332 mrxsmb20 - ok
20:23:03.0032 3332 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
20:23:03.0047 3332 msahci - ok
20:23:03.0079 3332 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:23:03.0094 3332 msdsm - ok
20:23:03.0110 3332 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
20:23:03.0172 3332 MSDTC - ok
20:23:03.0203 3332 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:23:03.0250 3332 Msfs - ok
20:23:03.0297 3332 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:23:03.0344 3332 mshidkmdf - ok
20:23:03.0406 3332 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:23:03.0437 3332 msisadrv - ok
20:23:03.0469 3332 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:23:03.0547 3332 MSiSCSI - ok
20:23:03.0547 3332 msiserver - ok
20:23:03.0609 3332 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:23:03.0687 3332 MSKSSRV - ok
20:23:03.0827 3332 [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
20:23:03.0843 3332 MsMpSvc - ok
20:23:03.0890 3332 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:23:03.0937 3332 MSPCLOCK - ok
20:23:03.0952 3332 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:23:03.0999 3332 MSPQM - ok
20:23:04.0093 3332 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:23:04.0139 3332 MsRPC - ok
20:23:04.0171 3332 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:23:04.0171 3332 mssmbios - ok
20:23:04.0202 3332 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:23:04.0249 3332 MSTEE - ok
20:23:04.0249 3332 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:23:04.0280 3332 MTConfig - ok
20:23:04.0295 3332 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
20:23:04.0311 3332 Mup - ok
20:23:04.0327 3332 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
20:23:04.0373 3332 napagent - ok
20:23:04.0420 3332 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:23:04.0451 3332 NativeWifiP - ok
20:23:04.0545 3332 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:23:04.0623 3332 NDIS - ok
20:23:04.0623 3332 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:23:04.0670 3332 NdisCap - ok
20:23:04.0701 3332 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:23:04.0732 3332 NdisTapi - ok
20:23:04.0763 3332 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:23:04.0826 3332 Ndisuio - ok
20:23:04.0857 3332 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:23:04.0951 3332 NdisWan - ok
20:23:05.0013 3332 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:23:05.0075 3332 NDProxy - ok
20:23:05.0153 3332 [ D4F51E88C71BF8F06EA1BE320B0BB75B ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
20:23:05.0169 3332 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
20:23:05.0169 3332 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
20:23:05.0185 3332 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:23:05.0263 3332 NetBIOS - ok
20:23:05.0341 3332 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:23:05.0434 3332 NetBT - ok
20:23:05.0481 3332 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
20:23:05.0481 3332 Netlogon - ok
20:23:05.0559 3332 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
20:23:05.0606 3332 Netman - ok
20:23:05.0621 3332 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
20:23:05.0762 3332 netprofm - ok
20:23:05.0871 3332 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:23:05.0902 3332 NetTcpPortSharing - ok
20:23:05.0918 3332 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:23:05.0933 3332 nfrd960 - ok
20:23:06.0011 3332 [ 162100E0BC8377710F9D170631921C03 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:23:06.0043 3332 NisDrv - ok
20:23:06.0105 3332 [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
20:23:06.0152 3332 NisSrv - ok
20:23:06.0261 3332 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:23:06.0308 3332 NlaSvc - ok
20:23:06.0339 3332 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:23:06.0433 3332 Npfs - ok
20:23:06.0448 3332 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
20:23:06.0526 3332 nsi - ok
20:23:06.0542 3332 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:23:06.0620 3332 nsiproxy - ok
20:23:06.0682 3332 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:23:06.0776 3332 Ntfs - ok
20:23:06.0791 3332 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
20:23:06.0838 3332 Null - ok
20:23:06.0901 3332 [ 786DB821BFD57C0551DBBE4F75384A7D ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
20:23:06.0963 3332 nusb3hub - ok
20:23:06.0994 3332 [ DAA8005CAF745042BB427A1ED7433354 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
20:23:07.0072 3332 nusb3xhc - ok
20:23:07.0119 3332 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:23:07.0150 3332 nvraid - ok
20:23:07.0213 3332 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:23:07.0244 3332 nvstor - ok
20:23:07.0291 3332 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:23:07.0306 3332 nv_agp - ok
20:23:07.0400 3332 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:23:07.0431 3332 odserv - ok
20:23:07.0462 3332 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:23:07.0525 3332 ohci1394 - ok
20:23:07.0571 3332 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:23:07.0603 3332 ose - ok
20:23:07.0665 3332 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:23:07.0743 3332 p2pimsvc - ok
20:23:07.0790 3332 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
20:23:07.0852 3332 p2psvc - ok
20:23:07.0899 3332 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:23:07.0961 3332 Parport - ok
20:23:08.0008 3332 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:23:08.0039 3332 partmgr - ok
20:23:08.0055 3332 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:23:08.0102 3332 PcaSvc - ok
20:23:08.0164 3332 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
20:23:08.0180 3332 pci - ok
20:23:08.0227 3332 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
20:23:08.0258 3332 pciide - ok
20:23:08.0289 3332 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:23:08.0320 3332 pcmcia - ok
20:23:08.0351 3332 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
20:23:08.0351 3332 pcw - ok
20:23:08.0383 3332 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:23:08.0492 3332 PEAUTH - ok
20:23:08.0648 3332 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:23:08.0695 3332 PerfHost - ok
20:23:08.0788 3332 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
20:23:08.0975 3332 pla - ok
20:23:09.0053 3332 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:23:09.0131 3332 PlugPlay - ok
20:23:09.0225 3332 [ 9A80707D8B6C1806531BFD7399B3CC76 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
20:23:09.0272 3332 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
20:23:09.0272 3332 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
20:23:09.0303 3332 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:23:09.0319 3332 PNRPAutoReg - ok
20:23:09.0365 3332 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:23:09.0397 3332 PNRPsvc - ok
20:23:09.0443 3332 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:23:09.0475 3332 PolicyAgent - ok
20:23:09.0506 3332 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
20:23:09.0584 3332 Power - ok
20:23:09.0662 3332 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:23:09.0740 3332 PptpMiniport - ok
20:23:09.0787 3332 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:23:09.0849 3332 Processor - ok
20:23:09.0943 3332 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
20:23:10.0005 3332 ProfSvc - ok
20:23:10.0036 3332 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:23:10.0052 3332 ProtectedStorage - ok
20:23:10.0114 3332 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:23:10.0223 3332 Psched - ok
20:23:10.0301 3332 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:23:10.0348 3332 ql2300 - ok
20:23:10.0364 3332 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:23:10.0364 3332 ql40xx - ok
20:23:10.0395 3332 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
20:23:10.0411 3332 QWAVE - ok
20:23:10.0426 3332 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:23:10.0457 3332 QWAVEdrv - ok
20:23:10.0489 3332 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:23:10.0504 3332 RasAcd - ok
20:23:10.0567 3332 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:23:10.0645 3332 RasAgileVpn - ok
20:23:10.0645 3332 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
20:23:10.0676 3332 RasAuto - ok
20:23:10.0707 3332 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:23:10.0785 3332 Rasl2tp - ok
20:23:10.0847 3332 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
20:23:10.0957 3332 RasMan - ok
20:23:10.0972 3332 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:23:11.0035 3332 RasPppoe - ok
20:23:11.0066 3332 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:23:11.0097 3332 RasSstp - ok
20:23:11.0144 3332 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:23:11.0191 3332 rdbss - ok
20:23:11.0222 3332 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:23:11.0222 3332 rdpbus - ok
20:23:11.0237 3332 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:23:11.0284 3332 RDPCDD - ok
20:23:11.0331 3332 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:23:11.0409 3332 RDPENCDD - ok
20:23:11.0425 3332 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:23:11.0471 3332 RDPREFMP - ok
20:23:11.0534 3332 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:23:11.0596 3332 RdpVideoMiniport - ok
20:23:11.0643 3332 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:23:11.0721 3332 RDPWD - ok
20:23:11.0768 3332 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:23:11.0799 3332 rdyboost - ok
20:23:11.0815 3332 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:23:11.0908 3332 RemoteAccess - ok
20:23:11.0939 3332 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:23:11.0986 3332 RemoteRegistry - ok
20:23:12.0002 3332 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:23:12.0049 3332 RpcEptMapper - ok
20:23:12.0095 3332 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
20:23:12.0127 3332 RpcLocator - ok
20:23:12.0173 3332 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
20:23:12.0220 3332 RpcSs - ok
20:23:12.0236 3332 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:23:12.0298 3332 rspndr - ok
20:23:12.0345 3332 [ 9BEB5F18A418FF70659CE2E356829568 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
20:23:12.0361 3332 RSUSBSTOR - ok
20:23:12.0376 3332 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
20:23:12.0376 3332 SamSs - ok
20:23:12.0407 3332 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:23:12.0423 3332 sbp2port - ok
20:23:12.0454 3332 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:23:12.0470 3332 SCardSvr - ok
20:23:12.0517 3332 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:23:12.0595 3332 scfilter - ok
20:23:12.0797 3332 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
20:23:12.0875 3332 Schedule - ok
20:23:12.0907 3332 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:23:12.0938 3332 SCPolicySvc - ok
20:23:13.0031 3332 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:23:13.0078 3332 SDRSVC - ok
20:23:13.0125 3332 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:23:13.0187 3332 secdrv - ok
20:23:13.0219 3332 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
20:23:13.0250 3332 seclogon - ok
20:23:13.0281 3332 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
20:23:13.0312 3332 SENS - ok
20:23:13.0312 3332 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:23:13.0343 3332 SensrSvc - ok
20:23:13.0359 3332 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:23:13.0375 3332 Serenum - ok
20:23:13.0421 3332 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:23:13.0437 3332 Serial - ok
20:23:13.0499 3332 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:23:13.0546 3332 sermouse - ok
20:23:13.0609 3332 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
20:23:13.0687 3332 SessionEnv - ok
20:23:13.0733 3332 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:23:13.0796 3332 sffdisk - ok
20:23:13.0827 3332 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:23:13.0858 3332 sffp_mmc - ok
20:23:13.0874 3332 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:23:13.0905 3332 sffp_sd - ok
20:23:13.0936 3332 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:23:13.0983 3332 sfloppy - ok
20:23:14.0045 3332 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:23:14.0123 3332 SharedAccess - ok
20:23:14.0186 3332 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:23:14.0279 3332 ShellHWDetection - ok
20:23:14.0279 3332 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:23:14.0279 3332 SiSRaid2 - ok
20:23:14.0295 3332 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:23:14.0295 3332 SiSRaid4 - ok
20:23:14.0389 3332 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
20:23:14.0420 3332 SkypeUpdate - ok
20:23:14.0451 3332 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:23:14.0498 3332 Smb - ok
20:23:14.0545 3332 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:23:14.0591 3332 SNMPTRAP - ok
20:23:14.0623 3332 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
20:23:14.0623 3332 spldr - ok
20:23:14.0716 3332 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
20:23:14.0810 3332 Spooler - ok
20:23:15.0028 3332 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
20:23:15.0215 3332 sppsvc - ok
20:23:15.0231 3332 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:23:15.0325 3332 sppuinotify - ok
20:23:15.0418 3332 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
20:23:15.0496 3332 srv - ok
20:23:15.0621 3332 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:23:15.0683 3332 srv2 - ok
20:23:15.0715 3332 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:23:15.0746 3332 srvnet - ok
20:23:15.0777 3332 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:23:15.0839 3332 SSDPSRV - ok
20:23:15.0871 3332 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:23:15.0949 3332 SstpSvc - ok
20:23:15.0980 3332 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:23:15.0980 3332 stexstor - ok
20:23:16.0151 3332 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
20:23:16.0198 3332 stisvc - ok
20:23:16.0245 3332 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
20:23:16.0276 3332 swenum - ok
20:23:16.0354 3332 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
20:23:16.0417 3332 swprv - ok
20:23:16.0557 3332 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
20:23:16.0713 3332 SysMain - ok
20:23:16.0775 3332 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:23:16.0838 3332 TabletInputService - ok
20:23:16.0931 3332 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:23:17.0025 3332 TapiSrv - ok
20:23:17.0041 3332 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
20:23:17.0119 3332 TBS - ok
20:23:17.0212 3332 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:23:17.0290 3332 Tcpip - ok
20:23:17.0384 3332 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:23:17.0415 3332 TCPIP6 - ok
20:23:17.0477 3332 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:23:17.0509 3332 tcpipreg - ok
20:23:17.0571 3332 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:23:17.0665 3332 TDPIPE - ok
20:23:17.0711 3332 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:23:17.0743 3332 TDTCP - ok
20:23:17.0836 3332 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:23:17.0930 3332 tdx - ok
20:23:17.0961 3332 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
20:23:17.0992 3332 TermDD - ok
20:23:18.0070 3332 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
20:23:18.0148 3332 TermService - ok
20:23:18.0195 3332 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
20:23:18.0195 3332 Themes - ok
20:23:18.0242 3332 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
20:23:18.0289 3332 THREADORDER - ok
20:23:18.0335 3332 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
20:23:18.0398 3332 TrkWks - ok
20:23:18.0554 3332 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:23:18.0632 3332 TrustedInstaller - ok
20:23:18.0694 3332 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:23:18.0757 3332 tssecsrv - ok
20:23:18.0819 3332 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:23:18.0897 3332 TsUsbFlt - ok
20:23:18.0975 3332 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:23:19.0053 3332 tunnel - ok
20:23:19.0131 3332 [ 48743B69EA47C020A792D8649F753F44 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
20:23:19.0147 3332 TurboB - ok
20:23:19.0256 3332 [ 759F59E3EA3802FF23F93DCDB6FE9171 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
20:23:19.0271 3332 TurboBoost - ok
20:23:19.0303 3332 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:23:19.0334 3332 uagp35 - ok
20:23:19.0381 3332 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:23:19.0474 3332 udfs - ok
20:23:19.0505 3332 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:23:19.0552 3332 UI0Detect - ok
20:23:19.0583 3332 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:23:19.0599 3332 uliagpkx - ok
20:23:19.0661 3332 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:23:19.0677 3332 umbus - ok
20:23:19.0693 3332 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:23:19.0724 3332 UmPass - ok
20:23:19.0989 3332 [ FDF92EC84FECEE834FB10A2A0A19BCDA ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
20:23:20.0067 3332 UNS - ok
20:23:20.0161 3332 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
20:23:20.0176 3332 Updater Service - ok
20:23:20.0254 3332 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
20:23:20.0332 3332 upnphost - ok
20:23:20.0426 3332 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:23:20.0488 3332 usbccgp - ok
20:23:20.0566 3332 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:23:20.0613 3332 usbcir - ok
20:23:20.0660 3332 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
20:23:20.0707 3332 usbehci - ok
20:23:20.0753 3332 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:23:20.0816 3332 usbhub - ok
20:23:20.0847 3332 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:23:20.0909 3332 usbohci - ok
20:23:20.0972 3332 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:23:21.0034 3332 usbprint - ok
20:23:21.0097 3332 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:23:21.0128 3332 usbscan - ok
20:23:21.0159 3332 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:23:21.0237 3332 USBSTOR - ok
20:23:21.0253 3332 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
20:23:21.0299 3332 usbuhci - ok
20:23:21.0331 3332 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
20:23:21.0393 3332 usbvideo - ok
20:23:21.0440 3332 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
20:23:21.0533 3332 UxSms - ok
20:23:21.0533 3332 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
20:23:21.0549 3332 VaultSvc - ok
20:23:21.0596 3332 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:23:21.0611 3332 vdrvroot - ok
20:23:21.0721 3332 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
20:23:21.0814 3332 vds - ok
20:23:21.0845 3332 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:23:21.0877 3332 vga - ok
20:23:21.0892 3332 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
20:23:21.0955 3332 VgaSave - ok
20:23:21.0986 3332 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:23:22.0048 3332 vhdmp - ok
20:23:22.0079 3332 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
20:23:22.0095 3332 viaide - ok
20:23:22.0095 3332 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:23:22.0111 3332 volmgr - ok
20:23:22.0142 3332 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:23:22.0173 3332 volmgrx - ok
20:23:22.0220 3332 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:23:22.0235 3332 volsnap - ok
20:23:22.0251 3332 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:23:22.0267 3332 vsmraid - ok
20:23:22.0345 3332 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
20:23:22.0485 3332 VSS - ok
20:23:22.0501 3332 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
20:23:22.0563 3332 vwifibus - ok
20:23:22.0579 3332 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:23:22.0641 3332 vwififlt - ok
20:23:22.0703 3332 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
20:23:22.0750 3332 W32Time - ok
20:23:22.0750 3332 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:23:22.0781 3332 WacomPen - ok
20:23:22.0828 3332 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:23:22.0922 3332 WANARP - ok
20:23:22.0922 3332 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:23:22.0937 3332 Wanarpv6 - ok
20:23:23.0015 3332 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
20:23:23.0203 3332 wbengine - ok
20:23:23.0234 3332 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:23:23.0281 3332 WbioSrvc - ok
20:23:23.0327 3332 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:23:23.0374 3332 wcncsvc - ok
20:23:23.0390 3332 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:23:23.0421 3332 WcsPlugInService - ok
20:23:23.0437 3332 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:23:23.0452 3332 Wd - ok
20:23:23.0515 3332 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:23:23.0577 3332 Wdf01000 - ok
20:23:23.0593 3332 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:23:23.0702 3332 WdiServiceHost - ok
20:23:23.0702 3332 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:23:23.0717 3332 WdiSystemHost - ok
20:23:23.0764 3332 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
20:23:23.0842 3332 WebClient - ok
20:23:23.0858 3332 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:23:23.0920 3332 Wecsvc - ok
20:23:23.0936 3332 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:23:23.0967 3332 wercplsupport - ok
20:23:24.0014 3332 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
20:23:24.0092 3332 WerSvc - ok
20:23:24.0107 3332 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:23:24.0139 3332 WfpLwf - ok
20:23:24.0139 3332 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:23:24.0154 3332 WIMMount - ok
20:23:24.0170 3332 WinDefend - ok
20:23:24.0217 3332 WinHttpAutoProxySvc - ok
20:23:24.0310 3332 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:23:24.0373 3332 Winmgmt - ok
20:23:24.0560 3332 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
20:23:24.0638 3332 WinRM - ok
20:23:24.0685 3332 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
20:23:24.0685 3332 WinUsb - ok
20:23:24.0731 3332 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
20:23:24.0809 3332 Wlansvc - ok
20:23:24.0825 3332 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:23:24.0841 3332 WmiAcpi - ok
20:23:24.0872 3332 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:23:24.0903 3332 wmiApSrv - ok
20:23:24.0934 3332 WMPNetworkSvc - ok
20:23:24.0950 3332 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:23:24.0981 3332 WPCSvc - ok
20:23:25.0012 3332 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:23:25.0043 3332 WPDBusEnum - ok
20:23:25.0059 3332 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:23:25.0090 3332 ws2ifsl - ok
20:23:25.0121 3332 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
20:23:25.0121 3332 wscsvc - ok
20:23:25.0137 3332 WSearch - ok
20:23:25.0231 3332 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
20:23:25.0324 3332 wuauserv - ok
20:23:25.0355 3332 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:23:25.0418 3332 WudfPf - ok
20:23:25.0496 3332 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:23:25.0543 3332 WUDFRd - ok
20:23:25.0589 3332 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:23:25.0636 3332 wudfsvc - ok
20:23:25.0683 3332 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
20:23:25.0777 3332 WwanSvc - ok
20:23:25.0792 3332 ================ Scan global ===============================
20:23:25.0808 3332 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:23:25.0855 3332 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
20:23:25.0855 3332 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
20:23:25.0886 3332 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:23:25.0917 3332 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:23:25.0933 3332 [Global] - ok
20:23:25.0933 3332 ================ Scan MBR ==================================
20:23:25.0948 3332 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:23:27.0337 3332 \Device\Harddisk0\DR0 - ok
20:23:27.0337 3332 ================ Scan VBR ==================================
20:23:27.0337 3332 [ 41BF6972494BECEDF2DFFB27AD3DA5C7 ] \Device\Harddisk0\DR0\Partition1
20:23:27.0337 3332 \Device\Harddisk0\DR0\Partition1 - ok
20:23:27.0368 3332 [ E998F012682E10F4F4F79B7AA8DE8DC4 ] \Device\Harddisk0\DR0\Partition2
20:23:27.0368 3332 \Device\Harddisk0\DR0\Partition2 - ok
20:23:27.0368 3332 ============================================================
20:23:27.0368 3332 Scan finished
20:23:27.0368 3332 ============================================================
20:23:27.0383 0428 Detected object count: 3
20:23:27.0383 0428 Actual detected object count: 3
20:25:44.0788 0428 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:44.0788 0428 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:44.0804 0428 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:44.0804 0428 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:44.0804 0428 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:44.0804 0428 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
 |
|
08.07.2013, 19:30
| #10 |
| /// Malware-holic | security essentials meldet Maleware Hi, sind ungefährlich. Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.07.2013, 19:44
| #11 |
| | security essentials meldet Maleware Alles so gemacht wie beschrieben. Hier das Log: Code:
ATTFilter ComboFix 13-07-08.04 - Annegret 08.07.2013 20:34:24.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.6126.4546 [GMT 2:00]
ausgeführt von:: c:\users\Annegret\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1373248220.bdinstall.bin
c:\programdata\FullRemove.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-06-08 bis 2013-07-08 ))))))))))))))))))))))))))))))
.
.
2013-07-08 18:39 . 2013-07-08 18:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-08 18:16 . 2013-07-08 18:16 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{06B09505-2245-4883-A02F-EE3788B52514}\offreg.dll
2013-07-08 07:46 . 2013-06-11 18:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{06B09505-2245-4883-A02F-EE3788B52514}\mpengine.dll
2013-07-08 03:37 . 2013-07-08 07:53 -------- d-----w- c:\program files\Waterfox
2013-07-08 03:35 . 2013-07-08 03:35 -------- d-----w- c:\users\Annegret\AppData\Roaming\Waterfox Limited
2013-07-08 02:22 . 2013-07-08 02:22 -------- d-----w- c:\users\Annegret\AppData\Local\Programs
2013-07-08 01:59 . 2013-07-08 01:59 -------- d-----w- c:\programdata\BDLogging
2013-07-08 01:54 . 2013-07-08 01:54 -------- d-----w- c:\users\Annegret\AppData\Roaming\Bitdefender
2013-07-08 01:52 . 2013-07-08 01:52 -------- d-----w- c:\users\Annegret\AppData\Roaming\QuickScan
2013-07-08 01:51 . 2013-07-08 02:04 -------- d-----w- c:\programdata\Bitdefender
2013-07-08 01:51 . 2013-07-08 01:51 -------- d-----w- c:\program files\Bitdefender
2013-07-08 01:49 . 2013-07-08 01:51 -------- d-----w- c:\program files\Common Files\Bitdefender
2013-07-08 01:49 . 2013-07-08 01:49 -------- d-----w- c:\program files (x86)\Common Files\Bitdefender
2013-07-04 18:32 . 2013-06-19 03:02 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{259873B1-0068-414D-92B7-0A53A6A20CA0}\gapaengine.dll
2013-07-04 18:27 . 2013-07-08 07:40 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-07-04 18:27 . 2013-07-08 07:40 -------- d-----w- c:\program files\Microsoft Security Client
2013-07-04 15:33 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-07-04 15:33 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-07-04 15:33 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-07-04 15:33 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-07-04 15:33 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-07-04 15:33 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-07-04 15:33 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-07-02 14:18 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{242B95B6-9368-493C-BCF5-54D5FDCD0E2E}\mpengine.dll
2013-07-02 14:18 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-07-02 14:18 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-07-02 14:11 . 2013-07-08 07:40 -------- d-----w- c:\program files (x86)\LyricsWoofer
2013-06-27 09:41 . 2013-06-27 09:41 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-12 15:51 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 18:05 . 2011-06-06 13:40 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-11 19:08 . 2012-04-14 16:43 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-11 19:08 . 2011-06-03 20:55 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-02 15:29 . 2011-06-03 17:30 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-20 09:13 . 2013-04-20 09:13 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
2013-04-13 05:49 . 2013-05-16 15:13 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-16 15:13 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-16 15:13 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-16 15:13 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-16 15:13 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 15:13 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-23 21:18 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-16 15:13 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-16 15:13 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-16 15:13 3153920 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{73F8F433-14C8-48AA-8412-54BC6F8D3FA3}]
2013-06-25 08:14 185856 ----a-w- c:\program files (x86)\LyricsWoofer\116.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-28 98304]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-20 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 ccdglsvc;ccdglsvc; [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 46150914
*Deregistered* - 46150914
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 19:08]
.
2013-07-08 c:\windows\Tasks\LyricsWoofer Update.job
- c:\program files (x86)\LyricsWoofer\LyricsWooferUPD.exe [2013-06-25 08:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://acer.msn.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\Annegret\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Annegret\AppData\Roaming\Mozilla\Firefox\Profiles\02u9231j.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - ExtSQL: 2013-07-08 09:40; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - ExtSQL: 2013-07-08 09:56; langpack-de@firefox.mozilla.org; c:\users\Annegret\AppData\Roaming\Mozilla\Firefox\Profiles\02u9231j.default\extensions\langpack-de@firefox.mozilla.org.xpi
FF - ExtSQL: 2013-07-08 09:59; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Annegret\AppData\Roaming\Mozilla\Firefox\Profiles\02u9231j.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-07-08 20:40:50
ComboFix-quarantined-files.txt 2013-07-08 18:40
.
Vor Suchlauf: 13 Verzeichnis(se), 364.224.929.792 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 363.703.369.728 Bytes frei
.
- - End Of File - - CA6DF285D38BA0AA70E8EFE3A57B53FA
A36C5E4F47E84449FF07ED3517B43A31
|
|
08.07.2013, 20:23
| #12 |
| /// Malware-holic | security essentials meldet Maleware Hi wie sieht es nach Neustart aus, funktioniert Malwarebytes wieder? falls ja, Scanlogs mit Funden posten, updaten, Vollständigen Scan ausführen, Funde löschen, Log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.07.2013, 09:38
| #13 | |
| | security essentials meldet Maleware Nach dem Neustart scheint das System schneller hochzufahren. Mban geht wieder doch es gibt kein Log in dem etwas von einer Infektion steht. Hab einen Kompletten Scan gemacht: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.07.09.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16618 PC :: XXXXXXX-PC [Administrator] 09.07.2013 09:04:23 mbam-log-2013-07-09 (09-04-23).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 457950 Laufzeit: 1 Stunde(n), 12 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende)  Hab die von Microsoft Security Essentials bemeckerte .dll Datei mal bei virustotal scannen lassen. Zitat:
Geändert von King pin (09.07.2013 um 09:51 Uhr) |
|
09.07.2013, 10:39
| #14 |
| /// Malware-holic | security essentials meldet Maleware Hi, Immer mit der Ruhe, wir kommen dazu schon noch :-) lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.07.2013, 11:22
| #15 |
| | security essentials meldet Maleware Hier das Log: Code:
ATTFilter Acer Crystal Eye Webcam CyberLink Corp. 26.03.2011 33,0MB 1.0.1216 Notwendig (bereits bei kauf installiert) Acer ePower Management Acer Incorporated 10.12.2010 6.00.3000 Unbekannt ob notwendig (bereits bei kauf installiert) Acer eRecovery Management Acer Incorporated 10.12.2010 5.00.3002 Unbekannt ob notwendig(bereits bei kauf installiert) Acer GameZone Console Oberon Media, Inc. 10.12.2010 31,0MB 6.1.0.9 Unbekannt ob notwendig (bereits bei kauf installiert) Acer Registration Acer Incorporated 26.03.2011 1.03.3003 Unbekannt ob notwendig (bereits bei kauf installiert) Acer Updater Acer Incorporated 10.12.2010 1.02.3001 Unbekannt ob notwendig (bereits bei kauf installiert) Adobe AIR Adobe Systems Incorporated 04.02.2012 3.1.0.4880 Notwendig Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 11.06.2013 6,00MB 11.7.700.224 Notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 11.06.2013 6,00MB 11.7.700.224 Notwendig Adobe Reader 9.1 MUI Adobe Systems Incorporated 10.12.2010 650MB 9.1.0 Notwendig Adobe Shockwave Player 11.6 Adobe Systems, Inc. 31.05.2012 11.6.5.635 Notwendig Airline Tycoon - Deluxe Spellbound Entertainment AG 26.04.2012 Notwendig(Spiel) Airline Tycoon 2 v1.01 Kalypso Media 18.04.2012 Notwendig(Spiel) Anno 1701 Sunflowers 26.08.2012 1.02 Notwendig (spiel) Apple Application Support Apple Inc. 27.12.2012 64,9MB 2.3 Notwendig Apple Software Update Apple Inc. 07.03.2013 2,38MB 2.1.3.127 Notwendig Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver Atheros Communications Inc. 10.12.2010 1.0.0.36 Notwendig ATI Catalyst Install Manager ATI Technologies, Inc. 26.03.2011 22,4MB 3.0.795.0 Notwendig CCleaner Piriform 19.02.2013 3.28 Notwendig Die Sims™ 3 Electronic Arts 13.09.2011 1.24.3 Notwendig(Spiel) Die Sims™ 3 Late Night Electronic Arts 13.09.2011 6.5.1 Notwendig(Spiel) Die Sims™ 3 Reiseabenteuer Electronic Arts 01.09.2011 2.0.86 Notwendig(Spiel) DivX-Setup DivX, LLC 01.03.2013 2.6.1.24 Notwendig Fallout 3 Bethesda Softworks 08.03.2012 1.00.0000 Notwendig Fallout 3 - The Garden of Eden Creation Kit Bethesda Softworks 12.03.2012 Notwendig 1.00.0000 Free YouTube to MP3 Converter version 3.10.11.923 DVDVideoSoft Ltd. 06.11.2011 42,3MB Notwendig HP Customer Participation Program 14.0 HP 11.06.2011 14.0 Notwendig HP Imaging Device Functions 14.0 HP 11.06.2011 14.0 Notwendig HP Photosmart B109a-m All-in-One Driver Software 14.0 Rel. 6 HP 14.12.2011 14.0 Notwendig HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7 HP 11.06.2011 14.0 Notwendig HP Smart Web Printing 4.60 HP 11.06.2011 4.60 UNNotwendig HP Solution Center 14.0 HP 11.06.2011 14.0 Notwendig HP Update Hewlett-Packard 11.06.2011 2,97MB 5.002.002.002 Notwendig ICQ 7.6 Build #5618 Banner Remover 1.0 murb.com 27.09.2011 2,77MB Notwendig ICQ7.5 ICQ 06.06.2011 7.5 Notwendig Intel(R) Management Engine Components Intel Corporation 08.07.2013 7.0.0.1144 Notwendig IrfanView (remove only) Irfan Skiljan 11.06.2011 1,50MB 4.28 Notwendig Java(TM) 6 Update 26 Oracle 03.06.2011 97,0MB 6.0.260 Notwendig Java(TM) 7 Update 4 (64-bit) Oracle 31.05.2012 95,0MB 7.0.40 Notwendig Launch Manager Acer Inc. 26.03.2011 5.0.3 Notwendig Lexware Info Service Haufe-Lexware GmbH & Co.KG 08.09.2012 15,8MB 2.80.00.0007 Notwendig LyricsWoofer Lyrics Woofer LTD 02.07.2013 Unbekannt Malwarebytes Anti-Malware Version 1.75.0.1300 Malwarebytes Corporation 09.07.2013 19,2MB 1.75.0.1300 Notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 06.06.2011 38,8MB 4.0.30319 Notwendig Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 06.06.2011 2,93MB 4.0.30319 Notwendig Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 08.03.2012 32,5MB 2.0.673.0 Unnötig Microsoft Office Enterprise 2007 Microsoft Corporation 04.02.2012 12.0.6612.1000 Notwendig Microsoft Office Live Add-in 1.5 Microsoft Corporation 30.05.2012 508KB 2.0.4024.1 unNotwendig Microsoft Security Essentials Microsoft Corporation 04.07.2013 4.2.223.1 unNotwendig Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 15.10.2011 300KB 8.0.59193 Notwendig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 03.06.2011 784KB 9.0.30729.4148 Notwendig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 15.10.2011 788KB 9.0.30729.6161 Notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 10.12.2010 596KB 9.0.30729 Notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 03.06.2011 592KB 9.0.30729.4148 Notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 15.10.2011 600KB 9.0.30729.6161 Notwendig Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 15.10.2011 13,8MB 10.0.40219 Notwendig Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 15.10.2011 15,0MB 10.0.40219 Notwendig Microsoft WSE 3.0 Runtime Microsoft Corp. 01.09.2011 942KB 3.0.5305.0 v Notwendig MSXML 4.0 SP2 (KB954430) Microsoft Corporation 13.07.2011 1,27MB 4.20.9870.0 Notwendig MSXML 4.0 SP2 (KB973688) Microsoft Corporation 14.07.2011 1,33MB 4.20.9876.0 Notwendig NVIDIA PhysX NVIDIA Corporation 12.02.2012 119MB 9.09.0203 Notwendig PDF24 Creator 3.7.0 PDF24.org 23.10.2011 33,4MB Notwendig QuickTime Apple Inc. 07.03.2013 73,1MB 7.73.80.64 Notwendig Realtek High Definition Audio Driver Realtek Semiconductor Corp. 26.03.2011 6.0.1.6254 Notwendig Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 10.12.2010 6.1.7600.30123 Notwendig Renesas Electronics USB 3.0 Host Controller Driver Renesas Electronics Corporation 26.03.2011 1,00MB 2.0.26.0 Notwendig Risen Deep Silver 12.02.2012 1.00.0000 Notwendig Skype™ 5.10 Skype Technologies S.A. 08.09.2012 19,4MB 5.10.116 Notwendig TAXMAN 2012 Haufe-Lexware GmbH & Co.KG 28.05.2013 629MB 18.09.00.0004 Notwendig Torchlight JoWooD 17.05.2012 455MB 1.15 Notwendig Vectorworks 2011 Hilfe UNKNOWN 10.09.2011 1.1 Notwendig Waterfox Waterfox Limited 08.07.2013 84,7MB 18.0.1 WEKA VOB-Musterbriefe und -Formulare Stand 10.10 WEKA 07.01.2012 Stand 10.10 Notwendig Winamp Nullsoft, Inc 03.06.2011 5.61 Notwendig Winamp Erkennungs-Plug-in Nullsoft, Inc 03.06.2011 75,0KB 1.0.0.1 Notwendig Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 26.03.2011 5,57MB 15.4.5722.2 unNotwendig WinRAR 4.01 (64-Bit) win.rar GmbH 11.09.2011 4.01.0 Notwendig Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 Intel 26.03.2011 27,5MB 2.0.82.0 Notwendig CCleaner zeigt dieses Lyrics Woofer auch in Autostart, dem Internetexplorer und den geplannten Aufgaben an. ich hab sie alle erstmal deaktiviert. Laut erstelldatum im Lyricyordner existiert dieses Programm seit dem 16.6.13 Ich kann es nur keinem Sinn zuordnen. CCleaner zeigt den 2.7 an weil ich vor der Threaderstellunbg eine Systemwiederherstellung gemacht hatte. Da aus irgendeinem Grund mein CAD Programm nicht mehr funktionierte. Edit: Java läst sich auch nicht aktualisiern darum ist es deaktiviert im Browser |
|
| Themen zu security essentials meldet Maleware |
| .dll, adobe, bho, converter, explorer, fehlermeldung, firefox, flash player, format, helper, home, launch, logfile, maleware, mp3, plug-in, programm, programme, realtek, registry, rundll, scan, security, software, temp, usb, windows |
WARNUNG an die MITLESER: 
Linear-Darstellung
