Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojan Speyeyes und Rogue.Live Sexurity Platinum gefunden

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 14.12.2012, 19:38   #1
kartoffelken
 
Trojan Speyeyes und Rogue.Live Sexurity Platinum gefunden - Standard

Trojan Speyeyes und Rogue.Live Sexurity Platinum gefunden



Hallo!
Der Laptop meines Freundes schien in letzter Zeit deutlich langsamer als sonst und zeigte seit ein paar Tagen in manchen Texten worte unterstrichen an und leitete, wenn man sie anklickte, auf clickcompare.info weiter.
Mir kam das ganze sehr spanisch vor, so dass ich mir nach einigem einlesen Malwarebytes Anti Malware runtergeladen hab und einen Quickscan vorgenommen hab.
Ergebnis:
Trojan Speyeyes und Rogue.Live Security Platinum

Ich weiß allerdings überhaupt nicht, wie es jetzt weitergehen soll - ich kenn mich zwar besser mit Computern aus als mein Freund, aber weiß eigentlich nur, dass es nicht sinnvoll ist, die Dateien einfach so zu löschen.
Irgendwo stand etwas von Quarantäne, aber ehrlich gesagt, hab ich nichtmal das hinbekommen.
Über Hilfe wär ich also hocherfreut!
Beste Grüße,
kartoffelken

Edit: Lesen bildet. habjetzt erst den "für alle Hilfesuchenden" Threat gelesen und habe eben defogger und dann otl runtergeladen. Den lass ich jetzt durchlaufen und werd dann das Dingsda posten. Habe außerdem ausversehen bei Malwarebytes auf "entfernen" geklickt. Werde gleich die Dateien nachreichen.

Otl.text:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 14.12.2012 19:43:24 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,63 Gb Available Physical Memory | 54,48% Memory free
5,99 Gb Paging File | 4,60 Gb Available in Paging File | 76,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,42 Gb Total Space | 98,85 Gb Free Space | 44,45% Space Free | Partition Type: NTFS
Drive D: | 10,47 Gb Total Space | 1,78 Gb Free Space | 17,05% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: ***| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.14 19:42:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.12.14 19:39:39 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
PRC - [2012.11.06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgui.exe
PRC - [2012.11.06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgidsagent.exe
PRC - [2012.10.30 04:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgrsx.exe
PRC - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgwdsvc.exe
PRC - [2012.10.22 13:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgnsx.exe
PRC - [2012.10.22 13:03:52 | 000,796,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgemcx.exe
PRC - [2012.10.22 13:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgcsrvx.exe
PRC - [2012.10.04 16:00:00 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.10.14 15:24:48 | 001,210,688 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
PRC - [2011.10.14 15:24:46 | 001,479,488 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
PRC - [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.05.08 12:48:36 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe
PRC - [2010.05.08 12:48:26 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2009.08.23 21:41:18 | 001,549,096 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\vpngui.exe
PRC - [2009.08.23 21:41:16 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.03.05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009.01.20 09:39:12 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe
PRC - [2009.01.20 09:38:46 | 000,249,938 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_55dec32c4954532c\stacsv.exe
PRC - [2009.01.20 09:37:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_55dec32c4954532c\AEstSrv.exe
PRC - [2009.01.09 18:46:32 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2009.01.09 18:45:26 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2008.12.23 16:18:20 | 000,365,952 | ---- | M] () -- C:\Programme\SMINST\BLService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.12.14 19:39:39 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
MOD - [2012.11.17 12:59:45 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\d8e7934f5f7b585a06506b3fa400523e\System.Management.ni.dll
MOD - [2012.11.16 17:26:41 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\515c6ffea562bb0f03a1ed8f75279648\System.Windows.Forms.ni.dll
MOD - [2012.11.16 17:26:31 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f4be07261983040b29685575b69085e8\System.Drawing.ni.dll
MOD - [2012.11.16 17:25:54 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2d47118e5da6db054d5676e665f2be2\System.Xml.ni.dll
MOD - [2012.11.16 17:25:45 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2f44dac350b6161a9e9ce7222ae94335\System.Configuration.ni.dll
MOD - [2012.11.16 17:25:43 | 007,973,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c8ebcd93a2b547dc72dee2fcfabcdd50\System.ni.dll
MOD - [2012.11.16 17:25:11 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5530227809880c9b8b1d834e5434e840\mscorlib.ni.dll
MOD - [2012.09.10 16:07:17 | 000,911,872 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\spd__du.dll
MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2009.08.23 21:41:22 | 000,197,424 | ---- | M] () -- C:\Windows\System32\vpnapi.dll
MOD - [2008.09.23 16:21:22 | 000,066,856 | ---- | M] () -- C:\Programme\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll
MOD - [2008.07.29 12:55:14 | 000,969,728 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2007.08.14 12:59:54 | 006,365,184 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtGui4.dll
MOD - [2007.07.12 12:55:52 | 000,131,072 | ---- | M] () -- C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007.07.12 12:55:28 | 001,581,056 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtCore4.dll
MOD - [2005.09.21 05:57:56 | 004,325,376 | ---- | M] () -- C:\Programme\Cisco Systems\VPN Client\qt-mt335.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012.12.12 14:48:26 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.07 11:10:37 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.04.06 00:45:44 | 000,129,536 | ---- | M] (Samsung Electronics) [On_Demand | Stopped] -- C:\Windows\System32\SUPDSvc2.exe -- (Samsung UPD Service2)
SRV - [2011.10.14 15:24:46 | 001,479,488 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.10.12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Programme\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010.05.08 12:48:36 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2009.08.23 21:41:16 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.01.20 09:38:46 | 000,249,938 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_55dec32c4954532c\stacsv.exe -- (STacSV)
SRV - [2009.01.20 09:37:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_55dec32c4954532c\AEstSrv.exe -- (AESTFilters)
SRV - [2008.12.23 16:18:20 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Programme\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008.02.03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Stopped] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.10.22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012.10.15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012.10.05 03:32:50 | 000,093,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012.10.02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012.09.21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012.09.21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012.09.21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012.09.14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012.01.04 15:28:36 | 000,016,128 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtkdrv.sys -- (TrojanKillerDriver)
DRV - [2011.10.13 16:33:58 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011.06.26 14:34:11 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv07.sys -- (acedrv07)
DRV - [2011.06.26 14:34:11 | 000,099,840 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv06.sys -- (acedrv06)
DRV - [2011.06.26 14:34:11 | 000,097,792 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv05.sys -- (acedrv05)
DRV - [2011.06.26 14:34:11 | 000,097,280 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv04.sys -- (acedrv04)
DRV - [2011.06.26 14:34:11 | 000,097,280 | ---- | M] (ACE GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv03.sys -- (acedrv03)
DRV - [2011.06.26 14:34:11 | 000,097,280 | ---- | M] (ACE GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv02.sys -- (acedrv02)
DRV - [2011.06.26 14:34:11 | 000,093,696 | ---- | M] (ACE GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv01.sys -- (acedrv01)
DRV - [2010.03.25 09:08:38 | 000,105,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010.03.20 10:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010.03.20 09:28:12 | 000,116,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009.10.09 02:37:44 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.08.23 21:40:32 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009.01.20 09:39:16 | 000,394,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009.01.15 11:13:00 | 007,543,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.12.23 12:47:52 | 000,138,240 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.09.24 17:09:48 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2007.06.18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {EE97B51A-20F2-4B92-BE28-538D5E0DADA1}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{82BD1D8A-D6EB-48F9-A5B2-6DDEB211E69D}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\..\SearchScopes\{D4047067-EB80-4A39-AA97-44ABDE46B913}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{EE97B51A-20F2-4B92-BE28-538D5E0DADA1}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-search.com/?affID=117116&tt=261112_yh_4812_3&babsrc=HP_ss&mntrId=7c0d487600000000000000242c2e0a08
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {DB7CC1A8-78F3-448D-AABE-FAE0C189E95E}
IE - HKCU\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = hxxp://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
IE - HKCU\..\SearchScopes\{0A129E8B-6420-4C7D-AFE7-D25850B856F6}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=117116&tt=261112_yh_4812_3&babsrc=SP_ss&mntrId=7c0d487600000000000000242c2e0a08
IE - HKCU\..\SearchScopes\{DB7CC1A8-78F3-448D-AABE-FAE0C189E95E}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{EE97B51A-20F2-4B92-BE28-538D5E0DADA1}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/"
FF - prefs.js..extensions.enabledAddons: foxyproxy%40eric.h.jung:4.1
FF - prefs.js..extensions.enabledAddons: groovesharkUnlocker%40overlord1337:1.3
FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.3.4
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.1
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.1
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://www.rz.uni-osnabrueck.de/proxy/proxy.pac"
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.11.06 16:06:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.07 11:10:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.07 11:10:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.07 11:10:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.07 11:10:28 | 000,000,000 | ---D | M]
 
[2012.11.06 16:45:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.11.27 20:05:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xn5poxzs.default\extensions
[2012.11.06 16:45:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xn5poxzs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.11.23 17:58:43 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xn5poxzs.default\extensions\foxyproxy@eric.h.jung
[2012.11.27 19:58:55 | 000,214,127 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\xn5poxzs.default\extensions\freehdsport@freehdsport.tv.xpi
[2012.07.31 12:59:18 | 000,221,380 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\xn5poxzs.default\extensions\gophoto@gophoto.it.xpi
[2012.11.13 21:30:24 | 000,029,022 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\xn5poxzs.default\extensions\groovesharkUnlocker@overlord1337.xpi
[2012.11.17 09:58:54 | 000,566,853 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\xn5poxzs.default\extensions\toolbar@web.de.xpi
[2012.11.23 16:36:26 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\xn5poxzs.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.11.17 09:59:02 | 000,000,911 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\xn5poxzs.default\searchplugins\11-suche.xml
[2012.11.17 09:59:02 | 000,002,273 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\xn5poxzs.default\searchplugins\englische-ergebnisse.xml
[2012.11.17 09:59:02 | 000,010,563 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\xn5poxzs.default\searchplugins\gmx-suche.xml
[2012.11.17 09:59:02 | 000,002,432 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\xn5poxzs.default\searchplugins\lastminute.xml
[2012.11.17 09:59:02 | 000,005,545 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\xn5poxzs.default\searchplugins\webde-suche.xml
[2012.12.07 11:10:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.06 16:06:55 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.12.07 11:10:38 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.07.20 19:33:33 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.27 20:04:38 | 000,006,530 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.09.02 14:06:30 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.20 19:33:33 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.20 19:33:33 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.20 19:33:33 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.20 19:33:33 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.delta-search.com/?affID=117116&tt=261112_yh_4812_3&babsrc=HP_ss&mntrId=7c0d487600000000000000242c2e0a08
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.delta-search.com/?affID=117116&tt=261112_yh_4812_3&babsrc=HP_ss&mntrId=7c0d487600000000000000242c2e0a08
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: AVG Safe Search = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\
CHR - Extension: AVG Do Not Track = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: GoPhoto.it = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.4_0\
 
O1 HOSTS File: ([2012.06.19 21:31:44 | 000,442,859 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 15217 more lines...
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll ()
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: &AOL Toolbar-Suche - Reg Error: Value error. File not found
O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlall.htm File not found
O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlselected.htm File not found
O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dllink.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlfvideo.htm File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F9C837D-908C-4871-8CC6-0A4721AAAB56}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C40ECEE-3D94-47FC-BD18-D044AABB47E7}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E202D364-A12F-4650-9393-FDC52DA123F0}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Programme\vShare\vshare_toolbar.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\25911~1.18\{c16c1~1\mngr.dll) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{206f0890-2837-11e2-913b-00238bab1061}\Shell - "" = AutoRun
O33 - MountPoints2\{206f0890-2837-11e2-913b-00238bab1061}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{364aab4a-29a2-11e2-bd4c-00238bab1061}\Shell - "" = AutoRun
O33 - MountPoints2\{364aab4a-29a2-11e2-bd4c-00238bab1061}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.14 19:41:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.12.14 19:11:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.12.14 19:11:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.14 19:11:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.14 19:11:05 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.12.14 19:11:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.12.14 11:13:13 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Party bei uns
[2012.12.13 22:43:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.12.12 17:10:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.12.12 17:10:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.12.11 18:04:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\AVG2013
[2012.12.11 17:59:10 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2012.12.11 17:56:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\MFAData
[2012.12.11 17:56:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Avg2013
[2012.12.11 14:06:16 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.12.07 11:10:26 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.11.27 20:04:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.11.27 20:04:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Babylon
[2012.11.27 20:04:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012.11.27 20:03:59 | 000,000,000 | ---D | C] -- C:\Program Files\File Scout
[2012.11.27 19:58:56 | 000,000,000 | ---D | C] -- C:\Program Files\Gophoto.it
[2012.11.27 19:58:04 | 000,000,000 | ---D | C] -- C:\Program Files\ATDheNetTVApp.com
[2012.11.15 17:10:25 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Ideensammlung Masterarbeit
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.14 19:44:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.14 19:42:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.12.14 19:40:46 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.12.14 19:39:39 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.12.14 19:16:02 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.14 16:16:03 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.14 11:05:03 | 000,010,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.14 11:05:03 | 000,010,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.14 10:57:47 | 000,366,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.14 10:56:45 | 000,000,247 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012.12.14 10:52:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.14 10:51:07 | 2413,498,368 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.13 19:30:41 | 000,002,151 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.12.13 13:38:01 | 000,009,003 | ---- | M] () -- C:\Users\***\Desktop\Stundenzettel Dezember.odt
[2012.12.11 18:01:51 | 000,000,951 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012.12.11 14:06:03 | 314,490,044 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.12.11 11:39:30 | 000,682,320 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.11 11:39:30 | 000,639,594 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.11 11:39:30 | 000,142,316 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.11 11:39:30 | 000,116,362 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.11 08:32:25 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFor***.job
[2012.12.10 08:50:03 | 000,008,805 | ---- | M] () -- C:\Users\***\Desktop\Entwurf Fragebogen Masterarbeit_Frank Harloff.pdf
[2012.12.01 19:41:00 | 000,008,460 | ---- | M] () -- C:\Users\***\Desktop\Merkzettel.odt
[2012.12.01 18:14:16 | 000,027,520 | ---- | M] () -- C:\Users\***\AppData\Local\dt.dat
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.14 19:40:46 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.12.14 19:39:36 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.12.11 18:01:51 | 000,000,951 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012.12.11 14:06:03 | 314,490,044 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.12.10 08:50:02 | 000,008,805 | ---- | C] () -- C:\Users\***\Desktop\Entwurf Fragebogen Masterarbeit_Frank Harloff.pdf
[2012.12.05 19:35:10 | 000,009,003 | ---- | C] () -- C:\Users\***\Desktop\Stundenzettel Dezember.odt
[2012.12.01 18:14:16 | 000,027,520 | ---- | C] () -- C:\Users\***\AppData\Local\dt.dat
[2012.11.27 20:22:32 | 000,093,483 | ---- | C] () -- C:\Users\***\Desktop\vshare-plugin.xpi
[2012.11.26 13:14:44 | 000,000,330 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleFor***.job
[2012.11.15 18:26:18 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.15 18:13:30 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.12 22:21:49 | 001,558,432 | ---- | C] () -- C:\Windows\TotalUninstaller.exe
[2012.11.12 22:21:19 | 000,310,272 | ---- | C] () -- C:\Windows\System32\UPDIO2.dll
[2012.11.12 22:21:18 | 000,024,064 | ---- | C] () -- C:\Windows\System32\spd__l.dll
[2012.11.12 22:21:17 | 000,254,464 | ---- | C] () -- C:\Windows\System32\SUPDRun.exe
[2012.11.12 22:21:17 | 000,151,552 | ---- | C] () -- C:\Windows\System32\spd__ci.exe
[2012.11.06 18:20:28 | 000,000,247 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2012.11.06 17:34:01 | 000,022,140 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2011.10.15 11:58:06 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.07.17 12:55:20 | 000,006,855 | ---- | C] () -- C:\Users\***\AppData\Roaming\.freeciv-client-rc-2.2
[2011.06.23 14:22:24 | 000,000,021 | ---- | C] () -- C:\Windows\clofghls.dll
[2011.06.23 14:08:14 | 000,000,052 | ---- | C] () -- C:\Windows\mafosav.INI
[2009.09.22 15:39:52 | 000,000,124 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.11.06 16:45:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.freeciv
[2012.12.11 18:04:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AVG2013
[2012.11.27 20:04:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Babylon
[2012.12.08 18:36:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2012.11.06 16:45:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Flood Light Games
[2012.11.06 16:45:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FloodLightGames
[2012.11.06 16:45:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Free Download Manager
[2012.11.06 16:45:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\funkitron
[2012.11.06 16:45:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2012.11.06 16:45:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Jens Lorek
[2012.11.06 16:45:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Magic Academy
[2012.11.06 16:45:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MysteriousCaseOfJekyllAndHyde
[2012.11.06 16:45:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2012.11.18 19:11:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge
[2012.11.06 16:45:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PlayFirst
[2012.11.06 16:45:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SPORE Creature Creator
[2012.11.06 16:45:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template
[2012.11.06 16:45:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TubeBox
[2012.11.06 16:45:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


Extra.txt:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 14.12.2012 19:43:24 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,63 Gb Available Physical Memory | 54,48% Memory free
5,99 Gb Paging File | 4,60 Gb Available in Paging File | 76,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,42 Gb Total Space | 98,85 Gb Free Space | 44,45% Space Free | Partition Type: NTFS
Drive D: | 10,47 Gb Total Space | 1,78 Gb Free Space | 17,05% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\File Scout\filescout.exe" /open "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{25C16CEF-643C-43F3-A366-55FFF1F345AB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3BD0A003-DEBA-42F3-A535-6B7A4D38BEB1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{519F0BDF-006D-4A7A-B39B-9F84517A92D0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{53969A2E-3187-4AF4-9619-467D38B4A3C7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6F84051A-ECBE-4203-A2D7-C67A0FE98A6B}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{80AE2D2F-9266-4ACD-A965-77F9DE0792FE}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8D718FE1-E2C1-4B82-9C75-D3854F77E6EF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9E65708D-7E96-4D4C-9BF4-831CC65544A6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AD3B1388-81E7-426D-B5F9-20D50D026D92}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AD7832E0-CC0F-4DFE-9684-ACBBBC4E5D72}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BA3FDD23-7FE6-4B35-AC7C-E81CCAF803E7}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C543D84D-EE27-421D-8D37-4C6A5664E316}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{E0BF6D86-3F1B-4FA4-AFCE-A021C165A625}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0941BB9E-BFA2-4692-99A8-71BFFEB11EDD}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | 
"{0C499CFE-8F58-44ED-B36B-6DC9826197A3}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | 
"{15857FC3-2CE4-4577-957D-CE84931C6BF0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{16B61A5F-B4A3-434B-B6AA-6D2A78492A50}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{1D188C0B-8DCE-4DB4-A12D-3C3F1AA37559}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{2F8F67FA-B02F-4FB5-A875-ECFEBF1B8E9A}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | 
"{30477E00-E9FC-4369-919D-83B86A82E028}" = dir=in | app=c:\program files\msn messenger\livecall.exe | 
"{415B228E-7BC0-4404-8CC2-F2BE42208C59}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | 
"{43B3F5A1-CAC7-4B7E-A697-4F82D0688047}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4A3C9A41-931D-4423-B5CE-03C8ECAC7038}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | 
"{4A5159C3-ECF7-450B-A325-15294D3225ED}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4EF124FA-CECF-40F4-B246-D51274D21B2B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5DD9912D-52AC-43A2-917F-33318DC40916}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | 
"{672C03A0-8384-439C-8C91-38A05D23944A}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc2.exe | 
"{67A4103D-0200-4716-B453-F35D98F1D417}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | 
"{680AAAA4-E799-47B7-BF08-1EAD97F3F740}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6A796975-6D34-42A4-BDA9-3023E39B5E30}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{7BE70267-B1C2-40A0-BB37-14EAD22BAE89}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{870E6236-CC6E-4ABE-AD47-A552A659D1E4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8ED344FC-1C05-4C88-A249-AF1EEFCE0933}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe | 
"{AF78001D-4612-4970-8BD6-C271B723A30D}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | 
"{BC6F1A31-51D8-4388-ADE3-7218113D0A02}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{BC8BB9B6-27E6-48DD-87B5-23D8AD8BDDBC}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | 
"{BEE31758-B07A-493D-A92F-0E38CDC46622}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc2.exe | 
"{C48D4C68-81BE-48B5-9764-58089F4D915E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CD761528-B5E1-4C35-8F84-F59E36F26186}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{D5A1627A-84C0-427E-9844-773F9A48E38D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E168CBF9-69C9-43C5-BB79-0A729BFBA9A1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E9ACF33D-B456-4C0D-B183-C788C24525D8}" = protocol=6 | dir=out | app=system | 
"{F5748EB9-181A-42CA-B82F-DCE2DF905AE6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F799B461-383F-42B8-8996-8BC7727A769B}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe | 
"{FDB6D39A-34BE-4013-B24B-0C209E07C760}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{1889A63C-0602-43DC-85FE-06DA030AB1A5}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{73E25503-2B0B-47A6-8EE0-3DD156AFE037}C:\program files\freeciv-2.2.6-gtk2\freeciv-server.exe" = protocol=6 | dir=in | app=c:\program files\freeciv-2.2.6-gtk2\freeciv-server.exe | 
"TCP Query User{76B27BEC-9256-4265-BBE1-EE807E93AC87}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{806F77FA-C868-4130-ABB4-4EA87DE2A500}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{8D6F5F05-5BC3-463A-A200-5C2F3EBF5B98}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{980902AA-20C7-49D0-809F-F18C806C237F}C:\program files\freeciv-2.2.6-gtk2\freeciv-server.exe" = protocol=17 | dir=in | app=c:\program files\freeciv-2.2.6-gtk2\freeciv-server.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{010C0B4A-DC93-4BB4-893B-BDDE95355A3E}" = Freeware PDF Unlocker
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{08B785C1-3893-4154-B53B-F5D341D0AAAA}" = Cisco Systems VPN Client 5.0.06.0110
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software  1.14.17.1
"{14ECAABB-C8B9-4A09-92F7-CDF1A45B6DDE}" = Google Drive
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{17050C48-16CB-4500-A102-CEAD750CE11E}" = HP User Guides 0138
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{24F5BFDD-18E0-41F6-8A68-A22C742FC4A1}" = TubeBox!
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3332A615-7171-4545-9012-3D0AEB693CB9}" = .NET Utilities
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 M1
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5D412B61-F3A7-42C6-9C07-29BBD3D442B1}" = AVG 2013
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F5CC15D-BA72-431B-A676-0FE5F2513178}" = AVG 2013
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5E29403-3D25-40C6-892B-F9FEE2A95585}" = HP Wireless Assistant
"{E8020EC7-5DD8-80C9-7237-7B2E9BDA8CC6}" = muvee Reveal
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Audiograbber" = Audiograbber 1.83 SE 
"AVG" = AVG 2013
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"Freeciv-2.2.6-gtk2" = Freeciv 2.2.6 (GTK+ client)
"Google Chrome" = Google Chrome
"GridinSoft Trojan Killer" = Trojan Killer
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Samsung Universal Print Driver" = Samsung Universal Print Driver
"Sandlot Games Client Services 1.2.2_is1" = Sandlot Games Client Services 1.2.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"VLC media player" = VLC media player 1.0.3
"vShare" = vShare Plugin
"WildTangent hp Master Uninstall" = HP Games
"WinRAR archiver" = WinRAR
"WT078861" = Women's Murder Club - Twice in a Blue Moon
"WTA-5fb6bd6e-f398-42c4-82ec-20a1ddd55b9c" = The Mysterious Case of Dr. Jekyll and Mr. Hyde
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"pdfsam" = pdfsam
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 04.05.2012 04:31:54 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Error - 04.05.2012 09:51:23 | Computer Name = ***-PC | Source = WinMgmt | ID
 = 10
 
Description = 
Error - 04.05.2012 09:51:36 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2
 | ID = 131083
 
Description = 
Error - 05.05.2012 04:29:05 | Computer Name = ***-PC | Source = WinMgmt | ID
 = 10
 
Description = 
Error - 05.05.2012 04:29:15 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2
 | ID = 131083
 
Description = 
Error - 06.05.2012 03:21:21 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2
 | ID = 131083
 
Description = 
Error - 06.05.2012 03:21:21 | Computer Name = ***-PC | Source = WinMgmt | ID
 = 10
 
Description = 
Error - 07.05.2012 02:07:44 | Computer Name = ***-PC | Source = WinMgmt | ID
 = 10
 
Description = 
Error - 07.05.2012 02:07:54 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2
 | ID = 131083
 
Description = 
Error - 07.05.2012 06:41:38 | Computer Name = ***-PC | Source = WinMgmt | ID
 = 10
 
Description = 
Error - 07.05.2012 06:41:57 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2
 | ID = 131083
 
Description = 
Error - 08.05.2012 01:13:38 | Computer Name = ***-PC | Source = WinMgmt | ID
 = 10
 
Description = 
Error - 08.05.2012 01:13:47 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2
 | ID = 131083
 
Description = 
Error - 08.05.2012 08:08:24 | Computer Name = ***-PC | Source = WinMgmt | ID
 = 10
 
Description = 
Error - 08.05.2012 08:08:24 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2
 | ID = 131083
 
Description = 
 
Error encountered while reading event logs.
 
< End of report >
         
--- --- ---

GMER hängt sich auf, immer wenn unten "Device/harddiskvolumeshadowcopy3" steht.

Geändert von kartoffelken (14.12.2012 um 20:18 Uhr)

Alt 14.12.2012, 20:16   #2
markusg
/// Malware-holic
 
Trojan Speyeyes und Rogue.Live Sexurity Platinum gefunden - Standard

Trojan Speyeyes und Rogue.Live Sexurity Platinum gefunden



Hi
und warum postest du uns das Malwarebytes log nicht, wie sollen wir es auswerten? :-)
http://www.trojaner-board.de/125889-...en-posten.html
__________________

__________________

Alt 14.12.2012, 20:19   #3
kartoffelken
 
Trojan Speyeyes und Rogue.Live Sexurity Platinum gefunden - Standard

Trojan Speyeyes und Rogue.Live Sexurity Platinum gefunden



Ach herrje, dass es da sowas gibt wusste ich nicht. nachdem GMER jetzt mehrmals abgestürzt ist starte ich den PC neu und schau dann, was ich tun kann!
__________________

Alt 14.12.2012, 20:27   #4
markusg
/// Malware-holic
 
Trojan Speyeyes und Rogue.Live Sexurity Platinum gefunden - Standard

Trojan Speyeyes und Rogue.Live Sexurity Platinum gefunden



Hi log wird am Ende eig autom geöffnet
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 14.12.2012, 20:31   #5
kartoffelken
 
Trojan Speyeyes und Rogue.Live Sexurity Platinum gefunden - Standard

Trojan Speyeyes und Rogue.Live Sexurity Platinum gefunden



Habs gefunden.

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.14.08

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
*** :: ***-PC [Administrator]

14.12.2012 19:12:06
mbam-log-2012-12-14 (19-12-06).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 201866
Laufzeit: 9 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Recycle.Bin (Trojan.Spyeyes) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


Alt 14.12.2012, 20:33   #6
markusg
/// Malware-holic
 
Trojan Speyeyes und Rogue.Live Sexurity Platinum gefunden - Standard

Trojan Speyeyes und Rogue.Live Sexurity Platinum gefunden



Aloa,
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
--> Trojan Speyeyes und Rogue.Live Sexurity Platinum gefunden

Alt 14.12.2012, 20:42   #7
kartoffelken
 
Trojan Speyeyes und Rogue.Live Sexurity Platinum gefunden - Standard

Trojan Speyeyes und Rogue.Live Sexurity Platinum gefunden



20:38:52.0586 4328 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:38:52.0867 4328 ============================================================
20:38:52.0867 4328 Current date / time: 2012/12/14 20:38:52.0867
20:38:52.0867 4328 SystemInfo:
20:38:52.0867 4328
20:38:52.0867 4328 OS Version: 6.1.7600 ServicePack: 0.0
20:38:52.0867 4328 Product type: Workstation
20:38:52.0867 4328 ComputerName: FRANKIE-PC
20:38:52.0867 4328 UserName: Frankie
20:38:52.0867 4328 Windows directory: C:\Windows
20:38:52.0867 4328 System windows directory: C:\Windows
20:38:52.0867 4328 Processor architecture: Intel x86
20:38:52.0867 4328 Number of processors: 2
20:38:52.0867 4328 Page size: 0x1000
20:38:52.0867 4328 Boot type: Normal boot
20:38:52.0867 4328 ============================================================
20:38:56.0049 4328 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:38:56.0049 4328 ============================================================
20:38:56.0049 4328 \Device\Harddisk0\DR0:
20:38:56.0049 4328 MBR partitions:
20:38:56.0049 4328 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1BCD4800
20:38:56.0049 4328 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1BCD5000, BlocksNum 0x14EF000
20:38:56.0049 4328 ============================================================
20:38:56.0221 4328 C: <-> \Device\Harddisk0\DR0\Partition1
20:38:56.0299 4328 D: <-> \Device\Harddisk0\DR0\Partition2
20:38:56.0299 4328 ============================================================
20:38:56.0299 4328 Initialize success
20:38:56.0299 4328 ============================================================
20:39:18.0373 5600 ============================================================
20:39:18.0373 5600 Scan started
20:39:18.0373 5600 Mode: Manual; SigCheck; TDLFS;
20:39:18.0373 5600 ============================================================
20:39:21.0384 5600 ================ Scan system memory ========================
20:39:21.0384 5600 System memory - ok
20:39:21.0384 5600 ================ Scan services =============================
20:39:22.0476 5600 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
20:39:22.0600 5600 1394ohci - ok
20:39:22.0912 5600 [ 9AD3AC19F5A9968DB4297C4319D7CDDB ] acedrv01 C:\Windows\system32\drivers\acedrv01.sys
20:39:22.0975 5600 acedrv01 ( UnsignedFile.Multi.Generic ) - warning
20:39:22.0975 5600 acedrv01 - detected UnsignedFile.Multi.Generic (1)
20:39:23.0037 5600 [ E00A398C09A6515769A4BC39E91064EB ] acedrv02 C:\Windows\system32\drivers\acedrv02.sys
20:39:23.0131 5600 acedrv02 ( UnsignedFile.Multi.Generic ) - warning
20:39:23.0131 5600 acedrv02 - detected UnsignedFile.Multi.Generic (1)
20:39:23.0178 5600 [ 903DE75450A5CC4B26C3D33E3A64FC58 ] acedrv03 C:\Windows\system32\drivers\acedrv03.sys
20:39:23.0240 5600 acedrv03 ( UnsignedFile.Multi.Generic ) - warning
20:39:23.0240 5600 acedrv03 - detected UnsignedFile.Multi.Generic (1)
20:39:23.0349 5600 [ 2D838D7CE9B7CDAFDEC7ED43CC99FA1E ] acedrv04 C:\Windows\system32\drivers\acedrv04.sys
20:39:23.0474 5600 acedrv04 ( UnsignedFile.Multi.Generic ) - warning
20:39:23.0474 5600 acedrv04 - detected UnsignedFile.Multi.Generic (1)
20:39:23.0521 5600 [ 0A1E97197609F92D2425B67DA0BB0A7F ] acedrv05 C:\Windows\system32\drivers\acedrv05.sys
20:39:23.0614 5600 acedrv05 ( UnsignedFile.Multi.Generic ) - warning
20:39:23.0614 5600 acedrv05 - detected UnsignedFile.Multi.Generic (1)
20:39:23.0708 5600 [ 44010948BDE6ADE50DD1386657C73E83 ] acedrv06 C:\Windows\system32\drivers\acedrv06.sys
20:39:23.0786 5600 acedrv06 ( UnsignedFile.Multi.Generic ) - warning
20:39:23.0786 5600 acedrv06 - detected UnsignedFile.Multi.Generic (1)
20:39:23.0833 5600 [ 4E5451DD0AEC8504D7F8030DD2D4C416 ] acedrv07 C:\Windows\system32\drivers\acedrv07.sys
20:39:23.0895 5600 acedrv07 ( UnsignedFile.Multi.Generic ) - warning
20:39:23.0895 5600 acedrv07 - detected UnsignedFile.Multi.Generic (1)
20:39:23.0989 5600 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
20:39:24.0036 5600 ACPI - ok
20:39:24.0051 5600 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
20:39:24.0114 5600 AcpiPmi - ok
20:39:24.0472 5600 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:39:24.0504 5600 AdobeARMservice - ok
20:39:24.0628 5600 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:39:24.0660 5600 AdobeFlashPlayerUpdateSvc - ok
20:39:24.0722 5600 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:39:24.0753 5600 adp94xx - ok
20:39:24.0784 5600 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:39:24.0816 5600 adpahci - ok
20:39:24.0816 5600 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:39:24.0847 5600 adpu320 - ok
20:39:24.0878 5600 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:39:24.0925 5600 AeLookupSvc - ok
20:39:25.0143 5600 [ 087B04CA45E2F059A55709B0B8F95EA9 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_55dec32c4954532c\aestsrv.exe
20:39:25.0221 5600 AESTFilters - ok
20:39:25.0377 5600 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:\Windows\system32\drivers\afd.sys
20:39:25.0611 5600 AFD - ok
20:39:25.0845 5600 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
20:39:25.0876 5600 agp440 - ok
20:39:26.0095 5600 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
20:39:26.0126 5600 aic78xx - ok
20:39:26.0204 5600 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
20:39:26.0251 5600 ALG - ok
20:39:26.0251 5600 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
20:39:26.0282 5600 aliide - ok
20:39:26.0282 5600 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys
20:39:26.0298 5600 amdagp - ok
20:39:26.0313 5600 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
20:39:26.0329 5600 amdide - ok
20:39:26.0360 5600 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:39:26.0391 5600 AmdK8 - ok
20:39:26.0407 5600 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:39:26.0422 5600 AmdPPM - ok
20:39:26.0485 5600 [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:39:26.0500 5600 amdsata - ok
20:39:26.0532 5600 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:39:26.0547 5600 amdsbs - ok
20:39:26.0610 5600 [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:39:26.0641 5600 amdxata - ok
20:39:26.0781 5600 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys
20:39:26.0828 5600 AppID - ok
20:39:26.0875 5600 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:39:26.0906 5600 AppIDSvc - ok
20:39:26.0922 5600 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll
20:39:27.0015 5600 Appinfo - ok
20:39:27.0031 5600 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
20:39:27.0046 5600 arc - ok
20:39:27.0078 5600 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:39:27.0109 5600 arcsas - ok
20:39:27.0546 5600 [ 39CDCB109BF200CC8A05B9C7E6272D11 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:39:27.0577 5600 aspnet_state - ok
20:39:27.0608 5600 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:39:27.0670 5600 AsyncMac - ok
20:39:27.0717 5600 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\DRIVERS\atapi.sys
20:39:27.0748 5600 atapi - ok
20:39:27.0951 5600 [ 614A60AEE03A6151FDCBAC295854A9CB ] athr C:\Windows\system32\DRIVERS\athr.sys
20:39:28.0232 5600 athr - ok
20:39:28.0341 5600 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:39:28.0419 5600 AudioEndpointBuilder - ok
20:39:28.0435 5600 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll
20:39:28.0466 5600 Audiosrv - ok
20:39:28.0965 5600 [ 56C73C5BC1656656CAC38A23B4310466 ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe
20:39:29.0059 5600 AVGIDSAgent - ok
20:39:29.0106 5600 [ 7BB2C605094DBCA536D127B434214862 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys
20:39:29.0121 5600 AVGIDSDriver - ok
20:39:29.0230 5600 [ 8F50F98686C9A397A19FCBAE284DB1C5 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys
20:39:29.0262 5600 AVGIDSHX - ok
20:39:29.0371 5600 [ A8DE230CC8536790CA07D37FBCD87A74 ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys
20:39:29.0386 5600 AVGIDSShim - ok
20:39:29.0402 5600 [ D53D35031365A0ECCB1DC1BC1B15B18E ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys
20:39:29.0418 5600 Avgldx86 - ok
20:39:29.0433 5600 [ 95889A9D23F3133250FA8AD13C982D58 ] Avglogx C:\Windows\system32\DRIVERS\avglogx.sys
20:39:29.0449 5600 Avglogx - ok
20:39:29.0511 5600 [ 6C7C00B8DD22B4343B47FED148387057 ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys
20:39:29.0527 5600 Avgmfx86 - ok
20:39:29.0589 5600 [ F3D57358DE0B8B3491013C615754A7C7 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys
20:39:29.0605 5600 Avgrkx86 - ok
20:39:29.0667 5600 [ BA73B38E9033FC6018DB736B635706AE ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys
20:39:29.0698 5600 Avgtdix - ok
20:39:30.0026 5600 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe
20:39:30.0057 5600 avgwd - ok
20:39:30.0229 5600 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:39:30.0338 5600 AxInstSV - ok
20:39:30.0432 5600 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
20:39:30.0478 5600 b06bdrv - ok
20:39:30.0510 5600 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
20:39:30.0588 5600 b57nd60x - ok
20:39:30.0650 5600 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
20:39:30.0681 5600 BDESVC - ok
20:39:30.0681 5600 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
20:39:30.0744 5600 Beep - ok
20:39:30.0790 5600 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\Windows\System32\bfe.dll
20:39:30.0837 5600 BFE - ok
20:39:30.0900 5600 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\Windows\System32\qmgr.dll
20:39:30.0978 5600 BITS - ok
20:39:30.0993 5600 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:39:31.0024 5600 blbdrive - ok
20:39:31.0274 5600 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:39:31.0461 5600 bowser - ok
20:39:31.0477 5600 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:39:31.0570 5600 BrFiltLo - ok
20:39:31.0586 5600 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:39:31.0617 5600 BrFiltUp - ok
20:39:31.0726 5600 [ A0E691DC6589D4D2CBE373171D1A49E5 ] Browser C:\Windows\System32\browser.dll
20:39:31.0773 5600 Browser - ok
20:39:31.0851 5600 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:39:32.0054 5600 Brserid - ok
20:39:32.0070 5600 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:39:32.0101 5600 BrSerWdm - ok
20:39:32.0116 5600 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:39:32.0148 5600 BrUsbMdm - ok
20:39:32.0148 5600 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:39:32.0179 5600 BrUsbSer - ok
20:39:32.0179 5600 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:39:32.0226 5600 BTHMODEM - ok
20:39:32.0304 5600 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
20:39:32.0382 5600 bthserv - ok
20:39:32.0413 5600 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:39:32.0460 5600 cdfs - ok
20:39:32.0506 5600 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:39:32.0538 5600 cdrom - ok
20:39:32.0631 5600 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll
20:39:32.0678 5600 CertPropSvc - ok
20:39:32.0725 5600 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:39:32.0772 5600 circlass - ok
20:39:32.0818 5600 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
20:39:32.0834 5600 CLFS - ok
20:39:32.0959 5600 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:39:32.0990 5600 clr_optimization_v2.0.50727_32 - ok
20:39:33.0193 5600 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:39:33.0427 5600 clr_optimization_v4.0.30319_32 - ok
20:39:33.0458 5600 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:39:33.0505 5600 CmBatt - ok
20:39:33.0520 5600 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
20:39:33.0536 5600 cmdide - ok
20:39:33.0739 5600 [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG C:\Windows\system32\Drivers\cng.sys
20:39:33.0786 5600 CNG - ok
20:39:34.0207 5600 [ 2F27104F5D6ED63FDAC38CACB9D19DFD ] Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
20:39:34.0238 5600 Com4QLBEx - ok
20:39:34.0441 5600 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:39:34.0456 5600 Compbatt - ok
20:39:34.0472 5600 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
20:39:34.0534 5600 CompositeBus - ok
20:39:34.0550 5600 COMSysApp - ok
20:39:34.0550 5600 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:39:34.0566 5600 crcdisk - ok
20:39:34.0706 5600 [ F2FDE6C8DBAAD44CC58D1E07E4AF4EED ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:39:34.0800 5600 CryptSvc - ok
20:39:35.0065 5600 [ EA4300E53E5D4D1912AD04985F6264F0 ] CVPND C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
20:39:35.0096 5600 CVPND - ok
20:39:35.0299 5600 [ 34C345AAF390C12AE6E51B75198E8564 ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
20:39:35.0346 5600 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
20:39:35.0346 5600 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
20:39:35.0408 5600 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll
20:39:35.0470 5600 DcomLaunch - ok
20:39:35.0829 5600 [ CC8B5C964B777F4EC3E89F13B4B5FF0F ] DCService.exe C:\ProgramData\DatacardService\DCService.exe
20:39:35.0845 5600 DCService.exe ( UnsignedFile.Multi.Generic ) - warning
20:39:35.0845 5600 DCService.exe - detected UnsignedFile.Multi.Generic (1)
20:39:35.0923 5600 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
20:39:36.0001 5600 defragsvc - ok
20:39:36.0094 5600 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:39:36.0172 5600 DfsC - ok
20:39:36.0219 5600 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll
20:39:36.0266 5600 Dhcp - ok
20:39:36.0282 5600 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
20:39:36.0313 5600 discache - ok
20:39:36.0375 5600 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:39:36.0391 5600 Disk - ok
20:39:36.0594 5600 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:39:36.0656 5600 Dnscache - ok
20:39:36.0718 5600 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll
20:39:36.0781 5600 dot3svc - ok
20:39:36.0812 5600 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll
20:39:36.0843 5600 DPS - ok
20:39:36.0937 5600 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:39:36.0968 5600 drmkaud - ok
20:39:37.0093 5600 [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:39:37.0124 5600 DXGKrnl - ok
20:39:37.0171 5600 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
20:39:37.0218 5600 EapHost - ok
20:39:37.0405 5600 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
20:39:37.0483 5600 ebdrv - ok
20:39:37.0592 5600 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS C:\Windows\System32\lsass.exe
20:39:37.0670 5600 EFS - ok
20:39:38.0107 5600 [ 1697C39978CD69F6FBC15302EDCECE1F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:39:38.0216 5600 ehRecvr - ok
20:39:38.0247 5600 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
20:39:38.0325 5600 ehSched - ok
20:39:38.0419 5600 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:39:38.0466 5600 elxstor - ok
20:39:38.0466 5600 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
20:39:38.0497 5600 ErrDev - ok
20:39:38.0590 5600 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
20:39:38.0653 5600 EventSystem - ok
20:39:38.0871 5600 [ 921878114F48949CFAE9ABE6FC4C4CC3 ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
20:39:38.0934 5600 ewusbnet - ok
20:39:38.0965 5600 [ E98A64C7F106740A38FB2B78197816F8 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
20:39:39.0012 5600 ew_hwusbdev - ok
20:39:39.0027 5600 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
20:39:39.0074 5600 exfat - ok
20:39:39.0121 5600 [ 42F721C52EEF2D6DF9372A53813A83EF ] ezSharedSvc C:\Windows\System32\ezsvc7.dll
20:39:39.0183 5600 ezSharedSvc ( UnsignedFile.Multi.Generic ) - warning
20:39:39.0183 5600 ezSharedSvc - detected UnsignedFile.Multi.Generic (1)
20:39:39.0199 5600 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:39:39.0246 5600 fastfat - ok
20:39:39.0324 5600 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe
20:39:39.0386 5600 Fax - ok
20:39:39.0433 5600 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:39:39.0480 5600 fdc - ok
20:39:39.0526 5600 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
20:39:39.0558 5600 fdPHost - ok
20:39:39.0604 5600 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
20:39:39.0667 5600 FDResPub - ok
20:39:39.0667 5600 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:39:39.0682 5600 FileInfo - ok
20:39:39.0698 5600 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:39:39.0745 5600 Filetrace - ok
20:39:39.0745 5600 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:39:39.0776 5600 flpydisk - ok
20:39:39.0807 5600 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:39:39.0823 5600 FltMgr - ok
20:39:39.0885 5600 [ 7FE4995528A7529A761875151EE3D512 ] FontCache C:\Windows\system32\FntCache.dll
20:39:39.0932 5600 FontCache - ok
20:39:40.0291 5600 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:39:40.0322 5600 FontCache3.0.0.0 - ok
20:39:40.0322 5600 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:39:40.0353 5600 FsDepends - ok
20:39:40.0447 5600 [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:39:40.0462 5600 Fs_Rec - ok
20:39:40.0618 5600 [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:39:40.0650 5600 fvevol - ok
20:39:40.0774 5600 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:39:40.0806 5600 gagp30kx - ok
20:39:40.0915 5600 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files\WildTangent Games\App\GamesAppService.exe
20:39:40.0946 5600 GamesAppService - ok
20:39:41.0024 5600 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll
20:39:41.0071 5600 gpsvc - ok
20:39:41.0133 5600 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
20:39:41.0164 5600 gupdate - ok
20:39:41.0180 5600 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
20:39:41.0196 5600 gupdatem - ok
20:39:41.0227 5600 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:39:41.0258 5600 hcw85cir - ok
20:39:41.0274 5600 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:39:41.0320 5600 HDAudBus - ok
20:39:41.0352 5600 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:39:41.0398 5600 HidBatt - ok
20:39:41.0398 5600 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:39:41.0430 5600 HidBth - ok
20:39:41.0445 5600 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:39:41.0476 5600 HidIr - ok
20:39:41.0492 5600 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
20:39:41.0554 5600 hidserv - ok
20:39:41.0851 5600 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:39:41.0913 5600 HidUsb - ok
20:39:41.0944 5600 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:39:41.0976 5600 hkmsvc - ok
20:39:42.0022 5600 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:39:42.0085 5600 HomeGroupListener - ok
20:39:42.0147 5600 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:39:42.0194 5600 HomeGroupProvider - ok
20:39:42.0303 5600 [ A19B0BB5A7EB6DF2DD4A0711D36955EE ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
20:39:42.0334 5600 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
20:39:42.0334 5600 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
20:39:42.0412 5600 [ 35956140E686D53BF676CF0C778880FC ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
20:39:42.0475 5600 HpqKbFiltr - ok
20:39:42.0724 5600 [ 188FF0ADF66768D53AD94F43972E1E9A ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
20:39:42.0834 5600 hpqwmiex ( UnsignedFile.Multi.Generic ) - warning
20:39:42.0834 5600 hpqwmiex - detected UnsignedFile.Multi.Generic (1)
20:39:42.0912 5600 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
20:39:42.0958 5600 HpSAMD - ok
20:39:42.0990 5600 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:39:43.0083 5600 HTTP - ok
20:39:43.0114 5600 [ 0B3957226EC94B1ECB7B9348BB535A23 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
20:39:43.0161 5600 hwdatacard - ok
20:39:43.0161 5600 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:39:43.0177 5600 hwpolicy - ok
20:39:43.0192 5600 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:39:43.0224 5600 i8042prt - ok
20:39:43.0286 5600 [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:39:43.0333 5600 iaStorV - ok
20:39:43.0473 5600 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:39:43.0520 5600 idsvc - ok
20:39:43.0567 5600 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:39:43.0582 5600 iirsp - ok
20:39:43.0660 5600 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll
20:39:43.0770 5600 IKEEXT - ok
20:39:43.0785 5600 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
20:39:43.0801 5600 intelide - ok
20:39:43.0816 5600 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:39:43.0848 5600 intelppm - ok
20:39:43.0879 5600 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:39:43.0926 5600 IPBusEnum - ok
20:39:43.0941 5600 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:39:43.0972 5600 IpFilterDriver - ok
20:39:44.0035 5600 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:39:44.0113 5600 iphlpsvc - ok
20:39:44.0160 5600 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
20:39:44.0222 5600 IPMIDRV - ok
20:39:44.0238 5600 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:39:44.0269 5600 IPNAT - ok
20:39:44.0284 5600 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:39:44.0300 5600 IRENUM - ok
20:39:44.0316 5600 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
20:39:44.0331 5600 isapnp - ok
20:39:44.0394 5600 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
20:39:44.0456 5600 iScsiPrt - ok
20:39:44.0487 5600 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:39:44.0503 5600 kbdclass - ok
20:39:44.0518 5600 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:39:44.0550 5600 kbdhid - ok
20:39:44.0581 5600 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso C:\Windows\system32\lsass.exe
20:39:44.0596 5600 KeyIso - ok
20:39:44.0706 5600 [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:39:44.0737 5600 KSecDD - ok
20:39:44.0830 5600 [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:39:44.0862 5600 KSecPkg - ok
20:39:45.0049 5600 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
20:39:45.0127 5600 KtmRm - ok
20:39:45.0205 5600 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\Windows\system32\srvsvc.dll
20:39:45.0267 5600 LanmanServer - ok
20:39:45.0330 5600 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:39:45.0376 5600 LanmanWorkstation - ok
20:39:45.0532 5600 [ ABF90FC5A127F481219B873C1B8DFC1C ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
20:39:45.0720 5600 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
20:39:45.0720 5600 LightScribeService - detected UnsignedFile.Multi.Generic (1)
20:39:45.0751 5600 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:39:45.0798 5600 lltdio - ok
20:39:45.0876 5600 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:39:45.0922 5600 lltdsvc - ok
20:39:45.0922 5600 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
20:39:45.0985 5600 lmhosts - ok
20:39:46.0016 5600 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:39:46.0032 5600 LSI_FC - ok
20:39:46.0047 5600 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:39:46.0063 5600 LSI_SAS - ok
20:39:46.0078 5600 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:39:46.0094 5600 LSI_SAS2 - ok
20:39:46.0110 5600 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:39:46.0125 5600 LSI_SCSI - ok
20:39:46.0141 5600 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
20:39:46.0188 5600 luafv - ok
20:39:46.0484 5600 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\Windows\system32\drivers\mbamswissarmy.sys
20:39:46.0500 5600 MBAMSwissArmy - ok
20:39:46.0593 5600 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:39:46.0656 5600 Mcx2Svc - ok
20:39:46.0687 5600 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:39:46.0718 5600 megasas - ok
20:39:46.0765 5600 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:39:46.0780 5600 MegaSR - ok
20:39:46.0843 5600 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
20:39:46.0890 5600 MMCSS - ok
20:39:46.0905 5600 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
20:39:46.0952 5600 Modem - ok
20:39:46.0968 5600 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:39:46.0999 5600 monitor - ok
20:39:47.0030 5600 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:39:47.0046 5600 mouclass - ok
20:39:47.0046 5600 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:39:47.0077 5600 mouhid - ok
20:39:47.0092 5600 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:39:47.0108 5600 mountmgr - ok
20:39:47.0233 5600 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:39:47.0264 5600 MozillaMaintenance - ok
20:39:47.0280 5600 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\DRIVERS\mpio.sys
20:39:47.0295 5600 mpio - ok
20:39:47.0311 5600 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:39:47.0342 5600 mpsdrv - ok
20:39:47.0373 5600 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\Windows\system32\mpssvc.dll
20:39:47.0404 5600 MpsSvc - ok
20:39:47.0420 5600 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:39:47.0436 5600 MRxDAV - ok
20:39:47.0716 5600 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:39:47.0779 5600 mrxsmb - ok
20:39:47.0935 5600 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:39:48.0138 5600 mrxsmb10 - ok
20:39:48.0169 5600 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:39:48.0184 5600 mrxsmb20 - ok
20:39:48.0216 5600 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
20:39:48.0231 5600 msahci - ok
20:39:48.0247 5600 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
20:39:48.0262 5600 msdsm - ok
20:39:48.0294 5600 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
20:39:48.0325 5600 MSDTC - ok
20:39:48.0340 5600 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:39:48.0403 5600 Msfs - ok
20:39:48.0403 5600 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:39:48.0434 5600 mshidkmdf - ok
20:39:48.0450 5600 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
20:39:48.0465 5600 msisadrv - ok
20:39:48.0528 5600 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:39:48.0574 5600 MSiSCSI - ok
20:39:48.0590 5600 msiserver - ok
20:39:48.0621 5600 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:39:48.0699 5600 MSKSSRV - ok
20:39:48.0715 5600 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:39:48.0746 5600 MSPCLOCK - ok
20:39:48.0762 5600 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:39:48.0793 5600 MSPQM - ok
20:39:48.0809 5600 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:39:48.0824 5600 MsRPC - ok
20:39:48.0824 5600 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:39:48.0855 5600 mssmbios - ok
20:39:48.0855 5600 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:39:48.0887 5600 MSTEE - ok
20:39:48.0887 5600 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:39:48.0918 5600 MTConfig - ok
20:39:48.0918 5600 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
20:39:48.0933 5600 Mup - ok
20:39:49.0011 5600 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll
20:39:49.0058 5600 napagent - ok
20:39:49.0105 5600 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:39:49.0136 5600 NativeWifiP - ok
20:39:49.0167 5600 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:39:49.0199 5600 NDIS - ok
20:39:49.0230 5600 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:39:49.0277 5600 NdisCap - ok
20:39:49.0277 5600 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:39:49.0323 5600 NdisTapi - ok
20:39:49.0339 5600 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:39:49.0401 5600 Ndisuio - ok
20:39:49.0401 5600 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:39:49.0448 5600 NdisWan - ok
20:39:49.0448 5600 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:39:49.0511 5600 NDProxy - ok
20:39:49.0526 5600 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:39:49.0573 5600 NetBIOS - ok
20:39:49.0589 5600 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:39:49.0620 5600 NetBT - ok
20:39:49.0651 5600 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon C:\Windows\system32\lsass.exe
20:39:49.0667 5600 Netlogon - ok
20:39:49.0776 5600 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
20:39:49.0823 5600 Netman - ok
20:39:49.0854 5600 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
20:39:49.0901 5600 netprofm - ok
20:39:49.0963 5600 [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:39:49.0994 5600 NetTcpPortSharing - ok
20:39:50.0041 5600 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:39:50.0057 5600 nfrd960 - ok
20:39:50.0103 5600 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll
20:39:50.0150 5600 NlaSvc - ok
20:39:50.0150 5600 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:39:50.0181 5600 Npfs - ok
20:39:50.0228 5600 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
20:39:50.0275 5600 nsi - ok
20:39:50.0275 5600 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:39:50.0306 5600 nsiproxy - ok
20:39:50.0415 5600 [ 5126C5402C730C2A953275D8497A4715 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:39:50.0462 5600 Ntfs - ok
20:39:50.0649 5600 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
20:39:50.0712 5600 Null - ok
20:39:50.0774 5600 [ 723931A765E8CDDF7FFCB42F5A72CE79 ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
20:39:50.0805 5600 NVHDA - ok
20:39:51.0195 5600 [ 28F79C7C5CDC1D2167D1EA9245705F8E ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:39:51.0695 5600 nvlddmkm - ok
20:39:51.0773 5600 [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:39:51.0804 5600 nvraid - ok
20:39:52.0038 5600 [ 4520B63899E867F354EE012D34E11536 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:39:52.0069 5600 nvstor - ok
20:39:52.0178 5600 [ 31F3ABA02E5531E4B96977BA475EAA31 ] nvsvc C:\Windows\system32\nvvsvc.exe
20:39:52.0209 5600 nvsvc - ok
20:39:52.0241 5600 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
20:39:52.0256 5600 nv_agp - ok
20:39:52.0365 5600 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:39:52.0412 5600 odserv - ok
20:39:52.0428 5600 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
20:39:52.0459 5600 ohci1394 - ok
20:39:52.0615 5600 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:39:52.0646 5600 ose - ok
20:39:52.0833 5600 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:39:52.0865 5600 p2pimsvc - ok
20:39:52.0958 5600 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
20:39:52.0989 5600 p2psvc - ok
20:39:53.0067 5600 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:39:53.0114 5600 Parport - ok
20:39:53.0255 5600 [ 66D3415C159741ADE7038A277EFFF99F ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:39:53.0286 5600 partmgr - ok
20:39:53.0286 5600 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
20:39:53.0348 5600 Parvdm - ok
20:39:53.0364 5600 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:39:53.0442 5600 PcaSvc - ok
20:39:53.0457 5600 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\DRIVERS\pci.sys
20:39:53.0473 5600 pci - ok
20:39:53.0473 5600 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\DRIVERS\pciide.sys
20:39:53.0489 5600 pciide - ok
20:39:53.0520 5600 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:39:53.0535 5600 pcmcia - ok
20:39:53.0535 5600 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
20:39:53.0551 5600 pcw - ok
20:39:53.0645 5600 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:39:53.0769 5600 PEAUTH - ok
20:39:54.0128 5600 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll
20:39:54.0222 5600 pla - ok
20:39:54.0409 5600 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:39:54.0627 5600 PlugPlay - ok
20:39:54.0737 5600 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:39:54.0830 5600 PNRPAutoReg - ok
20:39:54.0939 5600 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:39:54.0971 5600 PNRPsvc - ok
20:39:55.0080 5600 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:39:55.0142 5600 PolicyAgent - ok
20:39:55.0251 5600 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll
20:39:55.0298 5600 Power - ok
20:39:55.0485 5600 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:39:55.0563 5600 PptpMiniport - ok
20:39:55.0610 5600 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:39:55.0688 5600 Processor - ok
20:39:55.0844 5600 [ AEA3BDBDBA667AA6F678CB38907E4F5E ] ProfSvc C:\Windows\system32\profsvc.dll
20:39:55.0860 5600 ProfSvc - ok
20:39:55.0875 5600 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:39:55.0891 5600 ProtectedStorage - ok
20:39:55.0938 5600 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:39:55.0969 5600 Psched - ok
20:39:56.0141 5600 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:39:56.0203 5600 ql2300 - ok
20:39:56.0312 5600 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:39:56.0343 5600 ql40xx - ok
20:39:56.0406 5600 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
20:39:56.0437 5600 QWAVE - ok
20:39:56.0453 5600 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:39:56.0484 5600 QWAVEdrv - ok
20:39:56.0499 5600 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:39:56.0531 5600 RasAcd - ok
20:39:56.0562 5600 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:39:56.0609 5600 RasAgileVpn - ok
20:39:56.0640 5600 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
20:39:56.0687 5600 RasAuto - ok
20:39:56.0718 5600 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:39:56.0765 5600 Rasl2tp - ok
20:39:56.0811 5600 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll
20:39:56.0874 5600 RasMan - ok
20:39:56.0874 5600 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:39:56.0921 5600 RasPppoe - ok
20:39:57.0061 5600 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:39:57.0092 5600 RasSstp - ok
20:39:57.0108 5600 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:39:57.0139 5600 rdbss - ok
20:39:57.0155 5600 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:39:57.0170 5600 rdpbus - ok
20:39:57.0170 5600 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:39:57.0311 5600 RDPCDD - ok
20:39:57.0373 5600 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:39:57.0420 5600 RDPENCDD - ok
20:39:57.0420 5600 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:39:57.0513 5600 RDPREFMP - ok
20:39:57.0638 5600 [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:39:57.0669 5600 RDPWD - ok
20:39:57.0794 5600 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:39:57.0810 5600 rdyboost - ok
20:39:58.0106 5600 [ 2063D6B51FD874E67502B31A9FDBA685 ] Recovery Service for Windows C:\Program Files\SMINST\BLService.exe
20:39:58.0137 5600 Recovery Service for Windows - ok
20:39:58.0325 5600 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
20:39:58.0387 5600 RemoteAccess - ok
20:39:58.0481 5600 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:39:58.0527 5600 RemoteRegistry - ok
20:39:58.0668 5600 [ 498EB62A160674E793FA40FD65390625 ] RichVideo C:\Program Files\CyberLink\Shared files\RichVideo.exe
20:39:58.0699 5600 RichVideo - ok
20:39:58.0777 5600 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:39:58.0839 5600 RpcEptMapper - ok
20:39:58.0886 5600 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
20:39:58.0933 5600 RpcLocator - ok
20:39:58.0964 5600 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll
20:39:58.0995 5600 RpcSs - ok
20:39:59.0151 5600 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:39:59.0245 5600 rspndr - ok
20:39:59.0370 5600 [ 5163F804256DEB8CF1EF64B780A18CAA ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
20:39:59.0432 5600 RTL8169 - ok
20:39:59.0541 5600 [ 2B7DA5A2D2C4AAE01098D910007EDAC5 ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
20:39:59.0573 5600 RTSTOR - ok
20:39:59.0619 5600 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs C:\Windows\system32\lsass.exe
20:39:59.0651 5600 SamSs - ok
20:39:59.0744 5600 [ E17FE33C703FFBE1A0AF66B9DCF49345 ] Samsung UPD Service2 C:\Windows\System32\SUPDSvc2.exe
20:39:59.0775 5600 Samsung UPD Service2 ( UnsignedFile.Multi.Generic ) - warning
20:39:59.0775 5600 Samsung UPD Service2 - detected UnsignedFile.Multi.Generic (1)
20:39:59.0822 5600 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
20:39:59.0838 5600 sbp2port - ok
20:40:00.0384 5600 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
20:40:00.0446 5600 SBSDWSCService - ok
20:40:00.0618 5600 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:40:00.0680 5600 SCardSvr - ok
20:40:00.0727 5600 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:40:00.0789 5600 scfilter - ok
20:40:01.0023 5600 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\Windows\system32\schedsvc.dll
20:40:01.0117 5600 Schedule - ok
20:40:01.0195 5600 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll
20:40:01.0242 5600 SCPolicySvc - ok
20:40:01.0351 5600 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:40:01.0382 5600 SDRSVC - ok
20:40:01.0507 5600 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:40:01.0663 5600 secdrv - ok
20:40:01.0866 5600 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
20:40:02.0115 5600 seclogon - ok
20:40:02.0162 5600 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
20:40:02.0209 5600 SENS - ok
20:40:02.0287 5600 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:40:02.0474 5600 SensrSvc - ok
20:40:02.0537 5600 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:40:02.0677 5600 Serenum - ok
20:40:02.0942 5600 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:40:02.0973 5600 Serial - ok
20:40:02.0973 5600 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:40:02.0989 5600 sermouse - ok
20:40:03.0051 5600 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll
20:40:03.0114 5600 SessionEnv - ok
20:40:03.0114 5600 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
20:40:03.0161 5600 sffdisk - ok
20:40:03.0207 5600 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
20:40:03.0270 5600 sffp_mmc - ok
20:40:03.0285 5600 [ 4F1E5B0FE7C8050668DBFADE8999AEFB ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
20:40:03.0395 5600 sffp_sd - ok
20:40:03.0582 5600 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:40:03.0738 5600 sfloppy - ok
20:40:03.0831 5600 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:40:03.0894 5600 SharedAccess - ok
20:40:03.0956 5600 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:40:04.0003 5600 ShellHWDetection - ok
20:40:04.0019 5600 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys
20:40:04.0034 5600 sisagp - ok
20:40:04.0050 5600 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:40:04.0065 5600 SiSRaid2 - ok
20:40:04.0190 5600 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:40:04.0221 5600 SiSRaid4 - ok
20:40:04.0346 5600 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
20:40:04.0377 5600 SkypeUpdate - ok
20:40:04.0409 5600 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:40:04.0455 5600 Smb - ok
20:40:04.0518 5600 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:40:04.0565 5600 SNMPTRAP - ok
20:40:04.0565 5600 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
20:40:04.0580 5600 spldr - ok
20:40:04.0721 5600 [ E17323B0AA9FB3FF9945731D736EDA2F ] Spooler C:\Windows\System32\spoolsv.exe
20:40:04.0908 5600 Spooler - ok
20:40:05.0064 5600 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe
20:40:05.0142 5600 sppsvc - ok
20:40:05.0157 5600 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:40:05.0220 5600 sppuinotify - ok
20:40:05.0298 5600 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:40:05.0516 5600 srv - ok
20:40:05.0641 5600 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:40:05.0672 5600 srv2 - ok
20:40:05.0766 5600 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:40:05.0797 5600 srvnet - ok
20:40:05.0906 5600 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:40:05.0969 5600 SSDPSRV - ok
20:40:06.0000 5600 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:40:06.0031 5600 SstpSvc - ok
20:40:06.0203 5600 [ B56EE2666F0B6019B6206FB3664BAF03 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_55dec32c4954532c\STacSV.exe
20:40:06.0234 5600 STacSV - ok
20:40:06.0312 5600 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:40:06.0343 5600 stexstor - ok
20:40:06.0452 5600 [ 5D09E4934BC269C93EBE7C96E34AA8EE ] STHDA C:\Windows\system32\DRIVERS\stwrt.sys
20:40:06.0499 5600 STHDA - ok
20:40:06.0639 5600 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll
20:40:06.0811 5600 StiSvc - ok
20:40:06.0858 5600 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:40:06.0889 5600 swenum - ok
20:40:06.0983 5600 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
20:40:07.0029 5600 swprv - ok
20:40:07.0123 5600 [ AEE6E411A915F50101895BA8DC5C15D4 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
20:40:07.0154 5600 SynTP - ok
20:40:07.0217 5600 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll
20:40:07.0263 5600 SysMain - ok
20:40:07.0279 5600 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:40:07.0310 5600 TabletInputService - ok
20:40:07.0373 5600 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll
20:40:07.0435 5600 TapiSrv - ok
20:40:07.0451 5600 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
20:40:07.0497 5600 TBS - ok
20:40:07.0607 5600 [ 55E9965552741F3850CB22CBBA9671ED ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:40:07.0669 5600 Tcpip - ok
20:40:07.0716 5600 [ 55E9965552741F3850CB22CBBA9671ED ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:40:07.0747 5600 TCPIP6 - ok
20:40:07.0841 5600 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:40:08.0012 5600 tcpipreg - ok
20:40:08.0043 5600 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:40:08.0090 5600 TDPIPE - ok
20:40:08.0168 5600 [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:40:08.0215 5600 TDTCP - ok
20:40:08.0262 5600 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:40:08.0324 5600 tdx - ok
20:40:08.0465 5600 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:40:08.0496 5600 TermDD - ok
20:40:08.0652 5600 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll
20:40:08.0730 5600 TermService - ok
20:40:08.0777 5600 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
20:40:08.0792 5600 Themes - ok
20:40:08.0808 5600 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
20:40:08.0839 5600 THREADORDER - ok
20:40:08.0886 5600 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
20:40:08.0933 5600 TrkWks - ok
20:40:09.0089 5600 [ 113384367C3999E084FE156B18C7625E ] TrojanKillerDriver C:\Windows\system32\DRIVERS\gtkdrv.sys
20:40:09.0120 5600 TrojanKillerDriver - ok
20:40:09.0276 5600 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:40:09.0307 5600 TrustedInstaller - ok
20:40:09.0323 5600 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:40:09.0369 5600 tssecsrv - ok
20:40:09.0525 5600 [ 0E704BD455B6B888B6856EEE8F1BBE45 ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
20:40:09.0572 5600 TuneUp.UtilitiesSvc - ok
20:40:09.0635 5600 [ F2107C9D85EC0DF116939CCCE06AE697 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
20:40:09.0666 5600 TuneUpUtilitiesDrv - ok
20:40:09.0713 5600 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:40:09.0759 5600 tunnel - ok
20:40:09.0853 5600 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:40:09.0884 5600 uagp35 - ok
20:40:09.0884 5600 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:40:10.0056 5600 udfs - ok
20:40:10.0165 5600 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:40:10.0212 5600 UI0Detect - ok
20:40:10.0243 5600 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
20:40:10.0259 5600 uliagpkx - ok
20:40:10.0352 5600 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:40:10.0383 5600 umbus - ok
20:40:10.0446 5600 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:40:10.0493 5600 UmPass - ok
20:40:10.0617 5600 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
20:40:10.0805 5600 upnphost - ok
20:40:10.0961 5600 [ C31AE588E403042632DC796CF09E30B0 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:40:11.0054 5600 usbccgp - ok
20:40:11.0179 5600 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
20:40:11.0210 5600 usbcir - ok
20:40:11.0226 5600 [ E4C436D914768CE965D5E659BA7EEBD8 ] usbehci C:\Windows\system32\drivers\usbehci.sys
20:40:11.0273 5600 usbehci - ok
20:40:11.0429 5600 [ BDCD7156EC37448F08633FD899823620 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:40:11.0460 5600 usbhub - ok
20:40:11.0507 5600 [ EB2D819A639015253C871CDA09D91D58 ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:40:11.0616 5600 usbohci - ok
20:40:11.0741 5600 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:40:11.0803 5600 usbprint - ok
20:40:11.0803 5600 [ 1C4287739A93594E57E2A9E6A3ED7353 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:40:11.0881 5600 USBSTOR - ok
20:40:12.0037 5600 [ 22480BF4E5A09192E5E30BA4DDE79FA4 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
20:40:12.0068 5600 usbuhci - ok
20:40:12.0177 5600 [ B5F6A992D996282B7FAE7048E50AF83A ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
20:40:12.0240 5600 usbvideo - ok
20:40:12.0349 5600 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
20:40:12.0489 5600 UxSms - ok
20:40:12.0521 5600 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc C:\Windows\system32\lsass.exe
20:40:12.0536 5600 VaultSvc - ok
20:40:12.0677 5600 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
20:40:12.0708 5600 vdrvroot - ok
20:40:12.0739 5600 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe
20:40:12.0879 5600 vds - ok
20:40:12.0895 5600 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:40:12.0911 5600 vga - ok
20:40:12.0926 5600 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
20:40:12.0957 5600 VgaSave - ok
20:40:13.0082 5600 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
20:40:13.0113 5600 vhdmp - ok
20:40:13.0238 5600 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys
20:40:13.0269 5600 viaagp - ok
20:40:13.0301 5600 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
20:40:13.0316 5600 ViaC7 - ok
20:40:13.0332 5600 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\DRIVERS\viaide.sys
20:40:13.0347 5600 viaide - ok
20:40:13.0363 5600 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
20:40:13.0379 5600 volmgr - ok
20:40:13.0457 5600 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:40:13.0503 5600 volmgrx - ok
20:40:13.0550 5600 [ 59F06B4968E58BC83DFC56CA4517960E ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:40:13.0566 5600 volsnap - ok
20:40:13.0800 5600 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:40:13.0847 5600 vsmraid - ok
20:40:14.0127 5600 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe
20:40:14.0174 5600 VSS - ok
20:40:14.0190 5600 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
20:40:14.0299 5600 vwifibus - ok
20:40:14.0361 5600 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:40:14.0408 5600 vwififlt - ok
20:40:14.0424 5600 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
20:40:14.0471 5600 W32Time - ok
20:40:14.0471 5600 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:40:14.0486 5600 WacomPen - ok
20:40:14.0502 5600 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:40:14.0580 5600 WANARP - ok
20:40:14.0580 5600 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:40:14.0611 5600 Wanarpv6 - ok
20:40:14.0783 5600 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe
20:40:14.0845 5600 wbengine - ok
20:40:14.0845 5600 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:40:14.0985 5600 WbioSrvc - ok
20:40:15.0126 5600 [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:40:15.0173 5600 wcncsvc - ok
20:40:15.0235 5600 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:40:15.0266 5600 WcsPlugInService - ok
20:40:15.0297 5600 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:40:15.0297 5600 Wd - ok
20:40:15.0500 5600 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:40:15.0547 5600 Wdf01000 - ok
20:40:15.0687 5600 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:40:15.0828 5600 WdiServiceHost - ok
20:40:15.0843 5600 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:40:15.0875 5600 WdiSystemHost - ok
20:40:16.0062 5600 [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient C:\Windows\System32\webclnt.dll
20:40:16.0187 5600 WebClient - ok
20:40:16.0374 5600 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:40:16.0561 5600 Wecsvc - ok
20:40:16.0717 5600 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:40:16.0920 5600 wercplsupport - ok
20:40:16.0982 5600 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
20:40:17.0013 5600 WerSvc - ok
20:40:17.0154 5600 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:40:17.0294 5600 WfpLwf - ok
20:40:17.0310 5600 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:40:17.0325 5600 WIMMount - ok
20:40:17.0450 5600 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
20:40:17.0497 5600 WinDefend - ok
20:40:17.0513 5600 WinHttpAutoProxySvc - ok
20:40:17.0700 5600 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:40:17.0778 5600 Winmgmt - ok
20:40:17.0871 5600 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll
20:40:17.0949 5600 WinRM - ok
20:40:18.0090 5600 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:40:18.0230 5600 Wlansvc - ok
20:40:18.0308 5600 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
20:40:18.0433 5600 WmiAcpi - ok
20:40:18.0542 5600 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:40:18.0573 5600 wmiApSrv - ok
20:40:18.0683 5600 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
20:40:18.0745 5600 WMPNetworkSvc - ok
20:40:18.0807 5600 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:40:18.0839 5600 WPCSvc - ok
20:40:18.0870 5600 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:40:18.0885 5600 WPDBusEnum - ok
20:40:19.0104 5600 WPFFontCache_v0400 - ok
20:40:19.0166 5600 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:40:19.0322 5600 ws2ifsl - ok
20:40:19.0385 5600 [ A661A76333057B383A06E65F0073222F ] wscsvc C:\Windows\System32\wscsvc.dll
20:40:19.0431 5600 wscsvc - ok
20:40:19.0431 5600 WSearch - ok
20:40:19.0603 5600 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
20:40:19.0681 5600 wuauserv - ok
20:40:19.0712 5600 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:40:19.0743 5600 WudfPf - ok
20:40:19.0915 5600 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:40:20.0009 5600 WUDFRd - ok
20:40:20.0087 5600 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:40:20.0133 5600 wudfsvc - ok
20:40:20.0196 5600 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
20:40:20.0243 5600 WwanSvc - ok
20:40:20.0289 5600 ================ Scan global ===============================
20:40:20.0367 5600 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
20:40:20.0445 5600 [ A9E43C040F405DB689FC29534EF0389B ] C:\Windows\system32\winsrv.dll
20:40:20.0461 5600 [ A9E43C040F405DB689FC29534EF0389B ] C:\Windows\system32\winsrv.dll
20:40:20.0523 5600 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
20:40:20.0570 5600 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
20:40:20.0570 5600 [Global] - ok
20:40:20.0570 5600 ================ Scan MBR ==================================
20:40:20.0664 5600 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:40:21.0475 5600 \Device\Harddisk0\DR0 - ok
20:40:21.0475 5600 ================ Scan VBR ==================================
20:40:21.0569 5600 [ B2212B6D86AE4E1B299038273048A0C3 ] \Device\Harddisk0\DR0\Partition1
20:40:21.0569 5600 \Device\Harddisk0\DR0\Partition1 - ok
20:40:21.0615 5600 [ 2139BF53508EA70DB615EB9B671E7DD3 ] \Device\Harddisk0\DR0\Partition2
20:40:21.0615 5600 \Device\Harddisk0\DR0\Partition2 - ok
20:40:21.0615 5600 ============================================================
20:40:21.0615 5600 Scan finished
20:40:21.0615 5600 ============================================================
20:40:21.0631 5568 Detected object count: 14
20:40:21.0631 5568 Actual detected object count: 14
20:40:33.0846 5568 acedrv01 ( UnsignedFile.Multi.Generic ) - skipped by user
20:40:33.0846 5568 acedrv01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:40:33.0846 5568 acedrv02 ( UnsignedFile.Multi.Generic ) - skipped by user
20:40:33.0846 5568 acedrv02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:40:33.0846 5568 acedrv03 ( UnsignedFile.Multi.Generic ) - skipped by user
20:40:33.0846 5568 acedrv03 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:40:33.0846 5568 acedrv04 ( UnsignedFile.Multi.Generic ) - skipped by user
20:40:33.0846 5568 acedrv04 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:40:33.0846 5568 acedrv05 ( UnsignedFile.Multi.Generic ) - skipped by user
20:40:33.0846 5568 acedrv05 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:40:33.0846 5568 acedrv06 ( UnsignedFile.Multi.Generic ) - skipped by user
20:40:33.0846 5568 acedrv06 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:40:33.0861 5568 acedrv07 ( UnsignedFile.Multi.Generic ) - skipped by user
20:40:33.0861 5568 acedrv07 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:40:33.0861 5568 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
20:40:33.0861 5568 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:40:33.0861 5568 DCService.exe ( UnsignedFile.Multi.Generic ) - skipped by user
20:40:33.0861 5568 DCService.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:40:33.0861 5568 ezSharedSvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:40:33.0861 5568 ezSharedSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:40:33.0861 5568 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:40:33.0861 5568 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:40:33.0861 5568 hpqwmiex ( UnsignedFile.Multi.Generic ) - skipped by user
20:40:33.0861 5568 hpqwmiex ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:40:33.0877 5568 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
20:40:33.0877 5568 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:40:33.0877 5568 Samsung UPD Service2 ( UnsignedFile.Multi.Generic ) - skipped by user
20:40:33.0877 5568 Samsung UPD Service2 ( UnsignedFile.Multi.Generic ) - User select action: Skip

Alt 14.12.2012, 20:46   #8
markusg
/// Malware-holic
 
Trojan Speyeyes und Rogue.Live Sexurity Platinum gefunden - Standard

Trojan Speyeyes und Rogue.Live Sexurity Platinum gefunden



hi,
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 14.12.2012, 21:20   #9
kartoffelken
 
Trojan Speyeyes und Rogue.Live Sexurity Platinum gefunden - Standard

Trojan Speyeyes und Rogue.Live Sexurity Platinum gefunden



Puh, das hat lange gedauert.

Code:
ATTFilter
ComboFix 12-12-14.01 - *** 14.12.2012  20:52:44.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3069.2121 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-14 bis 2012-12-14  ))))))))))))))))))))))))))))))
.
.
2012-12-14 20:07 . 2012-12-14 20:07	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-14 19:59 . 2012-12-14 19:59	60872	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{387F0AED-66B4-41D7-811D-F60B9D94EE41}\offreg.dll
2012-12-14 18:11 . 2012-12-14 18:11	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2012-12-14 18:11 . 2012-12-14 18:11	--------	d-----w-	c:\programdata\Malwarebytes
2012-12-14 18:11 . 2012-12-14 18:11	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-12-14 18:11 . 2012-09-29 18:54	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-12-14 13:05 . 2012-11-19 00:04	6812136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{387F0AED-66B4-41D7-811D-F60B9D94EE41}\mpengine.dll
2012-12-13 10:15 . 2012-11-02 04:48	376832	----a-w-	c:\windows\system32\dpnet.dll
2012-12-12 16:10 . 2012-12-12 16:10	--------	d-----w-	c:\program files\Microsoft Silverlight
2012-12-11 17:04 . 2012-12-11 17:04	--------	d-----w-	c:\users\***\AppData\Roaming\AVG2013
2012-12-11 16:59 . 2012-12-11 17:02	--------	d-----w-	c:\programdata\AVG2013
2012-12-11 16:56 . 2012-12-11 18:09	--------	d-----w-	c:\users\***\AppData\Local\Avg2013
2012-12-11 16:56 . 2012-12-11 16:56	--------	d-----w-	c:\users\***\AppData\Local\MFAData
2012-11-27 19:04 . 2012-11-27 19:04	--------	d-----w-	c:\programdata\Babylon
2012-11-27 19:04 . 2012-11-27 19:04	--------	d-----w-	c:\users\***\AppData\Roaming\Babylon
2012-11-27 19:04 . 2012-11-27 19:04	--------	d-----w-	c:\programdata\Tarma Installer
2012-11-27 19:03 . 2012-11-27 19:04	--------	d-----w-	c:\program files\File Scout
2012-11-27 18:58 . 2012-11-27 18:58	--------	d-----w-	c:\program files\Gophoto.it
2012-11-27 18:58 . 2012-12-03 07:33	--------	d-----w-	c:\program files\ATDheNetTVApp.com
2012-11-15 17:25 . 2012-07-26 03:39	47720	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2012-11-15 17:25 . 2012-07-26 03:39	526952	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2012-11-15 17:25 . 2012-07-26 02:46	9728	----a-w-	c:\windows\system32\Wdfres.dll
2012-11-15 17:13 . 2012-07-26 02:33	66560	----a-w-	c:\windows\system32\drivers\WUDFPf.sys
2012-11-15 17:13 . 2012-07-26 02:32	155136	----a-w-	c:\windows\system32\drivers\WUDFRd.sys
2012-11-15 17:13 . 2012-07-26 03:20	73216	----a-w-	c:\windows\system32\WUDFSvc.dll
2012-11-15 17:13 . 2012-07-26 03:20	172032	----a-w-	c:\windows\system32\WUDFPlatform.dll
2012-11-15 17:13 . 2012-07-26 03:20	38912	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
2012-11-15 17:13 . 2012-07-26 03:21	196608	----a-w-	c:\windows\system32\WUDFHost.exe
2012-11-15 17:13 . 2012-07-26 03:20	613888	----a-w-	c:\windows\system32\WUDFx.dll
2012-11-15 10:32 . 2012-09-25 21:55	78336	----a-w-	c:\windows\system32\synceng.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 13:47 . 2012-06-03 14:24	697272	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-12-12 13:47 . 2011-09-15 15:05	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-12 16:18 . 2012-11-06 18:48	100453	----a-w-	c:\windows\system32\~.tmp
2012-10-22 12:02 . 2012-10-22 12:02	179936	----a-w-	c:\windows\system32\drivers\avgidsdriverx.sys
2012-10-16 20:34 . 2012-11-28 14:26	559104	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-10-15 02:48 . 2012-10-15 02:48	55776	----a-w-	c:\windows\system32\drivers\avgidshx.sys
2012-10-12 06:34 . 2012-11-12 17:30	86528	----a-w-	c:\windows\system32\pdfcmon.dll
2012-10-05 02:32 . 2012-10-05 02:32	93536	----a-w-	c:\windows\system32\drivers\avgmfx86.sys
2012-10-02 02:30 . 2012-10-02 02:30	159712	----a-w-	c:\windows\system32\drivers\avgldx86.sys
2012-09-21 02:46 . 2012-09-21 02:46	164832	----a-w-	c:\windows\system32\drivers\avgtdix.sys
2012-09-21 02:46 . 2012-09-21 02:46	177376	----a-w-	c:\windows\system32\drivers\avglogx.sys
2012-09-21 02:45 . 2012-09-21 02:45	19936	----a-w-	c:\windows\system32\drivers\avgidsshimx.sys
2012-12-07 10:10 . 2012-12-07 10:10	262112	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-11-08 15:58	556056	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-11-08 15:58	556056	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-11-08 15:58	556056	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-11-08 15:58	556056	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-01-20 483420]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 92704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-04 1410344]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-23 468264]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-12-24 210216]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-11-06 3143800]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{08B785C1-3893-4154-B53B-F5D341D0AAAA}\Icon3E5562ED7.ico [2009-11-17 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [x]
R2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [x]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [x]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [x]
R3 Samsung UPD Service2;Samsung UPD Service2;c:\windows\System32\SUPDSvc2.exe [x]
R3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\DRIVERS\gtkdrv.sys [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S2 acedrv01;acedrv01;c:\windows\system32\drivers\acedrv01.sys [x]
S2 acedrv02;acedrv02;c:\windows\system32\drivers\acedrv02.sys [x]
S2 acedrv03;acedrv03;c:\windows\system32\drivers\acedrv03.sys [x]
S2 acedrv04;acedrv04;c:\windows\system32\drivers\acedrv04.sys [x]
S2 acedrv06;acedrv06;c:\windows\system32\drivers\acedrv06.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_55dec32c4954532c\aestsrv.exe [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [x]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 56551791
*Deregistered* - 56551791
*Deregistered* - AVGIDSFilter
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-03 13:48]
.
2012-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-03 14:52]
.
2012-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-03 14:52]
.
2012-12-11 c:\windows\Tasks\HPCeeScheduleFor***.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-02-28 10:34]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.delta-search.com/?affID=117116&tt=261112_yh_4812_3&babsrc=HP_ss&mntrId=7c0d487600000000000000242c2e0a08
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb
IE: &AOL Toolbar-Suche
IE: Alles mit FDM herunterladen - file://c:\program files\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\program files\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files\Free Download Manager\dllink.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Videos mit FDM herunterladen - file://c:\program files\Free Download Manager\dlfvideo.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\xn5poxzs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.spiegel.de/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-11-27 19:58; freehdsport@freehdsport.tv; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\xn5poxzs.default\extensions\freehdsport@freehdsport.tv.xpi
FF - ExtSQL: !HIDDEN! 2009-10-01 17:54; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: extensions.delta.tlbrSrchUrl - 
FF - user.js: extensions.delta.id - 7c0d487600000000000000242c2e0a08
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15671
FF - user.js: extensions.delta.vrsn - 1.8.4.1
FF - user.js: extensions.delta.vrsni - 1.8.4.1
FF - user.js: extensions.delta_i.vrsnTs - 1.8.4.120:04
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta_i.smplGrp - none
FF - user.js: extensions.delta.tlbrId - irhnew
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta_i.excTlbr - false
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.admin - false
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-14  21:17:19
ComboFix-quarantined-files.txt  2012-12-14 20:17
.
Vor Suchlauf: 8 Verzeichnis(se), 106.147.463.168 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 106.127.507.456 Bytes frei
.
- - End Of File - - B7B039578427B6EB31E6810209589ECD
         

Alt 14.12.2012, 21:51   #10
markusg
/// Malware-holic
 
Trojan Speyeyes und Rogue.Live Sexurity Platinum gefunden - Standard

Trojan Speyeyes und Rogue.Live Sexurity Platinum gefunden



Hi
kannst du mal in AVG schauen, ob du Fundmeldungen findest, und die posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 14.12.2012, 23:33   #11
kartoffelken
 
Trojan Speyeyes und Rogue.Live Sexurity Platinum gefunden - Standard

Trojan Speyeyes und Rogue.Live Sexurity Platinum gefunden



Ich hab jetzt einmal avg durchlaufen lassen und der hat nix gefunden.
Hab aber grad gesehen, dass damit vermutlich AVG zero.Access Remover gemeint war, das mach ich eben nochmal.

Geändert von kartoffelken (14.12.2012 um 23:39 Uhr)

Alt 15.12.2012, 16:05   #12
markusg
/// Malware-holic
 
Trojan Speyeyes und Rogue.Live Sexurity Platinum gefunden - Standard

Trojan Speyeyes und Rogue.Live Sexurity Platinum gefunden



Hi
Ich wollte das du guckst, ob AVG in der Vergangenheit Funde gemacht hatt, und wenn ja, wo und was?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 16.12.2012, 13:58   #13
kartoffelken
 
Trojan Speyeyes und Rogue.Live Sexurity Platinum gefunden - Standard

Trojan Speyeyes und Rogue.Live Sexurity Platinum gefunden



Hej,
Magst du mir erklären, wie ich das mache?
Lieben gruß!

Alt 16.12.2012, 17:06   #14
markusg
/// Malware-holic
 
Trojan Speyeyes und Rogue.Live Sexurity Platinum gefunden - Standard

Trojan Speyeyes und Rogue.Live Sexurity Platinum gefunden



Kann ich dir leider nicht genau Sagen, aber es gibt sicher einen Punkt wie Berichte, oder Ereignisse etc.
Oder in der Quarantäne gucken, ob es Fundmeldungen gab.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 18.12.2012, 20:56   #15
kartoffelken
 
Trojan Speyeyes und Rogue.Live Sexurity Platinum gefunden - Standard

Trojan Speyeyes und Rogue.Live Sexurity Platinum gefunden



Ich hab weder in der Quarantäne noch in den Scanprotokollen irgendetwas gefunden.
Ist der PC jetzt wieder sauber? Ich hab nämlich immer noch diese merkwürdigen unterstrichenen Worte, die mich weiterleiten.

Antwort

Themen zu Trojan Speyeyes und Rogue.Live Sexurity Platinum gefunden
acedrv05.sys, anti, audiograbber, besser, computer, computern, dateien, einfach, einlesen, filescout.exe, free download, gefunde, gophoto, install.exe, intranet, klick, langsamer, laptop, launch, malwarebytes, office 2007, platinum, plug-in, quarantäne, runtergeladen, safer networking, sinnvoll, spanisch, tagen, tarma, texte, troja, trojan, unterstrichen, usb 2.0, voll, weitergehen, wildtangent games, worte, worte unterstrichen, überhaupt



Ähnliche Themen: Trojan Speyeyes und Rogue.Live Sexurity Platinum gefunden


  1. Antivirenprogramm hat Malware und (trojan) TR/Rogue.693248.2 gefunden
    Log-Analyse und Auswertung - 07.12.2014 (23)
  2. Live Security Platinum
    Log-Analyse und Auswertung - 28.09.2012 (8)
  3. Live Security Platinum
    Log-Analyse und Auswertung - 24.09.2012 (16)
  4. Live Security Platinum
    Plagegeister aller Art und deren Bekämpfung - 23.09.2012 (1)
  5. Live Security Platinum 3.6.1
    Plagegeister aller Art und deren Bekämpfung - 05.09.2012 (19)
  6. Live Security Platinum
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (3)
  7. Live Security Platinum (zum x-ten)
    Plagegeister aller Art und deren Bekämpfung - 03.09.2012 (21)
  8. live security platinum
    Plagegeister aller Art und deren Bekämpfung - 11.08.2012 (23)
  9. Live Security Platinum
    Plagegeister aller Art und deren Bekämpfung - 10.08.2012 (6)
  10. Live Security Platinum
    Log-Analyse und Auswertung - 06.08.2012 (1)
  11. Life Security Platinum-Virus, TR/ATRAPS.Gen TR/ATRAPS2.Gen TR/Rogue.KD.684297.1 TR/Fakealert.uro
    Log-Analyse und Auswertung - 05.08.2012 (1)
  12. Live Security Platinum
    Log-Analyse und Auswertung - 04.08.2012 (5)
  13. Live Security Platinum
    Log-Analyse und Auswertung - 01.08.2012 (1)
  14. Live Security Platinum
    Plagegeister aller Art und deren Bekämpfung - 17.07.2012 (1)
  15. TR/ATRAPS.Gen , TR/ATRAPS.Gen2 und Live Security Platinum gefunden
    Plagegeister aller Art und deren Bekämpfung - 12.07.2012 (3)
  16. live security platinum
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (1)
  17. Verseucht - Windows läuft kaum noch. Rogue.FakeHDD; Trojan.FakeMS; Rogue.AntiMalware; Trojan.Agent
    Log-Analyse und Auswertung - 08.06.2011 (22)

Zum Thema Trojan Speyeyes und Rogue.Live Sexurity Platinum gefunden - Hallo! Der Laptop meines Freundes schien in letzter Zeit deutlich langsamer als sonst und zeigte seit ein paar Tagen in manchen Texten worte unterstrichen an und leitete, wenn man sie - Trojan Speyeyes und Rogue.Live Sexurity Platinum gefunden...
Archiv
Du betrachtest: Trojan Speyeyes und Rogue.Live Sexurity Platinum gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.