| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner (Paysafe)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
10.01.2013, 19:12
| #1 |
 |  GVU Trojaner (Paysafe) Hallo zusammen, mein Sohn hat ebenfalls einen GVU Trojaner eingefangen. Bin als Laie leider hilflos. Ich führe vorsorglich einen OTL Scan durch, das sollte Euch hoffentlich helfen. Log Files folgen. Besten Dank! Extras.txt (Bemerkung: Computername wurde durch "***" ersetzt) Code:
ATTFilter OTL Extras logfile created on: 10.01.2013 18:52:30 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\mhvn\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,86 Gb Total Physical Memory | 3,34 Gb Available Physical Memory | 86,51% Memory free
7,71 Gb Paging File | 7,22 Gb Available in Paging File | 93,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,14 Gb Total Space | 368,03 Gb Free Space | 80,86% Space Free | Partition Type: NTFS
Drive F: | 25,28 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: *** | User Name: mhvn | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09004233-493A-4391-97B7-A5BFFF6E5283}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{0DC75824-3410-422E-A760-803797C33EA8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0E7F8796-4E6B-4E37-BCE0-5A28E72E8054}" = rport=139 | protocol=6 | dir=out | app=system |
"{1642CD04-4273-4E91-AFE5-BF7B9C6D8EC2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1D5B1A97-7D34-498F-A303-39926F9EC566}" = lport=2869 | protocol=6 | dir=in | app=system |
"{34163EB3-6137-4E95-BA14-1D664F1A516E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{395236C8-4694-4F19-A494-8F54DF075B6D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{44828939-5D1A-445B-A5C6-C0AEFC8EF663}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4ECC9ED0-3CCA-44D6-B087-458774D6EF55}" = rport=137 | protocol=17 | dir=out | app=system |
"{65439844-A82D-42B6-B71D-1D01728A5B13}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{68EDBEC1-3871-4D9B-8BD4-BE7CF521B746}" = rport=445 | protocol=6 | dir=out | app=system |
"{6C74A607-2B2C-4F0A-B469-D1384BFFCD92}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7B0F2EC1-F06E-4A0B-BFA0-B0C4D013E02C}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{7F62626A-CED3-4E33-BDC8-1EF401F9C0C9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{9178E245-2DFC-4EE4-8700-F26BEE7947AA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{96CC450D-375F-4FCB-860D-6635C8BC1FE7}" = lport=139 | protocol=6 | dir=in | app=system |
"{AC173001-99E7-4C08-8B1A-E9440D7A7F3C}" = lport=138 | protocol=17 | dir=in | app=system |
"{C0493D8A-1EFD-49DF-9278-BA96E0BE5CCA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C430DA4C-0FEE-4E8E-94DF-E3AE2994BFB2}" = lport=445 | protocol=6 | dir=in | app=system |
"{D0A2711B-CCE2-4AF6-A92B-CC33B2845B60}" = lport=137 | protocol=17 | dir=in | app=system |
"{D1611589-C7DF-4A6F-A86A-1952F2FC944F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D8883483-3B1F-494D-98B7-CD6B3BBFA3EF}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DD9CD87C-D453-491B-A5A8-6F3D9750F85E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EBF0C405-2D63-4D48-AC29-625DDDD13BBF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EFD93783-ED33-4C97-8124-151C739135EA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F0FC202A-E0D6-4403-BABE-57F4F51DE8F6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FB7D33D2-09E5-4E13-9691-25BCE252121C}" = rport=138 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C8542B-4323-4D1E-9358-C86E18D21AAB}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{05012BC2-6B21-477C-BB81-94A8978B43D2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0ADD05D5-7067-47FB-98EE-79326791CDD8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{0C09BE28-5523-4FDC-9843-A346C37E3252}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{19EBD1A5-AC35-4069-9DC7-9535F5275540}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1CB9AEAA-770D-4B42-A54B-C55F34AB7258}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{227ABC54-C6A9-4E03-A49E-641BE61E926D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2A8B0230-9393-4C16-9727-07C8AD9C4C70}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{2FA0060E-AB71-43E3-BA0E-2889EC7F4C38}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3577882B-4B8E-4DFE-9346-E91C6873C5B2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{37012B81-9826-424B-8AC1-3D91FD3CA795}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{385DACF6-3D18-4F69-B680-67DAC6E038BE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{3F0B848C-48E7-4B9C-BD20-73F909071B3B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{43C7D522-225B-414B-96F0-CB8FBC6E079F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{509517E3-7CA8-43E4-9E4E-D0F092490525}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5B75F2BB-75E3-4EE0-A7B4-55C91634E6EB}" = protocol=6 | dir=out | app=system |
"{66BE2433-71E1-45AE-B51D-B11F34AAC8C7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{729487D3-B8A0-4752-8F0F-A0E47FF2F4B3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{74B25970-CFF8-4137-89E9-AB88E19AD83B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{77A5272B-EC41-4635-A6A6-5C449F7ECA49}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{8939FBEC-160B-4971-ACFF-D12B33560586}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{92BCB5C6-9C23-4419-AC44-E2CBDED930D3}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{96972D2D-1870-4C9B-9C86-AE5E719539F8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9C1C9756-4F85-4587-A15B-ED2633EFE4F5}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A0027494-7D23-4921-91AF-D51F17DD26CD}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{A68ACA36-F44F-48F0-B341-0C912ECA7C35}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{AB2BEA9C-FC80-4CC5-8EF7-C11A927BB842}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AD1CA643-6A0B-4004-A04B-324F6AF68678}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{AE2A8701-8B4B-4402-8EB8-BF0DE93A6D13}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{B3B6E64C-B368-43E2-B8EA-F476FD34D2A1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{BD6C0C4E-6E86-41E3-BCC9-439E0B9C53EF}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{BEC02E12-C58E-449E-A916-4036EDB0DD9D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C33FC803-55D1-4278-AC22-3E0DAD72877E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C5CC4D10-3A3D-43DA-A308-7E77B86F9866}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C94C6DA0-9682-480E-A644-923CB13F8C64}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{C9AE18F7-162C-486C-BA75-79E96EACF17A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CC0012AF-DC92-44C6-99D3-FAF7D36F8C3A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CE002317-34BA-4B60-8E53-213DDA15EBDB}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{DF50FF3A-ADA7-47B3-B082-77C63E8504C9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F121F9B0-06B6-40E4-89F2-4A6056118189}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F2E17232-A9F5-4012-A2A4-82CFC0ACF335}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F97C6696-32F1-4F7E-BA73-2EAFEC9B34CF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FE716FA7-B9CB-4E78-B3BD-13ECEE32E2DD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{59FBCB12-6B52-4DD7-98FB-587AF58C04B1}C:\program files (x86)\ws_ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ws_ftp\ws_ftp95.exe |
"TCP Query User{89D0F67C-B787-4389-B9BB-20AB9D299665}C:\windows\syswow64\ipcamera.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\ipcamera.exe |
"TCP Query User{E9F1491B-9359-461B-9138-B0685CF21657}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{F14F44AF-5FF4-4818-A1B8-8844D549D086}C:\windows\syswow64\ipcamera.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\ipcamera.exe |
"TCP Query User{F57D67BC-C65E-452B-BA85-A71F333A691E}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{FD75E862-D9C0-44A5-86D5-D57E3690B701}C:\program files (x86)\ws_ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ws_ftp\ws_ftp95.exe |
"UDP Query User{07FD7CBE-3ADE-4BD6-9A3C-0F06582E2CEE}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{14D70BCC-7145-4D52-A91D-E529E37D8AF7}C:\program files (x86)\ws_ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ws_ftp\ws_ftp95.exe |
"UDP Query User{387A098E-29AF-4CE6-90F3-0CC7B874DFB9}C:\windows\syswow64\ipcamera.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\ipcamera.exe |
"UDP Query User{4F3B04A0-788D-46E7-9A8E-1C8C42ADFBEF}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{5485F2AC-A3BC-41EF-A253-3E95E54248FA}C:\program files (x86)\ws_ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ws_ftp\ws_ftp95.exe |
"UDP Query User{EE490587-4831-4CF2-8FCB-E347B95DF82F}C:\windows\syswow64\ipcamera.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\ipcamera.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017739C5-708B-4F4F-BAD3-FA2FF5431E15}" = VAIO Content Metadata Manager Settings
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{11D25EF7-85FC-4B58-8278-485939C8637F}" = VAIO Update Merge Module x64
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E1746EF-F5BF-4677-8F30-04FE399130DA}" = HP Photosmart C4600 All-In-One Driver Software 14.0 Rel. 5
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{259FD439-13B0-0136-D0A0-FA89BB05831D}" = ccc-utility64
"{26A24AE4-039D-4CA4-87B4-2F86416016FF}" = Java(TM) 6 Update 16 (64-bit)
"{46261E1C-5E0D-484E-8CCC-7F770375FBA2}" = VU5x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5BC83141-83DD-07BE-C940-04B385540F04}" = ATI Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7C3AC18F-F19B-4082-8D13-7D603848E06C}" = VAIO Update Merge Module x64
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8CBBBC4D-B0B6-49DB-A421-98C65080D8EE}" = Eraser 6.0.7.1893
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64
"{A77A198F-B60B-481C-A645-64EE80849A12}" = VAIO Content Metadata Intelligent Network Service Manager
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2DAB009-8236-48A0-AD7F-E940F5AB1578}" = HP Photosmart Plus B209a-m All-in-One Driver Software 14.0 Rel. 6
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D506EFC9-08DF-47E4-A7BF-98305BE25250}" = VAIO Content Metadata XML Interface Library
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E743BA71-5955-420B-AA52-67508054AD66}" = VAIO Update Merge Module x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows-Treiberpaket - Nokia Modem (06/09/2010 4.5)
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"930E4792BDAEAFB62A9514EE7578775658A5D07C" = Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405)
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 2.8
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows-Treiberpaket - Nokia Modem (06/09/2010 7.01.0.7)
"HitmanPro37" = HitmanPro 3.7
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{00B03993-F5A1-47B1-9C54-EC8FBDDDE17E}" = VAIO Care
"{010237D8-8494-4E56-90CE-3194D3F521E6}" = VAIO Content Metadata Intelligent Network Service Manager
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07B7598E-1FB8-1A95-7A30-F534A55726B4}" = CCC Help Czech
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{159E5135-4BEA-52B7-8CDC-823F1ED6D8A5}" = CCC Help Spanish
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1CA3A991-B03D-4C92-9922-315E5434E87B}" = PS_AIO_05_C4600_Software_Min
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FD416D0-CC16-41D1-A25C-C9986CD8BBAB}" = VAIO Content Metadata Intelligent Analyzing Manager
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{208345BE-27BB-4367-B245-A5B6E764FDD0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{2110ECBD-BF15-4673-8852-8C68DDEB26AC}" = Media Gallery
"{21E548DE-0C2B-4843-8A7B-E69B4CF8BA33}" = VAIO Content Metadata Manager Settings
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = Einstellungen für VAIO-Inhaltsüberwachung
"{265F0D95-A883-7162-0458-B78085B6B693}" = Catalyst Control Center Graphics Light
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{27F9068F-27D3-42FF-BE10-94CC94F46F33}" = VAIO Content Metadata Manager Settings
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2F66901C-D9F2-4C83-9808-2DA0166265B6}" = VAIO Content Metadata Intelligent Network Service Manager
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34DC654E-6E43-4BFA-9E00-6C16CFA7B9F0}" = VAIO Data Restore Tool
"{35111E7A-03B9-25EC-F434-A1CD976907FC}" = CCC Help Chinese Traditional
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{427E8AD0-A4B1-D225-836E-CCB6068B490A}" = CCC Help French
"{44D25B45-5C0E-2187-6739-E2FA0E8AFE1D}" = CCC Help Portuguese
"{4882EBF5-CA37-4EF4-BCB8-9B0E78B907D0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3
"{4E6DF745-C99E-909F-BCF0-B7C24A51E56E}" = CCC Help Japanese
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5736590B-36C7-4881-5EBE-F9B390F00774}" = Catalyst Control Center Core Implementation
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A92468F-3ED8-4F96-A9E1-4F176C80EC29}" = VAIO Quick Web Access
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5D062554-2823-4205-ABBC-390AE5B72C45}" = VAIO Content Metadata Manager Settings
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen
"{61F569A3-1647-B6F4-08C8-40A011831827}" = CCC Help English
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{656FDFA4-C7C6-40D9-99F7-F6F331412AEF}" = WarrantyExtension
"{68249B7B-B714-11D7-88E8-0050DA21757E}" = Java 2 Runtime Environment Standard Edition 1.3.1_20
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A3F204B-323C-7E32-F890-A7308768728D}" = CCC Help Russian
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D8ED20E-E792-4DAC-BB66-009836CBD80B}" = VAIO Content Monitoring Settings
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7002773F-2A53-E9F2-E161-DB3DDA0F05BE}" = CCC Help Hungarian
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{76DECE17-BCF5-9640-2854-3CA049834A40}" = CCC Help Chinese Standard
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77077FFF-8831-470F-9627-E86F06A50CCD}" = Avery Wizard 3.1
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79C3D1B6-32CB-43DF-BA80-CE48E7A2D6C7}" = VAIO Content Metadata Intelligent Network Service Manager
"{7A63F0C4-6B2B-694C-ED72-D0670612BC29}" = CCC Help Swedish
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{7D1DDBF1-2948-4603-B06A-0E36487CC857}" = VAIO Content Metadata XML Interface Library
"{7D386596-0E80-4808-8AAE-C1DDA8212F7F}" = Adobe Setup
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" = VAIO Energie Verwaltung
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{88001121-87E2-2104-F9F5-ECC15DFCA1E0}" = Catalyst Control Center Graphics Full Existing
"{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = PMB VAIO Edition Guide
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EB34C0B-AF54-F265-844C-3E6FA9AE2FCD}" = CCC Help German
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91CA0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{935B5086-C002-0FBC-0723-5741D2478EE7}" = Catalyst Control Center InstallProxy
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{96D8E26D-70CB-44DE-AE50-43095A39E5B2}" = VAIO Entertainment Platform
"{9B163B82-3B46-4CE5-BF01-A53E550A8E58}" = Sony Home Network Library
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C73041C-AB71-995D-EEC7-B4E940F93F36}" = CCC Help Finnish
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA53D22-D922-494C-B1D7-51CD9BCB9E4A}" = VAIO Hardware Diagnostics
"{9E0E1E3B-229C-4CF9-8A39-4455477327E4}" = C4600
"{A158A7A4-495E-225F-E6A2-C8EC20B65DB7}" = svBuilder
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Funktion Einstellungen
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A8D53A4E-77A1-E23E-A396-6D9C86A2F273}" = Catalyst Control Center Graphics Full New
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A95187EF-BCF4-4468-B501-C0BAB976ADD1}" = VAIO Personalization Manager
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB259D46-F851-41B0-9AFA-AED8998AD68A}" = MusicStation
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1DADBEB-7F82-4B29-84D6-5F14A020F0A0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BCA907B6-5A0F-473E-8C63-0FF0CFAEB7B7}" = VAIO Personalization Manager
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BFF37C6E-D735-4487-390C-271E030AA62C}" = CCC Help Italian
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C2E171F6-9B58-4CE1-7B8B-B69FA04EBAB8}" = Catalyst Control Center Graphics Previews Vista
"{C459D829-0FF0-C210-B2BF-83DB63FC1D61}" = CCC Help Korean
"{C5529BC1-C2BF-44E8-B62A-01913D70081C}" = Catalyst Control Center - Branding
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C83B7CBB-C736-BF46-9832-7A9D07E9D94C}" = CCC Help Polish
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CDC8DBA8-37FF-4C82-84FF-DEBEDF93BEC4}" = PS_AIO_06_B209a-m_SW_Min
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D49989B0-7BC2-F7F1-8017-3257F617347A}" = Catalyst Control Center Graphics Previews Common
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D6DEC295-88A0-5CFA-0B29-C8FDF091FFD3}" = CCC Help Dutch
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DD88F979-FA58-41AC-980C-A6E1A82B61D9}" = Media Gallery
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{DF693121-40C0-3020-D655-612E51616423}" = CCC Help Danish
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E24B9887-D3A0-434B-8D60-F1F06CACC127}" = DATA BECKER CD-Druckerei 6
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.14
"{E3DC1111-5D32-40F9-BB81-64E31294C1A4}" = VAIO Personalization Manager
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E617721F-B66C-4D5A-AA2A-B2D60820CDC3}" = B209a-m
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EBDDC3CC-343A-C0DD-79BA-8A12D0A2CA10}" = CCC Help Turkish
"{ECF0D151-BCA0-8E6D-62DB-5D44DB4A3836}" = CCC Help Thai
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1432614-6183-49E6-98E8-674485463CFE}" = VAIO Original Function Settings
"{F1B95046-E9DA-CFEC-42A8-C8224646AA32}" = ccc-core-static
"{F30FE437-0E45-D409-F629-5D86960A6591}" = CCC Help Norwegian
"{F400E7EB-BF07-4D9C-8AAE-81DF98CAF3F2}" = VAIO Content Metadata XML Interface Library
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5CC9A13-6C57-4948-75A8-3A2C92A3183B}" = Catalyst Control Center Localization All
"{F67C14C0-D73E-C55B-E132-B1904A1A709C}" = CCC Help Greek
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{F7E8DD1D-9BFD-38BB-86A5-BEF313B00C51}" = Catalyst Control Center InstallProxy
"{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" =
"{FBED4E82-750B-4D00-9719-90358BF3942B}" = VAIO Content Metadata XML Interface Library
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"7-Zip" = 7-Zip 9.14 beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_25db75244653b42cb93dc27939d1c0e" = Adobe Dreamweaver CS3
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Avira AntiVir Desktop" = Avira Free Antivirus
"ElsterFormular für Unternehmer 12.2.1.6570u" = ElsterFormular-Upgrade
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)
"InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"InstallShield_{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = PMB VAIO Edition Guide
"InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"IP Camera" = IP Camera
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MarketingTools" = VAIO Marketing Tools
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"splashtop" = VAIO Quick Web Access
"Surf & E-Mail-Stick" = Surf & E-Mail-Stick
"svBuilder" = svBuilder
"Universal Document Converter_is1" = Universal Document Converter (Demo)
"VAIO Help and Support" =
"VAIO Premium Partners" = VAIO Premium Partners
"VAIO screensaver" = VAIO screensaver
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Facebook Plug-In" = Facebook Plug-In
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 09.01.2013 18:16:37 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11810
Error - 09.01.2013 18:16:37 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11810
Error - 09.01.2013 18:16:38 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 09.01.2013 18:16:38 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12808
Error - 09.01.2013 18:16:38 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12808
Error - 09.01.2013 18:16:39 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 09.01.2013 18:16:39 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13822
Error - 09.01.2013 18:16:39 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13822
Error - 09.01.2013 18:26:17 | Computer Name = *** | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "H:\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 10.01.2013 12:17:09 | Computer Name = *** | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {48512A59-C8A5-4805-9048-23C9E4194BFA})
(Fehlercode = 0x80042000)
Error - 10.01.2013 12:17:09 | Computer Name = *** | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
[ System Events ]
Error - 10.01.2013 13:44:47 | Computer Name = *** | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 10.01.2013 13:44:50 | Computer Name = *** | Source = DCOM | ID = 10005
Description =
Error - 10.01.2013 13:44:50 | Computer Name = *** | Source = DCOM | ID = 10005
Description =
Error - 10.01.2013 13:44:51 | Computer Name = *** | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 10.01.2013 13:44:51 | Computer Name = *** | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 10.01.2013 13:44:51 | Computer Name = *** | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 10.01.2013 13:44:51 | Computer Name = *** | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 10.01.2013 13:44:51 | Computer Name = *** | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 10.01.2013 13:44:51 | Computer Name = *** | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 10.01.2013 13:46:23 | Computer Name = *** | Source = Service Control Manager | ID = 7001
Description = Der Dienst "PnP-X-IP-Busenumerator" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
Code:
ATTFilter netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
|
|
10.01.2013, 21:04
| #2 |
| /// Malware-holic   | GVU Trojaner (Paysafe) Hi
__________________otl.txt fehlt, posten bitte.
__________________ |
|
10.01.2013, 21:20
| #3 |
| | GVU Trojaner (Paysafe) Sorry, hier kommt sie:
__________________OTL.txt Code:
ATTFilter OTL logfile created on: 10.01.2013 18:52:30 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\mhvn\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 3,34 Gb Available Physical Memory | 86,51% Memory free 7,71 Gb Paging File | 7,22 Gb Available in Paging File | 93,57% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 455,14 Gb Total Space | 368,03 Gb Free Space | 80,86% Space Free | Partition Type: NTFS Drive F: | 25,28 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: *** | User Name: mhvn | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.10 18:34:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mhvn\Desktop\OTL.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2011.01.29 05:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector) SRV:64bit: - [2010.10.08 07:55:08 | 000,202,752 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2013.01.09 22:26:02 | 000,108,904 | ---- | M] (SurfRight B.V.) [Auto | Stopped] -- C:\Programme\HitmanPro\hmpsched.exe -- (HitmanProScheduler) SRV - [2013.01.08 21:57:18 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.12.13 21:29:04 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.12.13 21:27:57 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012.12.13 21:27:43 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.12.07 15:21:36 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.01.13 09:55:10 | 001,256,040 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent) SRV - [2011.03.28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011.02.14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Care\VCService.exe -- (VCService) SRV - [2010.10.22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Stopped] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2010.08.11 08:46:06 | 000,845,312 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService) SRV - [2010.05.28 10:14:24 | 000,205,168 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2010.05.27 00:06:58 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 18:19:28 | 000,115,568 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper) SRV - [2010.02.19 18:19:26 | 000,386,416 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr) SRV - [2009.12.14 21:06:24 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009.12.14 21:06:08 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009.11.30 19:51:18 | 000,571,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management) SRV - [2009.11.21 00:25:24 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2009.10.24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2009.10.15 16:34:36 | 000,427,304 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms) SRV - [2009.10.15 16:34:36 | 000,091,432 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr) SRV - [2009.10.15 16:34:36 | 000,075,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs) SRV - [2009.10.15 16:34:34 | 000,120,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp) SRV - [2009.10.15 16:34:34 | 000,070,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr) SRV - [2009.09.16 13:27:12 | 000,480,624 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr) SRV - [2009.09.14 19:24:08 | 000,206,336 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc) SRV - [2009.09.14 19:24:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service) SRV - [2009.09.14 18:53:48 | 000,642,416 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw) SRV - [2009.09.04 22:35:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009.08.31 01:59:30 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10) SRV - [2009.08.31 01:59:18 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.09.18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.12.13 21:29:40 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.12.13 21:29:39 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.09.24 08:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.04.25 11:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.03.08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.18 12:30:36 | 000,021,200 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TVicHW64.sys -- (TVICHW64) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.10.08 07:55:08 | 006,661,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2010.10.08 07:55:08 | 006,661,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.10.08 07:55:08 | 000,195,584 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.06.24 21:53:34 | 000,376,400 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2010.06.24 21:35:37 | 000,136,192 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\acedrv05.sys -- (acedrv05) DRV:64bit: - [2009.12.16 21:03:59 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2009.12.16 21:03:04 | 007,778,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.12.16 05:04:17 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.12.16 03:49:48 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2009.12.14 21:06:07 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.11.21 00:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.11.18 05:30:44 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2009.11.18 05:30:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2009.11.18 05:30:32 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2009.11.18 05:30:21 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt) DRV:64bit: - [2009.11.18 05:23:46 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2009.11.13 21:08:21 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.11.12 21:16:19 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.11.12 21:06:44 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.11.06 21:27:30 | 000,093,696 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci) DRV:64bit: - [2009.09.15 21:09:08 | 000,075,776 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe) DRV:64bit: - [2009.08.19 21:09:21 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.07.14 01:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) DRV:64bit: - [2009.05.20 11:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008.11.08 09:55:22 | 000,115,328 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = {3C8AE260-DD89-48A8-874B-5635DAD86DF2} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{3C8AE260-DD89-48A8-874B-5635DAD86DF2}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC_deDE381 IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{6BED64B0-3555-43C1-B820-45E1926A8CCF}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=8da3f1a1-07c1-495b-91dc-cc54b95ef181&apn_sauid=3EF5C33D-81F1-4A74-9F47-5A1EEB536A57 IE - HKCU\..\SearchScopes\{773DCE84-A6ED-45BA-BE98-6FED0A37B3A3}: "URL" = hxxp://de.shopping.com/?linkin_id=8056363 IE - HKCU\..\SearchScopes\{98A657E6-852A-4F97-9C45-D83BF4F96C73}: "URL" = hxxp://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8search IE - HKCU\..\SearchScopes\{DBC1860E-602D-41EC-B357-CD173C9CA8A3}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.15.11.100015 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=8da3f1a1-07c1-495b-91dc-cc54b95ef181&apn_ptnrs=^AGS&apn_sauid=3EF5C33D-81F1-4A74-9F47-5A1EEB536A57&apn_dtid=^YYYYYY^YY^DE&&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\mhvn\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.07.20 23:07:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.09.23 19:24:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.07 15:21:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.07 15:21:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.07.20 23:07:29 | 000,000,000 | ---D | M] [2011.02.27 15:40:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mhvn\AppData\Roaming\mozilla\Extensions [2010.07.22 06:18:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mhvn\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2012.11.25 09:56:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mhvn\AppData\Roaming\mozilla\Firefox\Profiles\6469u65k.default\extensions [2012.07.25 18:08:17 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\mhvn\AppData\Roaming\mozilla\Firefox\Profiles\6469u65k.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.02.07 10:15:43 | 000,000,000 | ---D | M] (Andasa iCat) -- C:\Users\mhvn\AppData\Roaming\mozilla\Firefox\Profiles\6469u65k.default\extensions\plugin@andasa.de [2012.11.25 10:09:20 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\mhvn\AppData\Roaming\mozilla\Firefox\Profiles\6469u65k.default\extensions\toolbar@ask.com [2012.08.07 00:53:50 | 000,007,915 | ---- | M] () (No name found) -- C:\Users\mhvn\AppData\Roaming\mozilla\firefox\profiles\6469u65k.default\extensions\toolbar@ask.com\chrome\content\Abine\chrome\content\ff\view_expiry.js [2013.01.09 07:38:04 | 000,002,413 | ---- | M] () -- C:\Users\mhvn\AppData\Roaming\mozilla\firefox\profiles\6469u65k.default\searchplugins\askcom.xml [2013.01.05 17:29:53 | 000,000,950 | ---- | M] () -- C:\Users\mhvn\AppData\Roaming\mozilla\firefox\profiles\6469u65k.default\searchplugins\icqplugin-1.xml [2011.11.08 18:59:29 | 000,000,950 | ---- | M] () -- C:\Users\mhvn\AppData\Roaming\mozilla\firefox\profiles\6469u65k.default\searchplugins\icqplugin-10.xml [2011.11.16 07:38:33 | 000,000,950 | ---- | M] () -- C:\Users\mhvn\AppData\Roaming\mozilla\firefox\profiles\6469u65k.default\searchplugins\icqplugin-11.xml [2012.01.03 09:57:27 | 000,000,950 | ---- | M] () -- C:\Users\mhvn\AppData\Roaming\mozilla\firefox\profiles\6469u65k.default\searchplugins\icqplugin-12.xml [2012.02.16 16:12:09 | 000,000,950 | ---- | M] () -- C:\Users\mhvn\AppData\Roaming\mozilla\firefox\profiles\6469u65k.default\searchplugins\icqplugin-13.xml [2011.05.08 16:27:59 | 000,000,950 | ---- | M] () -- C:\Users\mhvn\AppData\Roaming\mozilla\firefox\profiles\6469u65k.default\searchplugins\icqplugin-2.xml [2011.06.24 16:07:31 | 000,000,950 | ---- | M] () -- C:\Users\mhvn\AppData\Roaming\mozilla\firefox\profiles\6469u65k.default\searchplugins\icqplugin-3.xml [2011.07.28 18:18:19 | 000,000,950 | ---- | M] () -- C:\Users\mhvn\AppData\Roaming\mozilla\firefox\profiles\6469u65k.default\searchplugins\icqplugin-4.xml [2011.08.19 07:01:48 | 000,000,950 | ---- | M] () -- C:\Users\mhvn\AppData\Roaming\mozilla\firefox\profiles\6469u65k.default\searchplugins\icqplugin-5.xml [2011.09.04 11:00:50 | 000,000,950 | ---- | M] () -- C:\Users\mhvn\AppData\Roaming\mozilla\firefox\profiles\6469u65k.default\searchplugins\icqplugin-6.xml [2011.09.12 06:28:53 | 000,000,950 | ---- | M] () -- C:\Users\mhvn\AppData\Roaming\mozilla\firefox\profiles\6469u65k.default\searchplugins\icqplugin-7.xml [2011.10.02 21:26:26 | 000,000,950 | ---- | M] () -- C:\Users\mhvn\AppData\Roaming\mozilla\firefox\profiles\6469u65k.default\searchplugins\icqplugin-8.xml [2011.10.03 13:09:56 | 000,000,950 | ---- | M] () -- C:\Users\mhvn\AppData\Roaming\mozilla\firefox\profiles\6469u65k.default\searchplugins\icqplugin-9.xml [2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\mhvn\AppData\Roaming\mozilla\firefox\profiles\6469u65k.default\searchplugins\icqplugin.xml [2012.12.07 15:21:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.12.07 15:21:36 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.19 18:57:35 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.30 06:35:08 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.19 18:57:35 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.19 18:57:35 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.19 18:57:35 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.19 18:57:35 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com CHR - homepage: hxxp://www.google.com CHR - Extension: YouTube = C:\Users\mhvn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\mhvn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\mhvn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2011.06.24 16:20:24 | 000,435,366 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 14980 more lines... O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe (The Eraser Project) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Google Sidewiki... - Reg Error: Value error. File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Google Sidewiki... - Reg Error: Value error. File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} hxxp://192.168.2.110/codebase/DVM_IPCam2.ocx (DVM_IPCam2 Control) O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class) O16 - DPF: {CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.3.1/jinstall-1_3_1_20-windows-i586.cab (Java Plug-in 1.3.1_20) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.9.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{448CA6B0-545A-480B-A503-DE84808875E3}: DhcpNameServer = 10.1.1.11 10.1.1.12 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5DB63988-98C6-4312-8B36-AA4B2FAA958F}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D61CA8A8-A9C5-4B05-8B5C-1FF6CD0702CA}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{045c7f58-8095-11e0-b9ce-5442490ba49f}\Shell - "" = AutoRun O33 - MountPoints2\{045c7f58-8095-11e0-b9ce-5442490ba49f}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{045c7f6e-8095-11e0-b9ce-5442490ba49f}\Shell - "" = AutoRun O33 - MountPoints2\{045c7f6e-8095-11e0-b9ce-5442490ba49f}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{d078d709-aa2b-11df-bc74-5442490ba49f}\Shell - "" = AutoRun O33 - MountPoints2\{d078d709-aa2b-11df-bc74-5442490ba49f}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{d078d70f-aa2b-11df-bc74-5442490ba49f}\Shell - "" = AutoRun O33 - MountPoints2\{d078d70f-aa2b-11df-bc74-5442490ba49f}\Shell\AutoRun\command - "" = H:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - ActiveX:64bit: >{DB562198-3A06-4B5D-86EF-D9ED5AD005BC} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP MsConfig:64bit - StartUpReg: ApnUpdater - hkey= - key= - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - File not found MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - File not found MsConfig:64bit - StartUpReg: swg - hkey= - key= - File not found CREATERESTOREPOINT Unable to start System Restore Service. Error code 1084 ========== Files/Folders - Created Within 30 Days ========== [2013.01.10 18:47:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\mhvn\Desktop\OTL.exe [2013.01.09 23:31:41 | 000,000,000 | ---D | C] -- C:\Users\mhvn\AppData\Roaming\Malwarebytes [2013.01.09 23:31:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.09 23:31:36 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.01.09 23:31:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.09 23:31:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.01.09 23:26:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2013.01.09 22:52:04 | 000,664,504 | ---- | C] (Softwareentwicklung Patric Remus -ArchiCrypt) -- C:\Users\mhvn\Desktop\AntiBundestrojaner.exe [2013.01.09 22:46:39 | 009,650,656 | ---- | C] (SurfRight B.V.) -- C:\hitmanpro_x64.exe [2013.01.09 22:26:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro [2013.01.09 22:26:01 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro [2013.01.09 22:25:41 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2013.01.09 22:24:28 | 000,000,000 | ---D | C] -- C:\Stick [2013.01.09 08:02:05 | 000,256,000 | ---- | C] (Корпорация Майкрософт) -- C:\Users\mhvn\wgsdgsdgdsgsd.dll [2013.01.08 21:10:38 | 000,000,000 | ---D | C] -- C:\Users\mhvn\Desktop\2013-01 (Jan) [2013.01.04 22:06:57 | 000,000,000 | ---D | C] -- C:\Users\mhvn\AppData\Local\{56911F9F-71FB-404B-BF36-B7B5AB23B3FF} [2013.01.04 21:57:22 | 000,000,000 | ---D | C] -- C:\Users\mhvn\AppData\Roaming\TuneUp Software [2013.01.04 21:56:27 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2013.01.04 21:55:59 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2013.01.04 21:55:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2013.01.02 15:13:05 | 000,000,000 | ---D | C] -- C:\Users\mhvn\Desktop\Rolex Datejust [2013.01.02 15:12:42 | 000,000,000 | ---D | C] -- C:\Users\mhvn\Desktop\Rolex GMT-Master II [2012.12.24 13:15:41 | 000,000,000 | ---D | C] -- C:\Users\mhvn\Desktop\2012-12 (Dez) [2012.12.19 18:55:18 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [1 C:\Users\mhvn\Desktop\*.tmp files -> C:\Users\mhvn\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.10 18:44:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.10 18:44:02 | 3106,480,128 | -HS- | M] () -- C:\hiberfil.sys [2013.01.10 18:34:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mhvn\Desktop\OTL.exe [2013.01.10 17:26:23 | 001,521,240 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.10 17:26:23 | 000,662,526 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.10 17:26:23 | 000,623,116 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.10 17:26:23 | 000,133,614 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.10 17:26:23 | 000,109,238 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.10 17:17:21 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.09 23:17:07 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.09 23:17:07 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.09 23:13:27 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2013.01.09 22:26:02 | 000,001,909 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk [2013.01.09 22:21:38 | 009,650,656 | ---- | M] (SurfRight B.V.) -- C:\hitmanpro_x64.exe [2013.01.09 18:54:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.09 17:43:49 | 003,048,096 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.09 08:02:14 | 000,002,869 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js [2013.01.09 08:02:14 | 000,001,047 | ---- | M] () -- C:\Users\mhvn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk [2013.01.09 08:02:14 | 000,000,159 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.reg [2013.01.09 08:02:14 | 000,000,065 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.bat [2013.01.09 08:02:05 | 000,256,000 | ---- | M] (Корпорация Майкрософт) -- C:\Users\mhvn\wgsdgsdgdsgsd.dll [2013.01.09 07:35:37 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.08 23:32:01 | 000,002,780 | ---- | M] () -- C:\Users\Public\Documents\DME-SETTINGS.xml [2013.01.08 23:32:01 | 000,000,310 | ---- | M] () -- C:\Windows\tasks\DMEPeriodicTask.job [2013.01.05 11:05:15 | 000,070,755 | ---- | M] () -- C:\Users\mhvn\Desktop\Stellungnahme.pdf [2013.01.04 17:46:50 | 000,001,621 | ---- | M] () -- C:\Users\mhvn\Desktop\LEO-LionsMitgliederverwaltung - Verknüpfung.lnk [2012.12.18 22:59:00 | 000,213,004 | ---- | M] () -- C:\Users\mhvn\Desktop\20121214_Programme_Draft_Students.pdf [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.14 07:25:31 | 001,541,588 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.12.13 21:29:40 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.12.13 21:29:39 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.12.13 21:04:09 | 000,418,438 | ---- | M] () -- C:\test.xml [1 C:\Users\mhvn\Desktop\*.tmp files -> C:\Users\mhvn\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.09 22:26:02 | 000,001,909 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk [2013.01.09 08:02:14 | 000,002,869 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js [2013.01.09 08:02:14 | 000,001,047 | ---- | C] () -- C:\Users\mhvn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk [2013.01.09 08:02:14 | 000,000,159 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.reg [2013.01.09 08:02:14 | 000,000,065 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.bat [2013.01.09 08:02:10 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2013.01.05 10:57:40 | 000,070,755 | ---- | C] () -- C:\Users\mhvn\Desktop\Stellungnahme.pdf [2013.01.04 17:46:50 | 000,001,621 | ---- | C] () -- C:\Users\mhvn\Desktop\LEO-LionsMitgliederverwaltung - Verknüpfung.lnk [2012.12.18 22:59:00 | 000,213,004 | ---- | C] () -- C:\Users\mhvn\Desktop\20121214_Programme_Draft_Students.pdf [2012.08.01 06:59:02 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad [2011.08.28 17:02:41 | 000,181,829 | ---- | C] () -- C:\Windows\hpoins36.dat [2011.08.28 17:02:41 | 000,000,578 | ---- | C] () -- C:\Windows\hpomdl36.dat [2011.08.11 07:12:53 | 000,000,036 | ---- | C] () -- C:\Users\mhvn\uidsave.dat [2011.06.23 09:38:45 | 000,010,231 | ---- | C] () -- C:\Users\mhvn\mhvn_elster_2048.pfx [2011.02.27 15:40:17 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2010.05.30 22:47:11 | 000,000,000 | ---D | M] -- C:\Users\mhvn\AppData\Roaming\ASCOMP Software [2010.10.31 13:03:12 | 000,000,000 | ---D | M] -- C:\Users\mhvn\AppData\Roaming\Auslogics [2010.09.30 18:51:48 | 000,000,000 | ---D | M] -- C:\Users\mhvn\AppData\Roaming\Avery [2011.12.03 13:05:43 | 000,000,000 | ---D | M] -- C:\Users\mhvn\AppData\Roaming\elsterformular [2010.06.15 22:59:04 | 000,000,000 | ---D | M] -- C:\Users\mhvn\AppData\Roaming\Facebook [2010.06.20 11:15:46 | 000,000,000 | ---D | M] -- C:\Users\mhvn\AppData\Roaming\JonDo [2010.09.23 19:25:09 | 000,000,000 | ---D | M] -- C:\Users\mhvn\AppData\Roaming\Nokia [2010.09.23 19:25:09 | 000,000,000 | ---D | M] -- C:\Users\mhvn\AppData\Roaming\PC Suite [2010.12.15 21:32:52 | 000,000,000 | ---D | M] -- C:\Users\mhvn\AppData\Roaming\SolidDocuments [2012.10.16 15:45:00 | 000,000,000 | ---D | M] -- C:\Users\mhvn\AppData\Roaming\svBuilder [2013.01.04 21:57:22 | 000,000,000 | ---D | M] -- C:\Users\mhvn\AppData\Roaming\TuneUp Software [2012.06.08 20:10:09 | 000,000,000 | ---D | M] -- C:\Users\mhvn\AppData\Roaming\UDC Profiles ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.05.26 18:50:03 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.10.03 13:30:41 | 000,000,000 | ---D | M] -- C:\Daten [2010.02.23 09:36:33 | 000,000,000 | ---D | M] -- C:\Documentation [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.05.26 18:47:26 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2010.12.17 08:08:56 | 000,000,000 | ---D | M] -- C:\e8972a98d510f4e238 [2011.11.28 20:36:21 | 000,000,000 | ---D | M] -- C:\KG-GD [2010.02.23 09:08:30 | 000,000,000 | RH-D | M] -- C:\MSOCache [2011.12.23 20:15:19 | 000,000,000 | ---D | M] -- C:\Multimedia Files [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.01.09 22:26:01 | 000,000,000 | R--D | M] -- C:\Program Files [2013.01.09 23:31:35 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2013.01.09 23:31:36 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010.05.26 18:47:26 | 000,000,000 | -HSD | M] -- C:\Programme [2010.10.02 16:13:15 | 000,000,000 | ---D | M] -- C:\Sicherung [2012.05.24 19:40:49 | 000,000,000 | -H-D | M] -- C:\SPLASH.000 [2010.12.18 12:11:03 | 000,000,000 | -H-D | M] -- C:\SPLASH.SYS [2013.01.09 22:25:29 | 000,000,000 | ---D | M] -- C:\Stick [2013.01.09 08:04:42 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.02.23 09:26:32 | 000,000,000 | ---D | M] -- C:\Temp [2012.12.29 12:34:24 | 000,000,000 | ---D | M] -- C:\Update [2010.05.27 00:01:58 | 000,000,000 | R--D | M] -- C:\Users [2013.01.10 17:33:18 | 000,000,000 | ---D | M] -- C:\Windows [2010.02.23 09:36:33 | 000,000,000 | ---D | M] -- C:\_FS_SWRINFO [2012.08.01 21:17:05 | 000,000,000 | ---D | M] -- C:\_OTL < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 06:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.02.23 09:03:03 | 000,001,120 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2010.02.23 09:03:05 | 000,001,124 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2010.07.07 21:32:20 | 000,000,310 | ---- | C] () -- C:\Windows\Tasks\DMEPeriodicTask.job [2012.07.01 14:13:47 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: IASTOR.SYS > [2009.11.21 00:09:48 | 000,537,112 | ---- | M] (Intel Corporation) MD5=073A606333B6F7BBF20AA856DF7F0997 -- C:\Windows\SysNative\drivers\iaStor.sys [2009.11.21 00:09:48 | 000,537,112 | ---- | M] (Intel Corporation) MD5=073A606333B6F7BBF20AA856DF7F0997 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_53f33454d751d4bd\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2011.06.23 09:38:55 | 000,010,231 | ---- | M] () -- C:\Users\mhvn\mhvn_elster_2048.pfx [2013.01.10 18:54:53 | 008,126,464 | -HS- | M] () -- C:\Users\mhvn\ntuser.dat [2013.01.10 18:54:53 | 000,262,144 | -HS- | M] () -- C:\Users\mhvn\ntuser.dat.LOG1 [2010.05.26 18:47:36 | 000,000,000 | -HS- | M] () -- C:\Users\mhvn\ntuser.dat.LOG2 [2010.05.26 18:53:26 | 000,065,536 | -HS- | M] () -- C:\Users\mhvn\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2010.05.26 18:53:26 | 000,524,288 | -HS- | M] () -- C:\Users\mhvn\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2010.05.26 18:53:26 | 000,524,288 | -HS- | M] () -- C:\Users\mhvn\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2010.05.30 18:19:36 | 000,065,536 | -HS- | M] () -- C:\Users\mhvn\ntuser.dat{285c6562-6c0b-11df-bfb4-5442490ba49f}.TM.blf [2010.05.30 18:19:36 | 000,524,288 | -HS- | M] () -- C:\Users\mhvn\ntuser.dat{285c6562-6c0b-11df-bfb4-5442490ba49f}.TMContainer00000000000000000001.regtrans-ms [2010.05.30 18:19:36 | 000,524,288 | -HS- | M] () -- C:\Users\mhvn\ntuser.dat{285c6562-6c0b-11df-bfb4-5442490ba49f}.TMContainer00000000000000000002.regtrans-ms [2010.05.30 18:17:31 | 000,065,536 | -HS- | M] () -- C:\Users\mhvn\ntuser.dat{3de03a1b-6c07-11df-98a3-506313a455a5}.TM.blf [2010.05.30 18:17:31 | 000,524,288 | -HS- | M] () -- C:\Users\mhvn\ntuser.dat{3de03a1b-6c07-11df-98a3-506313a455a5}.TMContainer00000000000000000001.regtrans-ms [2010.05.30 18:17:31 | 000,524,288 | -HS- | M] () -- C:\Users\mhvn\ntuser.dat{3de03a1b-6c07-11df-98a3-506313a455a5}.TMContainer00000000000000000002.regtrans-ms [2010.07.30 00:34:09 | 000,065,536 | -HS- | M] () -- C:\Users\mhvn\ntuser.dat{626bf2f5-9b65-11df-a13f-b430c24ac344}.TM.blf [2010.07.30 00:34:09 | 000,524,288 | -HS- | M] () -- C:\Users\mhvn\ntuser.dat{626bf2f5-9b65-11df-a13f-b430c24ac344}.TMContainer00000000000000000001.regtrans-ms [2010.07.30 00:34:09 | 000,524,288 | -HS- | M] () -- C:\Users\mhvn\ntuser.dat{626bf2f5-9b65-11df-a13f-b430c24ac344}.TMContainer00000000000000000002.regtrans-ms [2010.05.26 18:47:36 | 000,000,020 | -HS- | M] () -- C:\Users\mhvn\ntuser.ini [2011.07.16 05:24:22 | 000,000,036 | ---- | M] () -- C:\Users\mhvn\uidsave.dat [2013.01.09 08:02:05 | 000,256,000 | ---- | M] (Корпорация Майкрософт) -- C:\Users\mhvn\wgsdgsdgdsgsd.dll < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > < End of report > Geändert von centurio_bla (10.01.2013 um 21:32 Uhr) |
|
10.01.2013, 21:27
| #4 |
| | GVU Trojaner (Paysafe) Ich habe es gerade irgendwie geschafft in meinen Avira zu kommen: Hier steht, dass er den TR/Winlock.JC gefunden hätte: Code:
ATTFilter 10.01.2013,20:52:43 [INFO] ---------------------------------------------------------
10.01.2013,20:52:43 [INFO] Der Avira Free Antivirus Dienst wurde erfolgreich gestartet!
10.01.2013,20:53:37 [INFO] Echtzeit-Scanner Version: 13.06.00.400, Engine Version 8.2.10.226, VDF Version: 7.11.56.126
10.01.2013,20:53:37 [INFO] Online-Dienste stehen zur Verfügung.
10.01.2013,20:53:37 [INFO] Echtzeit-Scanner wurde aktiviert
10.01.2013,20:53:37 [INFO] Verwendete Konfiguration der Echtzeit-Scanner:
- Geprüfte Dateien: Dateien von lokalen Laufwerken prüfen
- Geprüfte Dateien: Dateierweiterungsliste verwenden: . .386 .?HT* .ACM .ADE .ADP .ANI .APK .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CPX .CRT .CSH .DEX .DLL .DLO .DO* .DRV .EMF .EML .EXE* .FAS .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT* .PPAM .PPS* .PPT* .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SLD? .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XAR .XL* .XML .XXX .ZIP
- Gerätemodus: Datei beim Öffnen durchsuchen, Datei nach Schließen durchsuchen
- Aktion: Benutzer fragen
- Archive durchsuchen: Deaktiviert
- Makrovirenheuristik: Aktiviert
- Win32 Dateiheuristik: Erkennungsstufe mittel
- Protokollierungsstufe: Standard
10.01.2013,21:10:45 [INFO] Update-Auftrag gestartet!
10.01.2013,21:11:04 [INFO] Aktuelle Engine Version: 8.2.10.228
10.01.2013,21:11:04 [INFO] Aktuelle Version der VDF-Datei: 7.11.56.184
10.01.2013,21:34:38 [FUND] Ist das Trojanische Pferd TR/Winlock.JC!
C:\Users\mhvn\wgsdgsdgdsgsd.dll
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
10.01.2013,21:51:04 [FUND] Ist das Trojanische Pferd TR/Winlock.JC!
C:\Users\mhvn\wgsdgsdgdsgsd.dll
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
10.01.2013,21:51:05 [FUND] Ist das Trojanische Pferd TR/Winlock.JC!
C:\Users\mhvn\wgsdgsdgdsgsd.dll
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
|
|
11.01.2013, 01:26
| #5 |
| /// Malware-holic | GVU Trojaner (Paysafe) hi dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
[2013.01.09 08:02:14 | 000,002,869 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2013.01.09 08:02:14 | 000,001,047 | ---- | M] () -- C:\Users\mhvn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013.01.09 08:02:14 | 000,000,159 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.reg
[2013.01.09 08:02:14 | 000,000,065 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.bat
[2013.01.09 08:02:05 | 000,256,000 | ---- | M] (Корпорация Майкрософт) -- C:\Users\mhvn\wgsdgsdgdsgsd.dll
:Files
:Commands
[EMPTYFLASH]
[emptytemp]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden reiche noch das hitman log nach.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.01.2013, 08:26
| #6 |
| | GVU Trojaner (Paysafe) Hallo Markus, herzlichen Danke. Das sieht bereits sehr gut aus. Windows lässt sich wieder normal starten. AUch das Internet scheint zu funktionieren. Hier das Log von OTL HTML-Code: All processes killed ========== OTL ========== C:\ProgramData\dsgsdgdsgdsgw.js moved successfully. File C:\Users\mhvn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk not found. C:\ProgramData\dsgsdgdsgdsgw.reg moved successfully. C:\ProgramData\dsgsdgdsgdsgw.bat moved successfully. C:\Users\mhvn\wgsdgsdgdsgsd.dll moved successfully. ========== COMMANDS ========== [EMPTYFLASH] User: Administrator User: All Users User: AppData User: Default ->Flash cache emptied: 56504 bytes User: Default User ->Flash cache emptied: 0 bytes User: mhvn ->Flash cache emptied: 57046 bytes User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: Administrator User: All Users User: AppData User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: mhvn ->Temp folder emptied: 176324 bytes ->Temporary Internet Files folder emptied: 9206993 bytes ->Java cache emptied: 266664 bytes ->FireFox cache emptied: 74959282 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 36785 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 173097 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 81,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 01112013_074741 Files\Folders moved on Reboot... C:\Users\mhvn\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... Ich habe daraufhin Hitman laufen lassen, hierfür ebenfalls das Log Code:
ATTFilter HitmanPro 3.7.0.185
www.hitmanpro.com
Computer name . . . . : ***
Windows . . . . . . . : 6.1.1.7601.X64/4
User name . . . . . . : ***\mhvn
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2013-01-11 08:11:58
Scan mode . . . . . . : Normal
Scan duration . . . . : 6m 7s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 1
Traces . . . . . . . : 146
Objects scanned . . . : 1.900.349
Files scanned . . . . : 16.891
Remnants scanned . . : 396.531 files / 1.486.927 keys
Malware _____________________________________________________________________
C:\_OTL\MovedFiles\01112013_074741\C_Users\mhvn\wgsdgsdgdsgsd.dll
Size . . . . . . . : 256.000 bytes
Age . . . . . . . : 2.0 days (2013-01-09 08:02:05)
Entropy . . . . . : 6.3
SHA-256 . . . . . : 8BF3641D72C70F410F3DA722B90FFEA47E7BDF2EA5F15753A903485B95417EEB
Product . . . . . : Операционная система Microsoft® Windows®
Publisher . . . . : Корпорация Майкрософт
Description . . . : Редактор дескрипторов безопасности
Version . . . . . : 5.1.2600.2180
Copyright . . . . : © Корпорация Майкрософт. Все права защищены.
> G Data . . . . . . : Trojan.Generic.KDV.824832 (Engine A)
> Ikarus . . . . . . : Trojan-Dropper.Win32.Injector!IK
Fuzzy . . . . . . : 103.0
Potential Unwanted Programs _________________________________________________
C:\Program Files (x86)\Ask.com\ (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\ (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\BadgeManager.js (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\common.js (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\config.js (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\css\ (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\css\popup.css (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\events.js (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\ (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\btn-bg.png (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\footer.png (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\header-top-plain.png (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\header-top.png (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\like.png (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\linkedin.png (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\on-off-knob.png (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\on-off.png (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\plus-minus.png (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\plusone.png (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\settings.png (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\tweet.png (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\notificationManager.js (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\optout.js (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\reports\ (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\reports\logger.js (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\reports\view_report.js (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\rules.js (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\socialButtons.js (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\template.js (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\templates\ (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\templates\all.js (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\view.js (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\view_alert.js (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\view_allowed_sites.js (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\view_global.js (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\IE\ (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\IE\autoUpdate.js (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\IE\background.html (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\IE\bg.js (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\IE\blank.html (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\IE\common.js (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\IE\config.js (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\IE\config.xml (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\IE\content.js (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\IE\ContentPolicy.js (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\IE\css\ (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\IE\css\popup-ie.css (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\IE\demo.html (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\IE\demoRestricted.html (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\IE\dntp.js (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPAddon.dll (AskBar)
Size . . . . . . . : 470.976 bytes
Age . . . . . . . : 46.9 days (2012-11-25 09:56:55)
Entropy . . . . . : 6.5
SHA-256 . . . . . : FC338B27D65C57330BCF611B87C66ED46881C4DD766FE7B99B8394A757EBC795
Product . . . . . : Avira Do Not Track
Publisher . . . . : Abine
Description . . . : ScriptHost
Version . . . . . : 2.2.1.921
Copyright . . . . : Abine Inc. All rights reserved.
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -15.0
C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPButton.dll (AskBar)
Size . . . . . . . : 245.696 bytes
Age . . . . . . . : 46.9 days (2012-11-25 09:56:55)
Entropy . . . . . : 6.5
SHA-256 . . . . . : 2FC13CADD383B20CF47883318AA4CBF6CED368985E4E4616AD55570017F89898
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -9.0
C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPContentFilter.dll (AskBar)
Size . . . . . . . : 925.120 bytes
Age . . . . . . . : 46.9 days (2012-11-25 09:56:55)
Entropy . . . . . : 6.7
SHA-256 . . . . . : A2E81FF4D5C5AAD8287A06AC267AD64C2E2E7E7453A4A0A3857F12248FC074C7
Product . . . . . : Avira Do Not Track
Description . . . : DNTP ContentFilter Module
Version . . . . . : 2.2.1.921
Copyright . . . . : Abine Inc. Copyright 2012
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -14.0
C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPService.exe (AskBar)
Size . . . . . . . : 300.480 bytes
Age . . . . . . . : 46.9 days (2012-11-25 09:56:55)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 5432AEF914EA963BF63277837A30B82B59008BCA2B3E79D82A3FDB87C7386BDA
Product . . . . . : Avira Do Not Track
Publisher . . . . : Abine Inc.
Description . . . : Avira Do Not Track Service
Version . . . . . : 2.2.1.921
Copyright . . . . : Abine Inc. All rights reserved.
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -15.0
C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPServicePS.dll (AskBar)
Size . . . . . . . : 51.136 bytes
Age . . . . . . . : 46.9 days (2012-11-25 09:56:55)
Entropy . . . . . : 6.3
SHA-256 . . . . . : 79B321A17B6E4508921A90620F315FED39BA03F00D4FA2C848F62B89EAB837F8
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -9.0
C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPTypes.dll (AskBar)
Size . . . . . . . : 90.048 bytes
Age . . . . . . . : 46.9 days (2012-11-25 09:56:55)
Entropy . . . . . : 6.2
SHA-256 . . . . . : E1ECF35417E57AD8860CE5E99468F9B3D806F8C171EB6DBD5E06D2D41BE8160A
Product . . . . . : Avira Do Not Track
Publisher . . . . : Abine Inc.
Description . . . : Avira Do Not Track Shared Types
Version . . . . . : 2.2.1.921
Copyright . . . . : Abine Inc. All rights reserved.
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -15.0
C:\Program Files (x86)\Ask.com\AbineSDK\IE\images\ (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\IE\images\demoRestricted.png (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\IE\json2.min.js (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\IE\license.js (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\de\ (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\de\messages.js (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\en\ (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\en\messages.js (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\es\ (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\es\messages.js (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\fr\ (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\fr\messages.js (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\it\ (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\it\messages.js (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\nl\ (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\nl\messages.js (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\pt\ (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\pt\messages.js (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\IE\popup.html (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\IE\socialButtons.js (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\IE\view.js (AskBar)
C:\Program Files (x86)\Ask.com\AbineSDK\IE\view_alert.js (AskBar)
C:\Program Files (x86)\Ask.com\assets\oobe\ (AskBar)
C:\Program Files (x86)\Ask.com\assets\oobe\b.png (AskBar)
C:\Program Files (x86)\Ask.com\assets\oobe\bl.png (AskBar)
C:\Program Files (x86)\Ask.com\assets\oobe\br.png (AskBar)
C:\Program Files (x86)\Ask.com\assets\oobe\l.png (AskBar)
C:\Program Files (x86)\Ask.com\assets\oobe\pointer.png (AskBar)
C:\Program Files (x86)\Ask.com\assets\oobe\r.png (AskBar)
C:\Program Files (x86)\Ask.com\assets\oobe\t.png (AskBar)
C:\Program Files (x86)\Ask.com\assets\oobe\tl.png (AskBar)
C:\Program Files (x86)\Ask.com\assets\oobe\tr.png (AskBar)
C:\Program Files (x86)\Ask.com\AviraBrowserSecurity.exe (AskBar)
Size . . . . . . . : 238.288 bytes
Age . . . . . . . : 46.9 days (2012-11-25 09:56:54)
Entropy . . . . . : 6.2
SHA-256 . . . . . : 8BC084B9A03212CAB6820C194809747248BE05CABC657E5811645ECFC7D8D0B5
Product . . . . . : AviraBrowserSecurity
Publisher . . . . : APN LLC.
Description . . . : AviraBrowserSecurity
Version . . . . . : 1.0.0.1
Copyright . . . . : (c) APN LLC. All rights reserved.
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -15.0
C:\Program Files (x86)\Ask.com\AviraCallingIDhelper.dll (AskBar)
Size . . . . . . . : 145.104 bytes
Age . . . . . . . : 46.9 days (2012-11-25 09:56:54)
Entropy . . . . . : 6.5
SHA-256 . . . . . : AE8BC4D32E239646DEDBF7BD2B01E7E3581D45FF68F4E32D5ADB0FFC1E672EBE
Product . . . . . : AviraHelper
Publisher . . . . : APN LLC
Description . . . : Avira COM API Helper
Version . . . . . : 4.0.0.1
Copyright . . . . : (c) APN LLC. All rights reserved.
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -13.0
C:\Program Files (x86)\Ask.com\CallingIDSDK\ (AskBar)
C:\Program Files (x86)\Ask.com\CallingIDSDK\CIDCoreLight.dll (AskBar)
Size . . . . . . . : 1.599.568 bytes
Age . . . . . . . : 46.9 days (2012-11-25 09:56:54)
Entropy . . . . . : 6.5
SHA-256 . . . . . : 18054E5FD5B05EA000DE4E6BC3AD9D3115579E1E57C00D15649692DBCB196662
Product . . . . . : CallingID
Publisher . . . . : CallingID Ltd.
Version . . . . . : 2.0.0.255
Copyright . . . . : CallingID (c). All rights reserved.
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -13.0
C:\Program Files (x86)\Ask.com\CallingIDSDK\CIDGlobalLight.exe (AskBar)
Size . . . . . . . : 1.185.872 bytes
Age . . . . . . . : 46.9 days (2012-11-25 09:56:54)
Entropy . . . . . : 6.4
SHA-256 . . . . . : F7C2DF158D54D34167F9F454E2BD1776476DCA761E14358C59C1C81F5B2D0727
Product . . . . . : CallingID
Publisher . . . . : CallingID Ltd.
Version . . . . . : 2.0.0.255
Copyright . . . . : CallingID (c). All rights reserved.
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Running processes : 5312
Fuzzy . . . . . . : -13.0
C:\Program Files (x86)\Ask.com\CallingIDSDK\CIDGlobalLightPS.dll (AskBar)
Size . . . . . . . : 71.760 bytes
Age . . . . . . . : 46.9 days (2012-11-25 09:56:54)
Entropy . . . . . : 5.5
SHA-256 . . . . . : 4C65E65F7E94F09BC5AA2C1AF8BDA84D25DCB9DB498BCDBFA1F2B2C26EA7D475
Product . . . . . : CallingID
Publisher . . . . : CallingID Ltd.
Version . . . . . : 2.0.0.255
Copyright . . . . : CallingID (c). All rights reserved.
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -15.0
C:\Program Files (x86)\Ask.com\CallingIDSDK\CIDWPADLight.exe (AskBar)
Size . . . . . . . : 145.488 bytes
Age . . . . . . . : 46.9 days (2012-11-25 09:56:54)
Entropy . . . . . : 6.1
SHA-256 . . . . . : 739DAC31AA8B97FE0AA1F3E3AE8A0CAC4901CB3E6D59C0DB23DAAB268B80B638
Product . . . . . : CallingID
Publisher . . . . : CallingID Ltd.
Version . . . . . : 2.0.0.255
Copyright . . . . : CallingID (c). All rights reserved.
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -15.0
C:\Program Files (x86)\Ask.com\CallingIDSDK\CIDWPADLightPS.dll (AskBar)
Size . . . . . . . : 71.760 bytes
Age . . . . . . . : 46.9 days (2012-11-25 09:56:54)
Entropy . . . . . : 5.4
SHA-256 . . . . . : 10FFDE37622D2B73D14CAC1A2619BE5E3B94ADD3EF7108BEE03917C9461FF95F
Product . . . . . : CallingID
Publisher . . . . : CallingID Ltd.
Version . . . . . : 2.0.0.255
Copyright . . . . : CallingID (c). All rights reserved.
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -15.0
C:\Program Files (x86)\Ask.com\cb_e292.ico (AskBar)
C:\Program Files (x86)\Ask.com\cobrand.ico (AskBar)
C:\Program Files (x86)\Ask.com\config.xml (AskBar)
C:\Program Files (x86)\Ask.com\favicon.ico (AskBar)
C:\Program Files (x86)\Ask.com\fv_d3d2.ico (AskBar)
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (AskBar)
Size . . . . . . . : 1.521.872 bytes
Age . . . . . . . : 46.9 days (2012-11-25 09:56:54)
Entropy . . . . . : 6.8
SHA-256 . . . . . : 302241BADAFD25343D468E5D417CDB485BA7A801ADE4704E5A06B19F0D15CFB4
Product . . . . . : Toolbar
Publisher . . . . : Ask
Description . . . : Avira SearchFree Toolbar
Version . . . . . : 5.15.11.30498
Copyright . . . . : (c) Ask. All rights reserved.
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -17.0
Startup
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\
HKU\S-1-5-21-3312566914-2936580668-3725363455-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKU\S-1-5-21-3312566914-2936580668-3725363455-1001\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{00000000-6E41-4FD3-8538-502F5495E5FC}
References
HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\
HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\
HKLM\SOFTWARE\Wow6432Node\Classes\GenericAskToolbar.ToolbarWnd.1\
HKLM\SOFTWARE\Wow6432Node\Classes\GenericAskToolbar.ToolbarWnd\
HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}\
HKU\S-1-5-21-3312566914-2936580668-3725363455-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}\
C:\Program Files (x86)\Ask.com\mupcfg.xml (AskBar)
C:\Program Files (x86)\Ask.com\precache.exe (AskBar)
Size . . . . . . . : 70.864 bytes
Age . . . . . . . : 46.9 days (2012-11-25 09:56:54)
Entropy . . . . . : 6.4
SHA-256 . . . . . : D9281B29A4AB1C3560062F4B26149712C1D99B21DF62CC5117BF47D546A32094
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -9.0
C:\Program Files (x86)\Ask.com\SaUpdate.exe (AskBar)
Size . . . . . . . : 197.840 bytes
Age . . . . . . . : 46.9 days (2012-11-25 09:56:54)
Entropy . . . . . : 6.6
SHA-256 . . . . . : F0620259BF5A5B4211CFDE599DAD34120A11D186D12E68DEC42FDB16D3D50B96
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -9.0
C:\Program Files (x86)\Ask.com\Updater\ (AskBar)
C:\Program Files (x86)\Ask.com\Updater\config.xml (AskBar)
C:\Program Files (x86)\Ask.com\Updater\Updater.exe (AskBar)
Size . . . . . . . : 1.573.584 bytes
Age . . . . . . . : 46.9 days (2012-11-25 09:56:54)
Entropy . . . . . : 6.1
SHA-256 . . . . . : 84F1FE06F8914D5218D44C9E222A0893CD752A8E23B2AF0649BD9DF81D2A57C9
Product . . . . . : Updater
Publisher . . . . : Ask
Description . . . : Ask Updater
Version . . . . . : 1.2.3.30498
Copyright . . . . : (c) Ask. All rights reserved.
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -19.0
C:\Program Files (x86)\Ask.com\UpdateTask.exe (AskBar)
Size . . . . . . . : 136.400 bytes
Age . . . . . . . : 46.9 days (2012-11-25 09:56:54)
Entropy . . . . . : 6.5
SHA-256 . . . . . : B873C97B5889E836627F99D9C42CFC49A30F6C53FAC549546951D65358EA733F
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -13.0
C:\Users\mhvn\AppData\LocalLow\AskToolbar\ (AskBar)
C:\Users\mhvn\AppData\LocalLow\AskToolbar\APNU\ (AskBar)
C:\Users\mhvn\AppData\LocalLow\AskToolbar\APNU\config.xml (AskBar)
C:\Users\mhvn\AppData\LocalLow\AskToolbar\APNU\extensions.sqlite (AskBar)
C:\Users\mhvn\AppData\LocalLow\AskToolbar\osearch.xml (AskBar)
C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ (AskBar)
C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\1031.MST (AskBar)
HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1\ (AskBar)
HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd\ (AskBar)
HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF\ (AskBar)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}\ (AskBar)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440} (AskBar)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ (AskBar)
HKU\S-1-5-21-3312566914-2936580668-3725363455-1001\Software\Ask.com\ (AskBar)
HKU\S-1-5-21-3312566914-2936580668-3725363455-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}\ (AskBar)
HKU\S-1-5-21-3312566914-2936580668-3725363455-1001\Software\Softonic\ (Softonic)
|
|
11.01.2013, 16:27
| #7 |
| /// Malware-holic | GVU Trojaner (Paysafe) ich wollte aber kein neues Log, oben steht ja, die bisher erstellten, lesen bitte. Also, poste bitte ältere Logs, falls vorhanden, von hitman. download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.01.2013, 22:36
| #8 |
| | GVU Trojaner (Paysafe) Ein altes Log (von davor) von Hitman liegt nicht vor, daher hatte ich einen Log von danach gepostet. Hier das Log von TDSSKiller: Code:
ATTFilter 22:20:19.0047 5400 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:20:21.0075 5400 ============================================================
22:20:21.0075 5400 Current date / time: 2013/01/11 22:20:21.0075
22:20:21.0075 5400 SystemInfo:
22:20:21.0075 5400
22:20:21.0075 5400 OS Version: 6.1.7601 ServicePack: 1.0
22:20:21.0075 5400 Product type: Workstation
22:20:21.0075 5400 ComputerName: ***
22:20:21.0075 5400 UserName: mhvn
22:20:21.0075 5400 Windows directory: C:\Windows
22:20:21.0075 5400 System windows directory: C:\Windows
22:20:21.0075 5400 Running under WOW64
22:20:21.0075 5400 Processor architecture: Intel x64
22:20:21.0075 5400 Number of processors: 4
22:20:21.0075 5400 Page size: 0x1000
22:20:21.0075 5400 Boot type: Normal boot
22:20:21.0075 5400 ============================================================
22:20:22.0151 5400 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:20:22.0167 5400 ============================================================
22:20:22.0167 5400 \Device\Harddisk0\DR0:
22:20:22.0167 5400 MBR partitions:
22:20:22.0167 5400 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x150A000, BlocksNum 0x32000
22:20:22.0167 5400 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x153C000, BlocksNum 0x38E49830
22:20:22.0167 5400 ============================================================
22:20:22.0198 5400 C: <-> \Device\Harddisk0\DR0\Partition2
22:20:22.0198 5400 ============================================================
22:20:22.0198 5400 Initialize success
22:20:22.0198 5400 ============================================================
22:21:21.0431 5496 ============================================================
22:21:21.0431 5496 Scan started
22:21:21.0431 5496 Mode: Manual; SigCheck; TDLFS;
22:21:21.0431 5496 ============================================================
22:21:22.0711 5496 ================ Scan system memory ========================
22:21:22.0711 5496 System memory - ok
22:21:22.0726 5496 ================ Scan services =============================
22:21:22.0945 5496 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:21:23.0147 5496 1394ohci - ok
22:21:23.0225 5496 [ 056FAAFF049CA7237194065423307189 ] acedrv05 C:\Windows\system32\drivers\acedrv05.sys
22:21:23.0288 5496 acedrv05 ( UnsignedFile.Multi.Generic ) - warning
22:21:23.0288 5496 acedrv05 - detected UnsignedFile.Multi.Generic (1)
22:21:23.0335 5496 [ CF43E9BAEBD41844856D14DBE9C07CD7 ] acedrv11 C:\Windows\system32\drivers\acedrv11.sys
22:21:23.0397 5496 acedrv11 - ok
22:21:23.0444 5496 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:21:23.0491 5496 ACPI - ok
22:21:23.0553 5496 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:21:23.0803 5496 AcpiPmi - ok
22:21:23.0990 5496 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:21:24.0021 5496 AdobeFlashPlayerUpdateSvc - ok
22:21:24.0083 5496 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
22:21:24.0146 5496 adp94xx - ok
22:21:24.0177 5496 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
22:21:24.0239 5496 adpahci - ok
22:21:24.0271 5496 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
22:21:24.0302 5496 adpu320 - ok
22:21:24.0333 5496 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:21:24.0536 5496 AeLookupSvc - ok
22:21:24.0583 5496 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
22:21:24.0723 5496 AFD - ok
22:21:24.0770 5496 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:21:24.0817 5496 agp440 - ok
22:21:24.0863 5496 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:21:25.0004 5496 ALG - ok
22:21:25.0051 5496 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
22:21:25.0082 5496 aliide - ok
22:21:25.0129 5496 [ 3F9B03B72577A6A7405BF30801CBD159 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
22:21:25.0222 5496 AMD External Events Utility - ok
22:21:25.0285 5496 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
22:21:25.0331 5496 amdide - ok
22:21:25.0394 5496 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
22:21:25.0519 5496 AmdK8 - ok
22:21:25.0706 5496 [ EA244A8B88DE8B5986BF3B7903B063AF ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
22:21:26.0158 5496 amdkmdag - ok
22:21:26.0221 5496 [ DCA6E341A4A7C31EA8A14C6166C9B249 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
22:21:26.0299 5496 amdkmdap - ok
22:21:26.0330 5496 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
22:21:26.0408 5496 AmdPPM - ok
22:21:26.0486 5496 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:21:26.0533 5496 amdsata - ok
22:21:26.0564 5496 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
22:21:26.0611 5496 amdsbs - ok
22:21:26.0611 5496 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:21:26.0657 5496 amdxata - ok
22:21:26.0860 5496 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
22:21:26.0876 5496 AntiVirSchedulerService - ok
22:21:26.0954 5496 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
22:21:26.0969 5496 AntiVirService - ok
22:21:27.0016 5496 [ 255527AB98293EA390352A8C53B0042A ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
22:21:27.0047 5496 AntiVirWebService - ok
22:21:27.0110 5496 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
22:21:27.0344 5496 AppID - ok
22:21:27.0391 5496 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:21:27.0500 5496 AppIDSvc - ok
22:21:27.0531 5496 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
22:21:27.0640 5496 Appinfo - ok
22:21:27.0749 5496 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:21:27.0781 5496 Apple Mobile Device - ok
22:21:27.0827 5496 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
22:21:27.0859 5496 arc - ok
22:21:27.0890 5496 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
22:21:27.0937 5496 arcsas - ok
22:21:27.0968 5496 [ C130BC4A51B1382B2BE8E44579EC4C0A ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
22:21:27.0983 5496 ArcSoftKsUFilter - ok
22:21:28.0015 5496 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:21:28.0124 5496 AsyncMac - ok
22:21:28.0171 5496 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
22:21:28.0202 5496 atapi - ok
22:21:28.0280 5496 [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr C:\Windows\system32\DRIVERS\athrx.sys
22:21:28.0467 5496 athr - ok
22:21:28.0670 5496 [ EA244A8B88DE8B5986BF3B7903B063AF ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
22:21:28.0873 5496 atikmdag - ok
22:21:28.0919 5496 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:21:29.0075 5496 AudioEndpointBuilder - ok
22:21:29.0107 5496 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:21:29.0216 5496 AudioSrv - ok
22:21:29.0263 5496 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
22:21:29.0309 5496 avgntflt - ok
22:21:29.0341 5496 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
22:21:29.0387 5496 avipbb - ok
22:21:29.0450 5496 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
22:21:29.0481 5496 avkmgr - ok
22:21:29.0528 5496 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:21:29.0653 5496 AxInstSV - ok
22:21:29.0699 5496 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
22:21:29.0793 5496 b06bdrv - ok
22:21:29.0855 5496 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:21:29.0933 5496 b57nd60a - ok
22:21:29.0996 5496 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:21:30.0089 5496 BDESVC - ok
22:21:30.0121 5496 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:21:30.0261 5496 Beep - ok
22:21:30.0323 5496 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
22:21:30.0448 5496 BFE - ok
22:21:30.0495 5496 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
22:21:30.0682 5496 BITS - ok
22:21:30.0760 5496 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:21:30.0791 5496 Bonjour Service - ok
22:21:30.0838 5496 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:21:30.0901 5496 bowser - ok
22:21:30.0932 5496 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
22:21:31.0025 5496 BrFiltLo - ok
22:21:31.0072 5496 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
22:21:31.0103 5496 BrFiltUp - ok
22:21:31.0150 5496 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
22:21:31.0213 5496 Browser - ok
22:21:31.0259 5496 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:21:31.0369 5496 Brserid - ok
22:21:31.0384 5496 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:21:31.0447 5496 BrSerWdm - ok
22:21:31.0509 5496 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:21:31.0571 5496 BrUsbMdm - ok
22:21:31.0603 5496 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:21:31.0665 5496 BrUsbSer - ok
22:21:31.0759 5496 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
22:21:31.0868 5496 BthEnum - ok
22:21:31.0915 5496 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
22:21:32.0008 5496 BTHMODEM - ok
22:21:32.0071 5496 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
22:21:32.0133 5496 BthPan - ok
22:21:32.0227 5496 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
22:21:32.0367 5496 BTHPORT - ok
22:21:32.0414 5496 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:21:32.0507 5496 bthserv - ok
22:21:32.0570 5496 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
22:21:32.0617 5496 BTHUSB - ok
22:21:32.0663 5496 [ 6E04458E98DAF28826482E41A7A62DF5 ] btusbflt C:\Windows\system32\drivers\btusbflt.sys
22:21:32.0695 5496 btusbflt - ok
22:21:32.0741 5496 [ 4BDBDB86ABBA924E029FB2683BE7C505 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
22:21:32.0773 5496 btwaudio - ok
22:21:32.0804 5496 [ 5C849BD7C78791C5CEE9F4651D7FE38D ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
22:21:32.0835 5496 btwavdt - ok
22:21:32.0944 5496 [ 31DA517946FFE416442E864592548F8A ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
22:21:33.0007 5496 btwdins - ok
22:21:33.0038 5496 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
22:21:33.0053 5496 btwl2cap - ok
22:21:33.0085 5496 [ 3E1991AFA851A36DC978B0A1B0535C8B ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
22:21:33.0116 5496 btwrchid - ok
22:21:33.0163 5496 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:21:33.0319 5496 cdfs - ok
22:21:33.0365 5496 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:21:33.0459 5496 cdrom - ok
22:21:33.0506 5496 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
22:21:33.0631 5496 CertPropSvc - ok
22:21:33.0709 5496 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
22:21:33.0755 5496 circlass - ok
22:21:33.0802 5496 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:21:33.0849 5496 CLFS - ok
22:21:33.0911 5496 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:21:33.0958 5496 clr_optimization_v2.0.50727_32 - ok
22:21:34.0021 5496 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:21:34.0052 5496 clr_optimization_v2.0.50727_64 - ok
22:21:34.0130 5496 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:21:34.0192 5496 clr_optimization_v4.0.30319_32 - ok
22:21:34.0270 5496 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:21:34.0286 5496 clr_optimization_v4.0.30319_64 - ok
22:21:34.0333 5496 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
22:21:34.0379 5496 CmBatt - ok
22:21:34.0426 5496 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:21:34.0457 5496 cmdide - ok
22:21:34.0504 5496 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
22:21:34.0598 5496 CNG - ok
22:21:34.0645 5496 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
22:21:34.0676 5496 Compbatt - ok
22:21:34.0707 5496 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
22:21:34.0754 5496 CompositeBus - ok
22:21:34.0769 5496 COMSysApp - ok
22:21:34.0785 5496 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
22:21:34.0832 5496 crcdisk - ok
22:21:34.0863 5496 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:21:34.0925 5496 CryptSvc - ok
22:21:34.0988 5496 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:21:35.0128 5496 DcomLaunch - ok
22:21:35.0159 5496 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:21:35.0331 5496 defragsvc - ok
22:21:35.0393 5496 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:21:35.0518 5496 DfsC - ok
22:21:35.0565 5496 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
22:21:35.0643 5496 Dhcp - ok
22:21:35.0659 5496 DIRECTIO - ok
22:21:35.0690 5496 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:21:35.0846 5496 discache - ok
22:21:35.0861 5496 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
22:21:35.0908 5496 Disk - ok
22:21:35.0939 5496 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:21:35.0986 5496 Dnscache - ok
22:21:36.0033 5496 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
22:21:36.0173 5496 dot3svc - ok
22:21:36.0236 5496 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
22:21:36.0329 5496 Dot4 - ok
22:21:36.0376 5496 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
22:21:36.0423 5496 Dot4Print - ok
22:21:36.0485 5496 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
22:21:36.0563 5496 dot4usb - ok
22:21:36.0610 5496 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
22:21:36.0735 5496 DPS - ok
22:21:36.0782 5496 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:21:36.0844 5496 drmkaud - ok
22:21:36.0907 5496 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:21:37.0000 5496 DXGKrnl - ok
22:21:37.0047 5496 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:21:37.0141 5496 EapHost - ok
22:21:37.0250 5496 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
22:21:37.0499 5496 ebdrv - ok
22:21:37.0531 5496 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
22:21:37.0577 5496 EFS - ok
22:21:37.0640 5496 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:21:37.0796 5496 ehRecvr - ok
22:21:37.0827 5496 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:21:37.0921 5496 ehSched - ok
22:21:37.0952 5496 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
22:21:38.0014 5496 elxstor - ok
22:21:38.0061 5496 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:21:38.0123 5496 ErrDev - ok
22:21:38.0170 5496 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:21:38.0295 5496 EventSystem - ok
22:21:38.0373 5496 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:21:38.0467 5496 exfat - ok
22:21:38.0498 5496 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:21:38.0607 5496 fastfat - ok
22:21:38.0654 5496 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
22:21:38.0747 5496 Fax - ok
22:21:38.0779 5496 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
22:21:38.0825 5496 fdc - ok
22:21:38.0857 5496 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:21:38.0966 5496 fdPHost - ok
22:21:38.0997 5496 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:21:39.0106 5496 FDResPub - ok
22:21:39.0137 5496 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:21:39.0169 5496 FileInfo - ok
22:21:39.0184 5496 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:21:39.0325 5496 Filetrace - ok
22:21:39.0434 5496 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:21:39.0527 5496 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
22:21:39.0527 5496 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
22:21:39.0559 5496 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
22:21:39.0605 5496 flpydisk - ok
22:21:39.0652 5496 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:21:39.0699 5496 FltMgr - ok
22:21:39.0824 5496 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
22:21:39.0933 5496 FontCache - ok
22:21:40.0011 5496 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:21:40.0058 5496 FontCache3.0.0.0 - ok
22:21:40.0089 5496 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:21:40.0136 5496 FsDepends - ok
22:21:40.0183 5496 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
22:21:40.0214 5496 fssfltr - ok
22:21:40.0401 5496 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
22:21:40.0697 5496 fsssvc - ok
22:21:40.0760 5496 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:21:40.0775 5496 Fs_Rec - ok
22:21:40.0838 5496 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:21:40.0885 5496 fvevol - ok
22:21:40.0916 5496 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
22:21:40.0978 5496 gagp30kx - ok
22:21:41.0041 5496 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:21:41.0072 5496 GEARAspiWDM - ok
22:21:41.0134 5496 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
22:21:41.0275 5496 gpsvc - ok
22:21:41.0353 5496 [ 626A24ED1228580B9518C01930936DF9 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:21:41.0384 5496 gupdate - ok
22:21:41.0431 5496 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:21:41.0446 5496 gupdatem - ok
22:21:41.0493 5496 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:21:41.0555 5496 hcw85cir - ok
22:21:41.0602 5496 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:21:41.0665 5496 HdAudAddService - ok
22:21:41.0696 5496 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
22:21:41.0758 5496 HDAudBus - ok
22:21:41.0836 5496 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
22:21:41.0867 5496 HECIx64 - ok
22:21:41.0899 5496 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
22:21:41.0961 5496 HidBatt - ok
22:21:41.0992 5496 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
22:21:42.0055 5496 HidBth - ok
22:21:42.0101 5496 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
22:21:42.0164 5496 HidIr - ok
22:21:42.0179 5496 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
22:21:42.0304 5496 hidserv - ok
22:21:42.0367 5496 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
22:21:42.0398 5496 HidUsb - ok
22:21:42.0460 5496 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:21:42.0554 5496 hkmsvc - ok
22:21:42.0601 5496 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:21:42.0663 5496 HomeGroupListener - ok
22:21:42.0725 5496 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:21:42.0772 5496 HomeGroupProvider - ok
22:21:42.0928 5496 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
22:21:42.0975 5496 hpqcxs08 - ok
22:21:43.0037 5496 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
22:21:43.0053 5496 hpqddsvc - ok
22:21:43.0084 5496 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:21:43.0115 5496 HpSAMD - ok
22:21:43.0225 5496 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
22:21:43.0303 5496 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
22:21:43.0303 5496 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
22:21:43.0349 5496 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:21:43.0521 5496 HTTP - ok
22:21:43.0599 5496 [ CDAA8E257BB625B2387219E605DDE37D ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
22:21:43.0693 5496 hwdatacard - ok
22:21:43.0724 5496 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:21:43.0755 5496 hwpolicy - ok
22:21:43.0833 5496 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:21:43.0864 5496 i8042prt - ok
22:21:43.0927 5496 [ 073A606333B6F7BBF20AA856DF7F0997 ] iaStor C:\Windows\system32\drivers\iaStor.sys
22:21:43.0973 5496 iaStor - ok
22:21:44.0036 5496 [ CC800D2D9FD467542BAC7C186C4774AD ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
22:21:44.0051 5496 IAStorDataMgrSvc - ok
22:21:44.0098 5496 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:21:44.0161 5496 iaStorV - ok
22:21:44.0223 5496 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:21:44.0363 5496 idsvc - ok
22:21:44.0613 5496 [ 31D1AFF484D8A0906CF8D44251EC390F ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
22:21:45.0003 5496 igfx ( UnsignedFile.Multi.Generic ) - warning
22:21:45.0003 5496 igfx - detected UnsignedFile.Multi.Generic (1)
22:21:45.0050 5496 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
22:21:45.0081 5496 iirsp - ok
22:21:45.0143 5496 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
22:21:45.0268 5496 IKEEXT - ok
22:21:45.0346 5496 [ 36FDF367A1DABFF903E2214023D71368 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
22:21:45.0377 5496 Impcd - ok
22:21:45.0487 5496 [ 0F144E5F46CB9043004B5E84AA4BCA6A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:21:45.0721 5496 IntcAzAudAddService - ok
22:21:45.0767 5496 [ 408B401CD7CDB075C7470B0FF7BA8D0B ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
22:21:45.0814 5496 IntcDAud ( UnsignedFile.Multi.Generic ) - warning
22:21:45.0814 5496 IntcDAud - detected UnsignedFile.Multi.Generic (1)
22:21:45.0845 5496 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
22:21:45.0892 5496 intelide - ok
22:21:45.0939 5496 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
22:21:45.0986 5496 intelppm - ok
22:21:46.0017 5496 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:21:46.0142 5496 IPBusEnum - ok
22:21:46.0189 5496 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:21:46.0298 5496 IpFilterDriver - ok
22:21:46.0329 5496 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:21:46.0423 5496 iphlpsvc - ok
22:21:46.0454 5496 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:21:46.0501 5496 IPMIDRV - ok
22:21:46.0547 5496 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:21:46.0672 5496 IPNAT - ok
22:21:46.0719 5496 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:21:46.0797 5496 iPod Service - ok
22:21:46.0828 5496 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:21:46.0969 5496 IRENUM - ok
22:21:47.0031 5496 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:21:47.0062 5496 isapnp - ok
22:21:47.0109 5496 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:21:47.0156 5496 iScsiPrt - ok
22:21:47.0171 5496 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
22:21:47.0203 5496 kbdclass - ok
22:21:47.0234 5496 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
22:21:47.0281 5496 kbdhid - ok
22:21:47.0312 5496 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
22:21:47.0327 5496 KeyIso - ok
22:21:47.0390 5496 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:21:47.0421 5496 KSecDD - ok
22:21:47.0452 5496 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:21:47.0499 5496 KSecPkg - ok
22:21:47.0530 5496 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:21:47.0639 5496 ksthunk - ok
22:21:47.0686 5496 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:21:47.0827 5496 KtmRm - ok
22:21:47.0873 5496 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
22:21:47.0983 5496 LanmanServer - ok
22:21:48.0029 5496 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:21:48.0123 5496 LanmanWorkstation - ok
22:21:48.0185 5496 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:21:48.0295 5496 lltdio - ok
22:21:48.0326 5496 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:21:48.0451 5496 lltdsvc - ok
22:21:48.0466 5496 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:21:48.0560 5496 lmhosts - ok
22:21:48.0622 5496 [ 5460828F8951D310B42B442877603B8D ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:21:48.0653 5496 LMS - ok
22:21:48.0685 5496 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
22:21:48.0716 5496 LSI_FC - ok
22:21:48.0731 5496 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
22:21:48.0778 5496 LSI_SAS - ok
22:21:48.0809 5496 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
22:21:48.0841 5496 LSI_SAS2 - ok
22:21:48.0872 5496 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
22:21:48.0919 5496 LSI_SCSI - ok
22:21:48.0934 5496 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:21:49.0075 5496 luafv - ok
22:21:49.0121 5496 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
22:21:49.0137 5496 MBAMProtector - ok
22:21:49.0215 5496 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
22:21:49.0246 5496 MBAMScheduler - ok
22:21:49.0277 5496 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:21:49.0309 5496 MBAMService - ok
22:21:49.0355 5496 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:21:49.0387 5496 Mcx2Svc - ok
22:21:49.0433 5496 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
22:21:49.0465 5496 megasas - ok
22:21:49.0511 5496 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
22:21:49.0558 5496 MegaSR - ok
22:21:49.0589 5496 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:21:49.0714 5496 MMCSS - ok
22:21:49.0730 5496 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:21:49.0855 5496 Modem - ok
22:21:49.0870 5496 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:21:49.0933 5496 monitor - ok
22:21:49.0979 5496 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
22:21:50.0026 5496 mouclass - ok
22:21:50.0057 5496 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\drivers\mouhid.sys
22:21:50.0089 5496 mouhid - ok
22:21:50.0135 5496 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:21:50.0167 5496 mountmgr - ok
22:21:50.0245 5496 [ 730A519505621DF46BCBF9CDAC9FB6AD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:21:50.0307 5496 MozillaMaintenance - ok
22:21:50.0354 5496 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
22:21:50.0401 5496 mpio - ok
22:21:50.0416 5496 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:21:50.0525 5496 mpsdrv - ok
22:21:50.0557 5496 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:21:50.0697 5496 MpsSvc - ok
22:21:50.0728 5496 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:21:50.0806 5496 MRxDAV - ok
22:21:50.0837 5496 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:21:50.0900 5496 mrxsmb - ok
22:21:50.0931 5496 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:21:50.0993 5496 mrxsmb10 - ok
22:21:51.0025 5496 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:21:51.0087 5496 mrxsmb20 - ok
22:21:51.0134 5496 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
22:21:51.0165 5496 msahci - ok
22:21:51.0196 5496 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:21:51.0227 5496 msdsm - ok
22:21:51.0259 5496 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:21:51.0305 5496 MSDTC - ok
22:21:51.0337 5496 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:21:51.0430 5496 Msfs - ok
22:21:51.0461 5496 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:21:51.0555 5496 mshidkmdf - ok
22:21:51.0586 5496 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:21:51.0617 5496 msisadrv - ok
22:21:51.0680 5496 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:21:51.0789 5496 MSiSCSI - ok
22:21:51.0805 5496 msiserver - ok
22:21:51.0836 5496 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:21:51.0961 5496 MSKSSRV - ok
22:21:51.0976 5496 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:21:52.0085 5496 MSPCLOCK - ok
22:21:52.0101 5496 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:21:52.0226 5496 MSPQM - ok
22:21:52.0273 5496 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:21:52.0319 5496 MsRPC - ok
22:21:52.0382 5496 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
22:21:52.0397 5496 mssmbios - ok
22:21:52.0429 5496 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:21:52.0538 5496 MSTEE - ok
22:21:52.0569 5496 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
22:21:52.0616 5496 MTConfig - ok
22:21:52.0647 5496 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:21:52.0678 5496 Mup - ok
22:21:52.0725 5496 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
22:21:52.0850 5496 napagent - ok
22:21:52.0912 5496 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:21:53.0006 5496 NativeWifiP - ok
22:21:53.0099 5496 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:21:53.0177 5496 NDIS - ok
22:21:53.0224 5496 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:21:53.0349 5496 NdisCap - ok
22:21:53.0365 5496 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:21:53.0474 5496 NdisTapi - ok
22:21:53.0505 5496 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:21:53.0614 5496 Ndisuio - ok
22:21:53.0645 5496 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:21:53.0770 5496 NdisWan - ok
22:21:53.0801 5496 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:21:53.0926 5496 NDProxy - ok
22:21:53.0989 5496 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
22:21:54.0020 5496 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:21:54.0020 5496 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:21:54.0082 5496 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:21:54.0191 5496 NetBIOS - ok
22:21:54.0238 5496 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:21:54.0363 5496 NetBT - ok
22:21:54.0394 5496 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
22:21:54.0425 5496 Netlogon - ok
22:21:54.0472 5496 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:21:54.0597 5496 Netman - ok
22:21:54.0628 5496 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:21:54.0769 5496 netprofm - ok
22:21:54.0800 5496 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:21:54.0847 5496 NetTcpPortSharing - ok
22:21:54.0878 5496 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
22:21:54.0909 5496 nfrd960 - ok
22:21:54.0925 5496 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:21:54.0987 5496 NlaSvc - ok
22:21:55.0018 5496 nmwcdcx64 - ok
22:21:55.0034 5496 nmwcdx64 - ok
22:21:55.0081 5496 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:21:55.0174 5496 Npfs - ok
22:21:55.0205 5496 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:21:55.0315 5496 nsi - ok
22:21:55.0361 5496 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:21:55.0471 5496 nsiproxy - ok
22:21:55.0549 5496 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:21:55.0736 5496 Ntfs - ok
22:21:55.0736 5496 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:21:55.0845 5496 Null - ok
22:21:55.0861 5496 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:21:55.0907 5496 nvraid - ok
22:21:55.0954 5496 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:21:56.0001 5496 nvstor - ok
22:21:56.0048 5496 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:21:56.0079 5496 nv_agp - ok
22:21:56.0095 5496 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:21:56.0157 5496 ohci1394 - ok
22:21:56.0204 5496 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:21:56.0266 5496 ose - ok
22:21:56.0313 5496 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:21:56.0391 5496 p2pimsvc - ok
22:21:56.0453 5496 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:21:56.0485 5496 p2psvc - ok
22:21:56.0516 5496 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
22:21:56.0547 5496 Parport - ok
22:21:56.0578 5496 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:21:56.0625 5496 partmgr - ok
22:21:56.0656 5496 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:21:56.0719 5496 PcaSvc - ok
22:21:56.0734 5496 pccsmcfd - ok
22:21:56.0765 5496 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
22:21:56.0797 5496 pci - ok
22:21:56.0859 5496 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
22:21:56.0890 5496 pciide - ok
22:21:56.0921 5496 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
22:21:56.0968 5496 pcmcia - ok
22:21:56.0999 5496 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:21:57.0031 5496 pcw - ok
22:21:57.0093 5496 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:21:57.0249 5496 PEAUTH - ok
22:21:57.0358 5496 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:21:57.0436 5496 PerfHost - ok
22:21:57.0530 5496 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
22:21:57.0733 5496 pla - ok
22:21:57.0795 5496 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:21:57.0857 5496 PlugPlay - ok
22:21:57.0951 5496 [ 627FA58ADC043704F9D14CA44340956F ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
22:21:58.0013 5496 PMBDeviceInfoProvider - ok
22:21:58.0091 5496 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
22:21:58.0123 5496 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:21:58.0123 5496 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:21:58.0138 5496 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:21:58.0185 5496 PNRPAutoReg - ok
22:21:58.0232 5496 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:21:58.0263 5496 PNRPsvc - ok
22:21:58.0325 5496 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:21:58.0450 5496 PolicyAgent - ok
22:21:58.0497 5496 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:21:58.0606 5496 Power - ok
22:21:58.0684 5496 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:21:58.0793 5496 PptpMiniport - ok
22:21:58.0825 5496 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
22:21:58.0871 5496 Processor - ok
22:21:58.0934 5496 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
22:21:58.0996 5496 ProfSvc - ok
22:21:59.0012 5496 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:21:59.0027 5496 ProtectedStorage - ok
22:21:59.0074 5496 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:21:59.0183 5496 Psched - ok
22:21:59.0230 5496 [ AED797CCA02783296C68AA10D0CFF8A9 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
22:21:59.0261 5496 PxHlpa64 - ok
22:21:59.0339 5496 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
22:21:59.0480 5496 ql2300 - ok
22:21:59.0542 5496 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
22:21:59.0589 5496 ql40xx - ok
22:21:59.0620 5496 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:21:59.0683 5496 QWAVE - ok
22:21:59.0698 5496 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:21:59.0745 5496 QWAVEdrv - ok
22:21:59.0776 5496 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:21:59.0885 5496 RasAcd - ok
22:21:59.0917 5496 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:22:00.0010 5496 RasAgileVpn - ok
22:22:00.0026 5496 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:22:00.0135 5496 RasAuto - ok
22:22:00.0166 5496 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:22:00.0291 5496 Rasl2tp - ok
22:22:00.0353 5496 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
22:22:00.0494 5496 RasMan - ok
22:22:00.0541 5496 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:22:00.0665 5496 RasPppoe - ok
22:22:00.0712 5496 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:22:00.0837 5496 RasSstp - ok
22:22:00.0884 5496 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:22:01.0024 5496 rdbss - ok
22:22:01.0040 5496 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
22:22:01.0102 5496 rdpbus - ok
22:22:01.0133 5496 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:22:01.0243 5496 RDPCDD - ok
22:22:01.0289 5496 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:22:01.0399 5496 RDPENCDD - ok
22:22:01.0430 5496 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:22:01.0523 5496 RDPREFMP - ok
22:22:01.0586 5496 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:22:01.0648 5496 RDPWD - ok
22:22:01.0695 5496 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:22:01.0742 5496 rdyboost - ok
22:22:01.0773 5496 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:22:01.0898 5496 RemoteAccess - ok
22:22:01.0929 5496 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:22:02.0069 5496 RemoteRegistry - ok
22:22:02.0101 5496 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
22:22:02.0179 5496 RFCOMM - ok
22:22:02.0225 5496 [ 5CA4ABD888B602551B59BAA26941C167 ] rimspci C:\Windows\system32\DRIVERS\rimssne64.sys
22:22:02.0272 5496 rimspci - ok
22:22:02.0319 5496 [ BB6E138AEB351728959DA5E2731D8140 ] risdsnpe C:\Windows\system32\DRIVERS\risdsne64.sys
22:22:02.0397 5496 risdsnpe - ok
22:22:02.0428 5496 [ D151224BC11078895A60FA970728FF59 ] Roxio UPnP Renderer 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
22:22:02.0522 5496 Roxio UPnP Renderer 10 - ok
22:22:02.0537 5496 [ 5022A927944878BD750960BD21E751AF ] Roxio Upnp Server 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
22:22:02.0600 5496 Roxio Upnp Server 10 - ok
22:22:02.0631 5496 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:22:02.0725 5496 RpcEptMapper - ok
22:22:02.0740 5496 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:22:02.0771 5496 RpcLocator - ok
22:22:02.0803 5496 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
22:22:02.0896 5496 RpcSs - ok
22:22:02.0927 5496 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:22:03.0021 5496 rspndr - ok
22:22:03.0052 5496 [ 4E821C740A675F6D040BE41D59A62B1D ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
22:22:03.0099 5496 RTHDMIAzAudService - ok
22:22:03.0146 5496 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
22:22:03.0161 5496 SamSs - ok
22:22:03.0193 5496 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:22:03.0239 5496 sbp2port - ok
22:22:03.0317 5496 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
22:22:03.0380 5496 SBSDWSCService - ok
22:22:03.0411 5496 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:22:03.0520 5496 SCardSvr - ok
22:22:03.0551 5496 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:22:03.0661 5496 scfilter - ok
22:22:03.0739 5496 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
22:22:03.0879 5496 Schedule - ok
22:22:03.0910 5496 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:22:04.0004 5496 SCPolicySvc - ok
22:22:04.0019 5496 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
22:22:04.0097 5496 sdbus - ok
22:22:04.0144 5496 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:22:04.0222 5496 SDRSVC - ok
22:22:04.0269 5496 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:22:04.0394 5496 secdrv - ok
22:22:04.0441 5496 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
22:22:04.0550 5496 seclogon - ok
22:22:04.0581 5496 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
22:22:04.0690 5496 SENS - ok
22:22:04.0721 5496 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:22:04.0768 5496 SensrSvc - ok
22:22:04.0815 5496 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
22:22:04.0846 5496 Serenum - ok
22:22:04.0893 5496 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
22:22:04.0955 5496 Serial - ok
22:22:05.0018 5496 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
22:22:05.0080 5496 sermouse - ok
22:22:05.0127 5496 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
22:22:05.0252 5496 SessionEnv - ok
22:22:05.0283 5496 [ 70F9C476B62DE4F2823E918A6C181ADE ] SFEP C:\Windows\system32\drivers\SFEP.sys
22:22:05.0345 5496 SFEP - ok
22:22:05.0377 5496 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:22:05.0439 5496 sffdisk - ok
22:22:05.0455 5496 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:22:05.0533 5496 sffp_mmc - ok
22:22:05.0533 5496 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:22:05.0595 5496 sffp_sd - ok
22:22:05.0626 5496 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:22:05.0673 5496 sfloppy - ok
22:22:05.0704 5496 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:22:05.0845 5496 SharedAccess - ok
22:22:05.0876 5496 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:22:05.0985 5496 ShellHWDetection - ok
22:22:06.0032 5496 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
22:22:06.0063 5496 SiSRaid2 - ok
22:22:06.0079 5496 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
22:22:06.0125 5496 SiSRaid4 - ok
22:22:06.0172 5496 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
22:22:06.0328 5496 SkypeUpdate - ok
22:22:06.0359 5496 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:22:06.0469 5496 Smb - ok
22:22:06.0515 5496 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:22:06.0578 5496 SNMPTRAP - ok
22:22:06.0656 5496 [ 98886C88A1CB13D61672AE2C638B7E1C ] SOHCImp C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
22:22:06.0703 5496 SOHCImp - ok
22:22:06.0765 5496 [ 442A13F395546F4564C377296D43B564 ] SOHDBSvr C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
22:22:06.0812 5496 SOHDBSvr - ok
22:22:06.0843 5496 [ 556681BE668D71DC162391A45422B52C ] SOHDms C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
22:22:06.0905 5496 SOHDms - ok
22:22:06.0952 5496 [ 72B46103E4111439109ACF5882627C24 ] SOHDs C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
22:22:07.0015 5496 SOHDs - ok
22:22:07.0061 5496 [ 725B6E9CD1959271AC993DC035E1606D ] SOHPlMgr C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
22:22:07.0124 5496 SOHPlMgr - ok
22:22:07.0155 5496 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:22:07.0202 5496 spldr - ok
22:22:07.0311 5496 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
22:22:07.0389 5496 Spooler - ok
22:22:07.0514 5496 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
22:22:07.0795 5496 sppsvc - ok
22:22:07.0826 5496 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:22:07.0951 5496 sppuinotify - ok
22:22:07.0997 5496 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
22:22:08.0091 5496 srv - ok
22:22:08.0107 5496 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:22:08.0185 5496 srv2 - ok
22:22:08.0200 5496 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:22:08.0263 5496 srvnet - ok
22:22:08.0325 5496 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:22:08.0434 5496 SSDPSRV - ok
22:22:08.0497 5496 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:22:08.0606 5496 SstpSvc - ok
22:22:08.0653 5496 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
22:22:08.0684 5496 stexstor - ok
22:22:08.0762 5496 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
22:22:08.0824 5496 StillCam - ok
22:22:08.0871 5496 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
22:22:08.0949 5496 stisvc - ok
22:22:08.0980 5496 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
22:22:09.0011 5496 swenum - ok
22:22:09.0043 5496 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:22:09.0199 5496 swprv - ok
22:22:09.0261 5496 [ 2F827BB08CC7F1A17DF2EAD7B424D731 ] SynTP C:\Windows\system32\drivers\SynTP.sys
22:22:09.0308 5496 SynTP - ok
22:22:09.0386 5496 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
22:22:09.0557 5496 SysMain - ok
22:22:09.0589 5496 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:22:09.0651 5496 TabletInputService - ok
22:22:09.0667 5496 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:22:09.0776 5496 TapiSrv - ok
22:22:09.0823 5496 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:22:09.0932 5496 TBS - ok
22:22:10.0010 5496 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:22:10.0228 5496 Tcpip - ok
22:22:10.0291 5496 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:22:10.0400 5496 TCPIP6 - ok
22:22:10.0431 5496 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:22:10.0493 5496 tcpipreg - ok
22:22:10.0525 5496 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:22:10.0571 5496 TDPIPE - ok
22:22:10.0603 5496 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:22:10.0649 5496 TDTCP - ok
22:22:10.0696 5496 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:22:10.0821 5496 tdx - ok
22:22:10.0837 5496 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
22:22:10.0868 5496 TermDD - ok
22:22:10.0915 5496 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
22:22:11.0039 5496 TermService - ok
22:22:11.0086 5496 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:22:11.0133 5496 Themes - ok
22:22:11.0195 5496 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:22:11.0289 5496 THREADORDER - ok
22:22:11.0305 5496 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:22:11.0429 5496 TrkWks - ok
22:22:11.0539 5496 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:22:11.0663 5496 TrustedInstaller - ok
22:22:11.0710 5496 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:22:11.0788 5496 tssecsrv - ok
22:22:11.0819 5496 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:22:11.0866 5496 TsUsbFlt - ok
22:22:11.0913 5496 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:22:12.0022 5496 tunnel - ok
22:22:12.0085 5496 [ 1A006963644C7FDE5BE60036F3A43E68 ] TVICHW64 C:\Windows\system32\DRIVERS\TVICHW64.SYS
22:22:12.0116 5496 TVICHW64 - ok
22:22:12.0147 5496 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
22:22:12.0178 5496 uagp35 - ok
22:22:12.0209 5496 [ 63F6D08C54D5B3C1B12A6172032055C7 ] uCamMonitor C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
22:22:12.0241 5496 uCamMonitor - ok
22:22:12.0287 5496 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:22:12.0412 5496 udfs - ok
22:22:12.0443 5496 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:22:12.0506 5496 UI0Detect - ok
22:22:12.0553 5496 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:22:12.0584 5496 uliagpkx - ok
22:22:12.0599 5496 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
22:22:12.0662 5496 umbus - ok
22:22:12.0693 5496 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
22:22:12.0755 5496 UmPass - ok
22:22:12.0896 5496 [ 9E89C2D6945389270DE067CE51FF7425 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:22:13.0052 5496 UNS - ok
22:22:13.0099 5496 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:22:13.0223 5496 upnphost - ok
22:22:13.0270 5496 upperdev - ok
22:22:13.0317 5496 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
22:22:13.0411 5496 USBAAPL64 - ok
22:22:13.0457 5496 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
22:22:13.0520 5496 usbaudio - ok
22:22:13.0567 5496 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:22:13.0660 5496 usbccgp - ok
22:22:13.0660 5496 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:22:13.0723 5496 usbcir - ok
22:22:13.0738 5496 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
22:22:13.0801 5496 usbehci - ok
22:22:13.0832 5496 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:22:13.0910 5496 usbhub - ok
22:22:13.0925 5496 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:22:13.0972 5496 usbohci - ok
22:22:14.0003 5496 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:22:14.0050 5496 usbprint - ok
22:22:14.0081 5496 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:22:14.0128 5496 usbscan - ok
22:22:14.0159 5496 [ 0F0C72A657C622286013788B886968AD ] usbser C:\Windows\system32\drivers\usbser.sys
22:22:14.0222 5496 usbser - ok
22:22:14.0237 5496 UsbserFilt - ok
22:22:14.0269 5496 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:22:14.0347 5496 USBSTOR - ok
22:22:14.0362 5496 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:22:14.0425 5496 usbuhci - ok
22:22:14.0518 5496 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
22:22:14.0596 5496 usbvideo - ok
22:22:14.0643 5496 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:22:14.0737 5496 UxSms - ok
22:22:14.0799 5496 [ 4E7135D6D0127067E4CFEE12259F895D ] VAIO Entertainment TV Device Arbitration Service C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
22:22:14.0861 5496 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - warning
22:22:14.0861 5496 VAIO Entertainment TV Device Arbitration Service - detected UnsignedFile.Multi.Generic (1)
22:22:14.0924 5496 [ 6B31C9CB94927DBEEB62E15275F4CC54 ] VAIO Event Service C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
22:22:14.0939 5496 VAIO Event Service - ok
22:22:15.0049 5496 [ B8C9A7010AFD5CBBE194CB9EF7C4FD14 ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
22:22:15.0095 5496 VAIO Power Management - ok
22:22:15.0111 5496 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
22:22:15.0142 5496 VaultSvc - ok
22:22:15.0236 5496 [ 6A740F5FF3246C3BE3DD317299EFC88E ] VCFw C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
22:22:15.0267 5496 VCFw - ok
22:22:15.0329 5496 [ FD03AC6CD1571AA8B2FF56D3C600E26E ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
22:22:15.0423 5496 VcmIAlzMgr - ok
22:22:15.0485 5496 [ 7A88CFD3FE99F2C9B95A6E2A08B96E14 ] VcmINSMgr C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
22:22:15.0517 5496 VcmINSMgr - ok
22:22:15.0563 5496 [ 8EFAACCC7BFA1E9031EFDFB01A1B0D69 ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
22:22:15.0595 5496 VcmXmlIfHelper - ok
22:22:15.0673 5496 [ D347D3ABE070AA09C22FC37121555D52 ] VCService C:\Program Files\Sony\VAIO Care\VCService.exe
22:22:15.0688 5496 VCService - ok
22:22:15.0735 5496 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:22:15.0766 5496 vdrvroot - ok
22:22:15.0813 5496 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
22:22:15.0953 5496 vds - ok
22:22:15.0985 5496 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:22:16.0031 5496 vga - ok
22:22:16.0047 5496 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:22:16.0156 5496 VgaSave - ok
22:22:16.0187 5496 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:22:16.0234 5496 vhdmp - ok
22:22:16.0265 5496 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
22:22:16.0297 5496 viaide - ok
22:22:16.0328 5496 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:22:16.0375 5496 volmgr - ok
22:22:16.0406 5496 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:22:16.0468 5496 volmgrx - ok
22:22:16.0484 5496 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:22:16.0546 5496 volsnap - ok
22:22:16.0577 5496 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
22:22:16.0609 5496 vsmraid - ok
22:22:16.0671 5496 [ 047F22BDFDAE6DF6F1E47E747A1237A2 ] VSNService C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
22:22:16.0749 5496 VSNService ( UnsignedFile.Multi.Generic ) - warning
22:22:16.0749 5496 VSNService - detected UnsignedFile.Multi.Generic (1)
22:22:16.0827 5496 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
22:22:17.0045 5496 VSS - ok
22:22:17.0170 5496 [ FB4A1695D2D74F9C92CA5E84795CDBE1 ] VUAgent C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
22:22:17.0248 5496 VUAgent - ok
22:22:17.0279 5496 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:22:17.0342 5496 vwifibus - ok
22:22:17.0373 5496 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:22:17.0435 5496 vwififlt - ok
22:22:17.0482 5496 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
22:22:17.0529 5496 vwifimp - ok
22:22:17.0591 5496 [ D8BEF4AC1EAC809DBDBD441D6CFF6C4C ] VzCdbSvc C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
22:22:17.0607 5496 VzCdbSvc ( UnsignedFile.Multi.Generic ) - warning
22:22:17.0607 5496 VzCdbSvc - detected UnsignedFile.Multi.Generic (1)
22:22:17.0638 5496 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:22:17.0747 5496 W32Time - ok
22:22:17.0794 5496 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
22:22:17.0841 5496 WacomPen - ok
22:22:17.0888 5496 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:22:18.0013 5496 WANARP - ok
22:22:18.0013 5496 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:22:18.0106 5496 Wanarpv6 - ok
22:22:18.0262 5496 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:22:18.0418 5496 WatAdminSvc - ok
22:22:18.0527 5496 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
22:22:18.0683 5496 wbengine - ok
22:22:18.0715 5496 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:22:18.0761 5496 WbioSrvc - ok
22:22:18.0808 5496 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:22:18.0871 5496 wcncsvc - ok
22:22:18.0886 5496 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:22:18.0933 5496 WcsPlugInService - ok
22:22:18.0980 5496 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
22:22:19.0011 5496 Wd - ok
22:22:19.0073 5496 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:22:19.0183 5496 Wdf01000 - ok
22:22:19.0214 5496 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:22:19.0463 5496 WdiServiceHost - ok
22:22:19.0479 5496 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:22:19.0510 5496 WdiSystemHost - ok
22:22:19.0573 5496 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
22:22:19.0666 5496 WebClient - ok
22:22:19.0697 5496 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:22:19.0838 5496 Wecsvc - ok
22:22:19.0853 5496 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:22:19.0947 5496 wercplsupport - ok
22:22:19.0963 5496 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:22:20.0087 5496 WerSvc - ok
22:22:20.0119 5496 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:22:20.0212 5496 WfpLwf - ok
22:22:20.0228 5496 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:22:20.0275 5496 WIMMount - ok
22:22:20.0290 5496 WinDefend - ok
22:22:20.0290 5496 WinHttpAutoProxySvc - ok
22:22:20.0384 5496 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:22:20.0493 5496 Winmgmt - ok
22:22:20.0618 5496 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
22:22:20.0836 5496 WinRM - ok
22:22:20.0899 5496 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:22:20.0977 5496 WinUsb - ok
22:22:21.0039 5496 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:22:21.0148 5496 Wlansvc - ok
22:22:21.0273 5496 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:22:21.0413 5496 wlidsvc - ok
22:22:21.0460 5496 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:22:21.0507 5496 WmiAcpi - ok
22:22:21.0554 5496 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:22:21.0616 5496 wmiApSrv - ok
22:22:21.0663 5496 WMPNetworkSvc - ok
22:22:21.0710 5496 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:22:21.0757 5496 WPCSvc - ok
22:22:21.0788 5496 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:22:21.0850 5496 WPDBusEnum - ok
22:22:21.0866 5496 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:22:21.0975 5496 ws2ifsl - ok
22:22:21.0991 5496 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
22:22:22.0053 5496 wscsvc - ok
22:22:22.0100 5496 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
22:22:22.0147 5496 WSDPrintDevice - ok
22:22:22.0162 5496 WSearch - ok
22:22:22.0256 5496 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:22:22.0412 5496 wuauserv - ok
22:22:22.0459 5496 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:22:22.0537 5496 WudfPf - ok
22:22:22.0552 5496 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:22:22.0583 5496 WUDFRd - ok
22:22:22.0615 5496 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:22:22.0646 5496 wudfsvc - ok
22:22:22.0677 5496 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:22:22.0755 5496 WwanSvc - ok
22:22:22.0817 5496 [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
22:22:22.0880 5496 yukonw7 - ok
22:22:22.0911 5496 ================ Scan global ===============================
22:22:22.0942 5496 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:22:22.0989 5496 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
22:22:23.0005 5496 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
22:22:23.0036 5496 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:22:23.0051 5496 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:22:23.0067 5496 [Global] - ok
22:22:23.0067 5496 ================ Scan MBR ==================================
22:22:23.0083 5496 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:22:23.0708 5496 \Device\Harddisk0\DR0 - ok
22:22:23.0708 5496 ================ Scan VBR ==================================
22:22:23.0739 5496 [ 66442B79E7865476874185444D62C789 ] \Device\Harddisk0\DR0\Partition1
22:22:23.0754 5496 \Device\Harddisk0\DR0\Partition1 - ok
22:22:23.0754 5496 [ 2B9CB9C7B5B6176D292F416A3B2E40EE ] \Device\Harddisk0\DR0\Partition2
22:22:23.0770 5496 \Device\Harddisk0\DR0\Partition2 - ok
22:22:23.0770 5496 ============================================================
22:22:23.0770 5496 Scan finished
22:22:23.0770 5496 ============================================================
22:22:23.0786 0240 Detected object count: 10
22:22:23.0786 0240 Actual detected object count: 10
22:24:13.0114 0240 acedrv05 ( UnsignedFile.Multi.Generic ) - skipped by user
22:24:13.0114 0240 acedrv05 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:24:13.0114 0240 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:24:13.0114 0240 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:24:13.0114 0240 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
22:24:13.0114 0240 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:24:13.0129 0240 igfx ( UnsignedFile.Multi.Generic ) - skipped by user
22:24:13.0129 0240 igfx ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:24:13.0129 0240 IntcDAud ( UnsignedFile.Multi.Generic ) - skipped by user
22:24:13.0129 0240 IntcDAud ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:24:13.0129 0240 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:24:13.0129 0240 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:24:13.0129 0240 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:24:13.0129 0240 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:24:13.0129 0240 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:24:13.0129 0240 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:24:13.0129 0240 VSNService ( UnsignedFile.Multi.Generic ) - skipped by user
22:24:13.0129 0240 VSNService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:24:13.0145 0240 VzCdbSvc ( UnsignedFile.Multi.Generic ) - skipped by user
22:24:13.0145 0240 VzCdbSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
13.01.2013, 18:37
| #9 | |
| /// Malware-holic | GVU Trojaner (Paysafe) combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.01.2013, 19:14
| #10 |
| | GVU Trojaner (Paysafe) Hallo, auch hierfür mal wieder besten Dank. Konnte Avira Antivir nicht aus dem Task Manager löschen und schließen, habe es aber auf "Disable" gestellt. Hat hoffentlich funktioniert... Hier das Log: Code:
ATTFilter ComboFix 13-01-13.01 - mhvn 13.01.2013 18:53:28.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3950.1902 [GMT 1:00]
ausgeführt von:: c:\users\mhvn\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ras_0oed.pad
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-13 bis 2013-01-13 ))))))))))))))))))))))))))))))
.
.
2013-01-13 18:03 . 2013-01-13 18:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-11 21:32 . 2013-01-11 21:32 -------- d-----w- C:\tdsskiller
2013-01-09 22:31 . 2013-01-09 22:31 -------- d-----w- c:\users\mhvn\AppData\Roaming\Malwarebytes
2013-01-09 22:31 . 2013-01-09 22:31 -------- d-----w- c:\programdata\Malwarebytes
2013-01-09 22:31 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-09 22:31 . 2013-01-09 22:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-09 22:26 . 2013-01-09 22:26 -------- d-----w- c:\program files (x86)\ESET
2013-01-09 21:46 . 2013-01-09 21:21 9650656 ----a-w- C:\hitmanpro_x64.exe
2013-01-09 21:25 . 2013-01-11 06:50 -------- d-----w- c:\programdata\HitmanPro
2013-01-09 21:24 . 2013-01-09 21:25 -------- d-----w- C:\Stick
2013-01-09 06:51 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-04 20:57 . 2013-01-04 20:57 -------- d-----w- c:\users\mhvn\AppData\Roaming\TuneUp Software
2013-01-04 20:56 . 2013-01-04 20:57 -------- d-----w- c:\programdata\TuneUp Software
2013-01-04 20:55 . 2013-01-04 21:04 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-01-04 20:55 . 2013-01-04 20:55 -------- d--h--w- c:\programdata\Common Files
2012-12-21 07:40 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 07:40 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 07:40 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 07:40 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 07:07 . 2010-05-30 23:46 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-08 20:57 . 2012-07-01 13:13 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-08 20:57 . 2012-01-03 11:58 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-13 20:29 . 2012-11-24 17:45 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-12-13 20:29 . 2012-11-24 17:45 99912 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-11-30 04:45 . 2013-01-09 06:51 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-17 22:05 . 2012-11-17 22:05 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-17 22:05 . 2012-06-07 14:04 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-11-17 22:05 . 2010-07-01 04:53 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-11-14 07:06 . 2012-12-13 22:07 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-13 22:07 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-13 22:08 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-13 22:08 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-13 22:08 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-13 22:08 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-13 22:08 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-13 22:08 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-13 22:08 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-13 22:08 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-13 22:08 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-13 22:08 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-13 22:08 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-13 22:08 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-13 22:08 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-13 22:08 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-13 22:08 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-13 22:08 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 22:08 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-13 22:08 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 22:08 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-13 22:08 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-13 19:15 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-13 19:15 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-08 17:24 . 2012-11-23 17:07 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{22DE01DA-6B89-473C-8E23-6387A5BC0625}\mpengine.dll
2012-11-02 05:59 . 2012-12-13 19:15 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-13 19:15 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-10-16 08:38 . 2012-11-28 17:35 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 17:35 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 17:35 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 284696]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-01-21 597792]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2010-06-17 370176]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-20 102400]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2012-10-25 162408]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-13 384800]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-12-01 21:03 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe"
"MarketingTools"=c:\program files (x86)\Sony\Marketing Tools\MarketingTools.exe
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-31 362992]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-11-18 52264]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-11-18 35104]
R3 DIRECTIO;DIRECTIO;f:\burnintest\DirectIo.sys [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-11-13 151936]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-12-16 244736]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-31 313840]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-10-15 120104]
R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-10-15 70952]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-10-15 427304]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-10-15 75048]
R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-10-15 91432]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TVICHW64;TVICHW64;c:\windows\system32\DRIVERS\TVICHW64.SYS [2010-12-18 21200]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-09-16 480624]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-02-19 115568]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-20 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-05-20 55280]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-06-24 376400]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-08 202752]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-13 85280]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 13336]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimssne64.sys [2009-11-06 93696]
S2 risdsnpe;risdsnpe;c:\windows\system32\DRIVERS\risdsne64.sys [2009-09-15 75776]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-14 2320920]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-09-14 642416]
S2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-02-19 386416]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-08-11 845312]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-12-14 56344]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-08-19 11392]
S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-11-30 571248]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe [2012-10-26 1286784]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-11-12 395264]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-01 20:57]
.
2013-01-13 c:\windows\Tasks\DMEPeriodicTask.job
- c:\program files (x86)\HP\Digital Imaging\bin\warrantyextension\HPPromo.exe [2009-06-16 06:17]
.
2013-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 08:03]
.
2013-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 08:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-16 9636896]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-04-10 979344]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to &Evernote - c:\program files (x86)\Evernote\Evernote3.5\enbar.dll/2000
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki...
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} - hxxp://192.168.2.110/codebase/DVM_IPCam2.ocx
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\mhvn\AppData\Roaming\Mozilla\Firefox\Profiles\6469u65k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=8da3f1a1-07c1-495b-91dc-cc54b95ef181&apn_ptnrs=%5EAGS&apn_sauid=3EF5C33D-81F1-4A74-9F47-5A1EEB536A57&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=
FF - ExtSQL: !HIDDEN! 2010-07-21 00:07; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files (x86)\Ask.com\Updater\Updater.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-13 19:09:26
ComboFix-quarantined-files.txt 2013-01-13 18:09
.
Vor Suchlauf: 18 Verzeichnis(se), 394.779.140.096 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 393.778.749.440 Bytes frei
.
- - End Of File - - A618D790397E37A836EC35C59C70AA41
|
|
13.01.2013, 21:15
| #11 |
| /// Malware-holic | GVU Trojaner (Paysafe) lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.01.2013, 23:38
| #12 |
| | GVU Trojaner (Paysafe) Bitte schön: Code:
ATTFilter 7-Zip 9.14 beta 18.06.2010, notwendig Adobe AIR Adobe Systems Incorporated 16.10.2012 3.4.0.2710, unbekannt Adobe Dreamweaver CS3 Adobe Systems Incorporated 27.05.2010 861MB 9.0, notwendig Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 08.01.2013 6,00MB 11.5.502.146, notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 08.01.2013 6,00MB 11.5.502.146, notwendig Adobe Photoshop CS3 Adobe Systems Incorporated 27.05.2010 1,10GB 10.0, notwendig Adobe Reader 9.5.3 - Deutsch Adobe Systems Incorporated 13.01.2013 119MB 9.5.3, notwendig Apple Application Support Apple Inc. 03.08.2012 61,0MB 2.1.9, unnötig Apple Mobile Device Support Apple Inc. 03.08.2012 24,9MB 5.2.0.6, unnötig Apple Software Update Apple Inc. 03.08.2012 2,38MB 2.1.3.127, unnötig ArcSoft Magic-i Visual Effects 2 ArcSoft 26.05.2010 2.0.1.85, unbekannt ArcSoft WebCam Companion 3 ArcSoft 26.05.2010 3.0.21.278, unbekannt ATI Catalyst Install Manager ATI Technologies, Inc. 18.12.2010 22,2MB 3.0.769.0, notwendig Avery Wizard 3.1 Avery 30.09.2010 13,5MB 3.1.8, notwendig Avira Free Antivirus Avira 13.12.2012 128MB 13.0.0.2890, notwendig CCleaner Piriform 22.08.2012 3.22, notwendig Compatibility Pack für 2007 Office System Microsoft Corporation 09.01.2013 226MB 12.0.6612.1000, notwendig CutePDF Writer 2.8 28.05.2010, , notwendig DATA BECKER CD-Druckerei 6 24.06.2010 6.00.000, , notwendig DesignPro 5 Avery Dennison 30.09.2010 18,1MB 5.5.708, , notwendig Einstellungen für VAIO-Inhaltsüberwachung Sony Corporation 23.02.2010. , notwendig ElsterFormular-Upgrade Landesfinanzdirektion Thüringen 04.08.2012 13.3.0.9066, notwendig Eraser 6.0.7.1893 The Eraser Project 19.06.2010 2,32MB 6.7.1893, notwendig Evernote Evernote Corp. 23.02.2010 53,1MB 3.5.0.545, unbekannt Facebook Plug-In Facebook, Inc. 15.06.2010, unnötig Free WMA to MP3 Converter 1.16 Jodix Technologies Ltd. 18.09.2011, unnötig FreePDF (Remove only) 30.11.2010, notwendig Google Earth Google 25.11.2011 92,7MB 6.1.0.5001, unnötig GPL Ghostscript 8.71 28.05.2010, unbekannt HP Customer Participation Program 14.0 HP 28.08.2011 14.0, notwendig HP Imaging Device Functions 14.0 HP 28.08.2011 14.0, notwendig HP Photosmart C4600 All-In-One Driver Software 14.0 Rel. 5 HP 28.08.2011 14.0, notwendig HP Photosmart Plus B209a-m All-in-One Driver Software 14.0 Rel. 6 HP 03.01.2012 14.0, notwendig HP Print Projects 1.0 HP 07.07.2010 1.0, notwendig HP Product Detection HP 07.05.2012 1,86MB 11.14.0001, notwendig HP Smart Web Printing 4.60 HP 20.07.2010 4.60, notwendig HP Solution Center 14.0 HP 03.01.2012 14.0, notwendig HP Update Hewlett-Packard 27.12.2011 3,98MB 5.003.001.001, notwendig Intel(R) Control Center Intel Corporation 23.02.2010 1.2.1.1007, unbekannt Intel(R) Management Engine Components Intel Corporation 23.02.2010 6.0.0.1179, unbekannt Intel(R) Rapid Storage Technology Intel Corporation 23.02.2010 9.5.4.1001, unbekannt Intel(R) Turbo Boost Technology Driver Intel Corporation 23.02.2010 01.00.01.1002, unbekannt IP Camera 17.08.2010, unbekannt, notwendig IrfanView (remove only) Irfan Skiljan 28.05.2010 1,50MB 4.27, notwendig iTunes Apple Inc. 03.08.2012 184MB 10.6.3.25, unwichtig Japanese Fonts Support For Adobe Reader 9 Adobe Systems Incorporated 18.07.2010 16,4MB 9.0.0, unwichtig Java 2 Runtime Environment Standard Edition 1.3.1_20 20.06.2010, unbekannt Java 7 Update 9 Oracle 17.11.2012 128MB 7.0.90, unbekannt Java(TM) 6 Update 16 (64-bit) Sun Microsystems, Inc. 23.02.2010 90,8MB 6.0.160, unbekannt Java(TM) 6 Update 32 Oracle 07.06.2012 95,7MB 6.0.320, unbekannt Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 09.01.2013 18,4MB 1.70.0.1100, unnötig? Media Gallery Sony Corporation 23.02.2010 1.1.1.11200, unbekannt Microsoft .NET Framework 4 Client Profile Microsoft Corporation 19.12.2010 38,8MB 4.0.30319, unbkannt Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 19.12.2010 2,93MB 4.0.30319, unbekannt Microsoft Office File Validation Add-In Microsoft Corporation 18.09.2011 7,95MB 14.0.5130.5003, unbekannt Microsoft Office Live Add-in 1.5 Microsoft Corporation 16.07.2012 508KB 2.0.4024.1, unbekannt Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 09.01.2013 29,8MB 12.0.6612.1000, unbekannt Microsoft Office Small Business Edition 2003 Microsoft Corporation 09.01.2013 1,09GB 11.0.8173.0, unbekannt Microsoft Office Suite Activation Assistant Microsoft Corporation 23.02.2010 8,36MB 2.9, unbekannt Microsoft Silverlight Microsoft Corporation 27.06.2012 40,3MB 4.1.10329.0, unbekannt Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 23.02.2010 1,72MB 3.1.0000. unbekannt Microsoft SQL Server Compact 3.5 SP1 English Microsoft Corporation 23.02.2010 2,59MB 3.5.5692.0, unbekannt Microsoft SQL Server Compact 3.5 SP1 x64 English Microsoft Corporation 23.02.2010 3,69MB 3.5.5692.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Corporation 13.12.2010 258KB 8.0.50727.4053, unbekannt Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 13.12.2010 250KB 8.0.50727.4053, unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 16.06.2011 300KB 8.0.61001, unbekannt Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 23.02.2010 708KB 8.0.61000, unbekannt Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Corporation 18.05.2011 580KB 8.0.51011, unbekannt Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 03.06.2011 198KB 9.0.30729.4148. unbekannt Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Corporation 18.05.2011 790KB 9.0.30729.5570, unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 18.12.2010 784KB 9.0.30729.4148. unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 16.06.2011 788KB 9.0.30729.6161, unebekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 01.06.2011 600KB 9.0.30729, unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 16.06.2011 600KB 9.0.30729.6161, unbekannt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 26.11.2012 1,31MB 10.0.40219. unbekannt Microsoft Works Microsoft Corporation 10.10.2012 1,01GB 9.7.0621, unbekannt Mozilla Firefox 18.0 (x86 de) Mozilla 11.01.2013 46,4MB 18.0, notwendig Mozilla Maintenance Service Mozilla 11.01.2013 330KB 18.0, unbekannt MSXML 4.0 SP2 (KB954430) Microsoft Corporation 27.05.2010 1,27MB 4.20.9870.0, unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 27.05.2010 1,33MB 4.20.9876.0, unbekannt MusicStation Omnifone 23.02.2010 21,4MB 2.0.0.1067, unbekannt PDF24 Creator 4.9.0 PDF24.org 29.10.2012 33,9MB , notwendig PMB Sony Corporation 31.05.2010 276MB 5.1.00.13280, unbekannt PMB VAIO Edition Guide Sony Corporation 31.05.2010 72,3MB 1.2.00.15250, , notwendig PMB VAIO Edition plug-in (VAIO Image Optimizer) Sony Corporation 31.05.2010 54,8MB 1.2.00.15250, notwendig PMB VAIO Edition plug-in (VAIO Movie Story) Sony Corporation 31.05.2010 69,5MB 2.2.00.15250, notwendig ProtectDisc Driver, Version 11 ProtectDisc Software GmbH 24.06.2010 11.0.0.10, unbekannt QuickTime Apple Inc. 28.12.2010 73,7MB 7.69.80.9, unwichtig Realtek HDMI Audio Driver for ATI Realtek Semiconductor Corp. 23.02.2010 6.0.1.5992, , notwendig Realtek High Definition Audio Driver Realtek Semiconductor Corp. 30.05.2010 6.0.1.5992, notwendig RedMon - Redirection Port Monitor 28.05.2010, unbekannt Roxio Easy Media Creator 10 LJ Roxio 26.05.2010 125MB 10.3, unbekannt Setting Utility Series Sony Corporation 23.02.2010 5.1.0.11200, , notwendig Shop for HP Supplies HP 28.08.2011 14.0, unbekannt Skype™ 5.10 Skype Technologies S.A. 29.08.2012 19,4MB 5.10.116, notwendig Sony Home Network Library Sony Corporation 23.02.2010 2.0.1.10160, , notwendig Spybot - Search & Destroy Safer Networking Limited 13.02.2011 1.6.2, notwendig Surf & E-Mail-Stick Huawei Technologies Co.,Ltd 17.08.2010 11.301.08.00.35, notwendig svBuilder SimpleViewer Inc 16.10.2012 2.3.1, unwichtig Synaptics Pointing Device Driver Synaptics Incorporated 23.02.2010 14.0.10.0, unbekannt Tinypic 3.14 E. Fiedler 19.08.2011 Tinypic 3.14, unbekannt Universal Document Converter (Demo) fCoder Group, Inc. 08.06.2012 5.3, unbekannt VAIO Care Sony Corporation 20.12.2011 6.4.2.11150, notwendig, VAIO Content Metadata Intelligent Analyzing Manager Sony Corporation 23.02.2010 3.6.0.09250, notwendig VAIO Content Metadata Intelligent Network Service Manager Sony Corporation 31.05.2010 3.7.0.14191, notwendig VAIO Content Metadata Manager Settings Sony Corporation 31.05.2010 3.7.0.13221, notwendig VAIO Content Metadata XML Interface Library Sony Corporation 31.05.2010 3.7.0.14191, notwendig VAIO Control Center Sony Corporation 18.12.2010 4.1.1.07160, notwendig VAIO Data Restore Tool Sony Corporation 23.02.2010 1.2.0.09150, notwendig VAIO DVD Menu Data Sony Corporation 23.02.2010 2.0.00.10130, notwendig VAIO Energie Verwaltung Sony Corporation 23.02.2010 5.0.0.11300, notwendig VAIO Entertainment Platform Sony Corporation 23.02.2010 3.6.0.09150, notwendig VAIO Event Service Sony Corporation 23.02.2010 5.1.0.12010, notwendig VAIO Gate Sony Corporation 18.12.2010 2.2.1.09131, notwendig VAIO Gate Default Sony Corporation 23.02.2010 1.0.0.10290, notwendig VAIO Marketing Tools Sony Corporation 26.05.2010 , notwendig VAIO Media plus Sony Corporation 23.02.2010 2.0.1.10160, notwendig VAIO Media plus Opening Movie Sony Corporation 23.02.2010 1.2.0.09100, notwendig VAIO Movie Story Template Data Sony Corporation 23.02.2010 438MB 2.0.00.09240, notwendig VAIO Original Funktion Einstellungen Sony Corporation 23.02.2010 2.0.0.07010, notwendig VAIO Personalization Manager Sony Corporation 23.02.2010 2.0.0.06220, notwendig VAIO Premium Partners Sony Europe 26.05.2010 1.0, notwendig VAIO Quick Web Access Sony Corporation 18.12.2010 303MB 1.3.1.7, notwendig VAIO screensaver Sony Europe 26.05.2010 1.0.0.0, notwendig VAIO Smart Network Sony Corporation 18.12.2010 3.3.1.08110, notwendig VAIO Update Sony Corporation 12.01.2013 6.1.1.10250, notwendig VAIO Wallpaper Contents Sony Corporation 23.02.2010 2.0.0.06010, notwendig VAIO-Support für Übertragungen Sony Corporation 01.07.2010 1.1.2.06030, notwendig VLC media player 1.0.5 VideoLAN Team 26.05.2010 1.0.5, notwendig WIDCOMM Bluetooth Software Broadcom Corporation 29.01.2010 144MB 6.2.1.500, unbekannt Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405) Broadcom 26.05.2010 09/09/2009 6.2.0.9405, unbekannt Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) Broadcom 26.05.2010 07/28/2009 6.2.0.9800, unbekannt Windows Live Essentials Microsoft Corporation 26.06.2012 15.4.3555.0308, unbkannt Windows Live Sync Microsoft Corporation 12.12.2010 2,79MB 14.0.8117.416, unbekannt Windows-Treiberpaket - Nokia Modem (06/09/2010 4.5) Nokia 23.09.2010 06/09/2010 4.5. unbekannt Windows-Treiberpaket - Nokia Modem (06/09/2010 7.01.0.7) Nokia 23.09.2010 06/09/2010 7.01.0.7, unbekannt WinRAR 27.05.2010 , notwendig |
|
14.01.2013, 20:33
| #13 |
| /// Malware-holic | GVU Trojaner (Paysafe) deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: ArcSoft : beide, falls du keine cam nutzt. Free WMA Google Earth iTunes Japanese Java: alle downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: Media Gallery QuickTime Shop Spybot : kann man beruhigt drauf verzichten, nicht mehr sonderlich hilfreich. svBuilder Tinypic Universal Document Windows Live : alle für dich unnötigen Öffne CCleaner, analysieren starten, PC neustarten. Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.01.2013, 23:40
| #14 |
| | GVU Trojaner (Paysafe) Adware Log Code:
ATTFilter # AdwCleaner v2.105 - Datei am 14/01/2013 um 23:39:25 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : mhvn -
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\mhvn\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Users\mhvn\AppData\Roaming\Mozilla\Firefox\Profiles\6469u65k.default\searchplugins\Askcom.xml
Datei Gefunden : C:\Users\mhvn\AppData\Roaming\Mozilla\Firefox\Profiles\6469u65k.default\searchplugins\icqplugin.xml
Datei Gefunden : C:\Users\mhvn\AppData\Roaming\Mozilla\Firefox\Profiles\6469u65k.default\searchplugins\icqplugin-1.xml
Datei Gefunden : C:\Users\mhvn\AppData\Roaming\Mozilla\Firefox\Profiles\6469u65k.default\searchplugins\icqplugin-2.xml
Datei Gefunden : C:\Users\mhvn\AppData\Roaming\Mozilla\Firefox\Profiles\6469u65k.default\searchplugins\icqplugin-3.xml
Ordner Gefunden : C:\Program Files (x86)\Conduit
Ordner Gefunden : C:\ProgramData\ICQ\ICQToolbar
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\mhvn\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\mhvn\AppData\Roaming\Mozilla\Firefox\Profiles\6469u65k.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Schlüssel Gefunden : HKU\S-1-5-21-3312566914-2936580668-3725363455-1001\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gefunden : HKU\S-1-5-21-3312566914-2936580668-3725363455-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE
[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
-\\ Mozilla Firefox v18.0 (de)
Datei : C:\Users\mhvn\AppData\Roaming\Mozilla\Firefox\Profiles\6469u65k.default\prefs.js
Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
Gefunden : user_pref("browser.search.defaultenginename", "Ask.com");
Gefunden : user_pref("browser.search.defaulturl", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_v[...]
Gefunden : user_pref("browser.search.order.1", "Ask.com");
Gefunden : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&loc[...]
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\mhvn\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [3470 octets] - [14/01/2013 23:39:25]
########## EOF - C:\AdwCleaner[R1].txt - [3530 octets] ##########
|
|
15.01.2013, 20:47
| #15 |
| /// Malware-holic | GVU Trojaner (Paysafe) Hi Downloade Dir bitte AdwCleaner auf deinen Desktop.
neustarten bitte, testen, wie der PC läuft, auch Programme testen. (browser) zb
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu GVU Trojaner (Paysafe) |
| 7-zip, avira searchfree toolbar, becker, ebenfalls, eraser, files, folge, gvu trojaner, hallo zusammen, hoffe, install.exe, otl scan, paysafe, plug-in, richtlinie, scan, tr/winlock.jc, tr/winlock.jc!, troja, trojaner, zusammen |
Linear-Darstellung
