| |
| |||||||
Log-Analyse und Auswertung: Unerwünschte Software (und Viren?)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
04.02.2013, 13:28
| #1 |
 |  Unerwünschte Software (und Viren?) Hallo! Ich habe diverse Software heruntergeladen und mir dabei einiges unerwünschte (z.B. GUI und anderes) eingehandelt. Dann erschien ein Warnhinweis (... dies ich wahrscheinlich nicht die Seite, die Sie gewählt haben...) Wenn ich mein Mail-Programm öffnen will, erscheinen sofort die Pünktchen vom Passwort. Ausserdem ist der Rechner auffallend langsam. Ich bin die erwähnten Punkte durchgegangen. Anbei sende ich die Ergebnisse von OTL (ich erhielt allerdings nur einen Scan) und im Anhang GMER. Viele Grüße und im Voraus Dank für eure Hilfe! (Wenn ich etwas nicht ganz richtig gemacht habe - sorry...) OTL logfile created on: 03.02.2013 23:21:37 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads 64bit- Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Alemanha | Language: DEU | Date Format: dd.MM.yyyy 1,97 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 45,43% Memory free 3,93 Gb Paging File | 2,12 Gb Available in Paging File | 53,82% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 289,24 Gb Total Space | 208,15 Gb Free Space | 71,96% Space Free | Partition Type: NTFS Drive D: | 7,81 Gb Total Space | 4,41 Gb Free Space | 56,49% Space Free | Partition Type: NTFS Drive G: | 7,45 Gb Total Space | 3,67 Gb Free Space | 49,24% Space Free | Partition Type: FAT32 Drive M: | 7,45 Gb Total Space | 0,97 Gb Free Space | 13,06% Space Free | Partition Type: FAT32 Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe () PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe () PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.313\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\SiteSafety.dll () MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (vToolbarUpdater14.0.1) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe () SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.313\McCHSvc.exe (McAfee, Inc.) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (!SASCORE) -- C:\Arquivos de Programas\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com) SRV - (wlidsvc) -- C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Arquivos de Programas\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (FLEXnet Licensing Service 64) -- C:\Arquivos de Programas\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (3xHybr64) -- C:\Windows\SysNative\drivers\3xHybr64.sys (NXP Semiconductors Germany GmbH) DRV:64bit: - (StarOpen) -- C:\windows\SysNative\drivers\StarOpen.sys () DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (irda) -- C:\Windows\SysNative\drivers\irda.sys (Microsoft Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (Atc002) -- C:\Windows\SysNative\drivers\l260x64.sys (Atheros Communications, Inc.) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (adfs) -- C:\windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV:64bit: - (irsir) -- C:\Windows\SysNative\drivers\irsir.sys (Microsoft Corporation) DRV - (SASDIFSV) -- C:\Arquivos de Programas\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Arquivos de Programas\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (StarOpen) -- C:\windows\SysWow64\drivers\StarOpen.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://br.msn.com/?ocid=OIE9HP IE - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\InprocServer32 File not found IE - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\..\SearchScopes\{09038620-190C-402B-A92F-18864E6AB22F}: "URL" = hxxp://go.1und1.de/br/ie9_search_web/?su={searchTerms} IE - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\..\SearchScopes\{40064957-18EB-412d-9146-3F57E8D92EEC}: "URL" = hxxp://go.web.de/br/ie9_search_pic/?su={searchTerms} IE - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\..\SearchScopes\{4D7921D3-53C2-45B2-872C-90E12E119F96}: "URL" = hxxp://go.web.de/br/ie8_search_web/?su={searchTerms} IE - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\..\SearchScopes\{5A817CF6-92D5-4DE5-AC38-82DF8A73EF28}: "URL" = hxxp://go.gmx.net/br/ie9_search_web/?su={searchTerms} IE - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\..\SearchScopes\{6B1D1FB7-7233-4F7C-802C-21A1DDB12754}: "URL" = hxxp://go.web.de/br/ie9_search_web/?su={searchTerms} IE - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\..\SearchScopes\{8D27B32E-89EE-460e-82D2-5FC354078EAD}: "URL" = hxxp://go.web.de/br/ie9_search_produkte/?su={searchTerms} IE - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\..\SearchScopes\{9419F466-CE14-4815-9770-6E0ABF07029D}: "URL" = hxxp://go.web.de/br/ie8_search_ebay/?q={searchTerms} IE - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={7F12B14F-71EC-47CC-B558-FC48D359C248}&mid=c14c28395cd447d0ab902524427bee8f-20a95f68f05b3e1dd4593d76b2ddf30e1d456162&lang=de&ds=bm012&pr=sa&d=2013-01-30 09:10:46&v=13.2.0.4&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\..\SearchScopes\{9AF1CD3F-F703-465F-B04C-1A3DE66B9B4E}: "URL" = hxxp://go.web.de/br/ie8_search_amazon/?keywords={searchTerms} IE - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\..\SearchScopes\{DCE59F23-A446-45a5-9459-E68FDC0DE38D}: "URL" = hxxp://go.web.de/br/ie9_search_maps/?su={searchTerms} IE - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\..\SearchScopes\{F449D39B-A42A-452B-886F-D2B99472C29B}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=pt_BR&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^BR&apn_uid=F3E38ACD-7F39-4777-8389-F70BF3112F5A&apn_sauid=C23E2D0E-758D-44CE-A0D5-052D60736B3E IE - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\..\SearchScopes\{F7277119-1255-44CD-863E-4883F42D083C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=BIE9DF&pc=BIE9&src=IE-SearchBox IE - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..extensions.enabledAddons: toolbar@web.de:1.7.5 FF - prefs.js..extensions.enabledItems: FF - prefs.js..extensions.enabledItems: FF - prefs.js..network.proxy.autoconfig_url: "" FF - prefs.js..network.proxy.type: 2 FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=F3E38ACD-7F39-4777-8389-F70BF3112F5A&apn_ptnrs=U3&apn_sauid=C23E2D0E-758D-44CE-A0D5-052D60736B3E&apn_dtid=OSJ000YYBR&&q=" FF - prefs.js..browser.startup.homepage: "" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.313\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.02.20 00:26:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.02.20 00:26:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\14.0.2.14 [2013.01.31 10:08:06 | 000,000,000 | ---D | M] [2010.11.15 17:10:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rupi\AppData\Roaming\mozilla\Extensions [2013.01.17 20:23:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rupi\AppData\Roaming\mozilla\Firefox\Profiles\ls0y5rg7.default\extensions [2013.01.17 20:23:51 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Rupi\AppData\Roaming\mozilla\Firefox\Profiles\ls0y5rg7.default\extensions\toolbar@ask.com [2013.01.17 20:23:51 | 000,002,308 | ---- | M] () -- C:\Users\Rupi\AppData\Roaming\mozilla\firefox\profiles\ls0y5rg7.default\searchplugins\askcom.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google  riginalQueryForSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}sourceid=chrome&ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Rupi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL CHR - plugin: DivX VOD Helper Plug-in (Disabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Web Player (Disabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.129\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll CHR - plugin: Silverlight Plug-In (Disabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nppl3260.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll CHR - plugin: Windows Activation Technologies (Enabled) = C:\windows\system32\Wat\npWatWeb.dll CHR - Extension: Ask Toolbar = C:\Users\Rupi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.14.33467_0\ CHR - Extension: YouTube = C:\Users\Rupi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\Rupi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: DivX HiQ = C:\Users\Rupi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\ CHR - Extension: WEB.DE MailCheck = C:\Users\Rupi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaogepninmlbinccpbiakcgiolijlllo\1.0.1_0\ CHR - Extension: Skype Click to Call = C:\Users\Rupi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\ CHR - Extension: AVG Secure Search = C:\Users\Rupi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.0.2.14_0\ CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Rupi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\ CHR - Extension: Google Mail = C:\Users\Rupi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2010.11.14 20:33:47 | 000,000,822 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Arquivos de Programas\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.313\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll () O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Arquivos de Programas\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Arquivos de Programas\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Arquivos de Programas\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] C:\Arquivos de Programas\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe () O4 - HKU\S-1-5-21-3340065973-2767842447-854006908-1000..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden File not found O4 - HKU\S-1-5-21-3340065973-2767842447-854006908-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-3340065973-2767842447-854006908-1000..\Run: [SUPERAntiSpyware] C:\Arquivos de Programas\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) O4 - Startup: C:\Users\Rupi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Rupi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Anexar a PDF existente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Anexar destino do link a PDF existente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Anexar para um PDF existente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Converter destino do link em Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Converter destino do link em um PDF existente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Converter em Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Anexar a PDF existente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Anexar destino do link a PDF existente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Anexar para um PDF existente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Converter destino do link em Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Converter destino do link em um PDF existente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Converter em Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Arquivos de Programas\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29B762E0-5162-4C3A-B299-FEADC381DF21}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{590104AA-A81F-48BA-B238-AA717E71B1AD}: DhcpNameServer = 192.168.1.1 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5492288-61CF-44DA-92FD-4BABBF66C449}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\gopher - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll () O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 0 O32 - Unable to obtain root file information for disk G:\ O32 - AutoRun File - [2011.08.01 17:02:50 | 000,141,320 | ---- | M] () - M:\AUTORENVERTRAG-ruprecht-guenther.pdf -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.03 22:53:40 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{2C8226DA-F19B-42CE-BE1F-5FE6883DFBB8} [2013.02.03 10:53:01 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{BB0514BC-F638-49F6-A651-AFEB3DA0E570} [2013.02.02 18:33:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack [2013.02.02 14:32:49 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{E3D3B57D-7161-4EB4-9898-0B128F25FC33} [2013.02.02 14:19:33 | 000,000,000 | ---D | C] -- C:\FFOutput [2013.02.02 14:19:00 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory [2013.02.02 14:18:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeTime [2013.02.02 14:01:26 | 000,000,000 | ---D | C] -- C:\windows\de [2013.02.02 13:58:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition [2013.02.02 13:54:04 | 000,000,000 | ---D | C] -- C:\windows\PCHEALTH [2013.02.02 13:32:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.02.02 12:50:29 | 000,000,000 | ---D | C] -- C:\Users\Rupi\Documents\NeroVideo [2013.02.02 12:50:27 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\Nero_AG [2013.02.02 12:49:41 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\Nero [2013.02.02 11:49:50 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{537C9110-EEFA-4C8E-A8A6-412C21BADD1D} [2013.01.31 18:46:38 | 000,000,000 | ---D | C] -- C:\Users\Rupi\Documents\Video [2013.01.31 18:04:56 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Roaming\Audacity [2013.01.31 18:04:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity [2013.01.31 17:27:13 | 000,000,000 | ---D | C] -- C:\_OTL [2013.01.31 17:23:19 | 000,000,000 | ---D | C] -- C:\Users\Rupi\.DVDslideshowGUI [2013.01.31 17:23:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter [2013.01.31 17:22:57 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter [2013.01.31 17:22:50 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GUI for dvdauthor [2013.01.31 17:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GUI for dvdauthor [2013.01.31 17:22:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GUI for dvdauthor [2013.01.31 17:22:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AvsP [2013.01.31 17:22:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AvsP [2013.01.31 17:22:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn [2013.01.31 17:22:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn [2013.01.31 17:22:30 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5 [2013.01.31 17:22:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5 [2013.01.31 17:22:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5 [2013.01.31 17:21:52 | 007,760,687 | ---- | C] (Boraxsoft) -- C:\Users\Rupi\AppData\Roaming\SetupGFD.exe [2013.01.31 17:21:28 | 005,514,668 | ---- | C] (LIGHTNING UK!) -- C:\Users\Rupi\AppData\Roaming\Imgburn.exe [2013.01.31 17:21:15 | 005,082,084 | ---- | C] (The Public) -- C:\Users\Rupi\AppData\Roaming\Avisynth.exe [2013.01.30 21:07:01 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Roaming\vlc [2013.01.30 21:06:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.01.30 21:06:28 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2013.01.30 09:11:27 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\AVG Secure Search [2013.01.30 09:11:12 | 000,000,000 | ---D | C] -- C:\Program Files\MediaInfo [2013.01.30 09:11:06 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search [2013.01.30 09:10:34 | 000,037,720 | ---- | C] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys [2013.01.30 09:10:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search [2013.01.30 09:10:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search [2013.01.30 09:09:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2013.01.29 12:29:05 | 000,000,000 | ---D | C] -- C:\Users\Rupi\Documents\Any Video Converter [2013.01.29 12:27:23 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Roaming\AnvSoft [2013.01.29 12:26:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnvSoft [2013.01.29 12:24:31 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\Programs [2013.01.28 10:31:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive [2013.01.28 10:31:00 | 000,000,000 | R--D | C] -- C:\Users\Rupi\SkyDrive [2013.01.28 10:30:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive [2013.01.27 23:02:22 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{1014C13E-8395-4838-BEB5-A4E785846E8D} [2013.01.27 11:01:48 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{36F5324B-9194-4840-BF57-6C2027866100} [2013.01.26 22:35:18 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{7DB0E683-5C6D-4C3F-B245-5A117B69F71F} [2013.01.25 20:54:06 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{FB5F0E9C-B411-432D-905A-1687AB045175} [2013.01.25 08:37:24 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{F3AF167F-D223-4702-BFDE-E18882B897CA} [2013.01.24 11:16:44 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{55A458DC-2F66-4C67-9CF4-CB088611AFD1} [2013.01.23 12:37:15 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{C3193ACF-578F-42A1-BCE9-46E91A83D922} [2013.01.22 12:19:33 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{78B39860-4AB6-451C-9124-DF26F5E09624} [2013.01.21 20:36:33 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{0ECD9C6D-BABE-4604-8C09-7D8A7918ABAD} [2013.01.21 12:37:52 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{9B3BFD74-617E-417C-BB37-2307046EABA6} [2013.01.20 22:30:14 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{723B9E8E-C385-4EA8-BD58-128D026CE4BE} [2013.01.20 10:29:43 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{6181E1F3-1625-43EC-B1D5-5A4DBA56F145} [2013.01.19 19:22:09 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{FBD9D36E-E6C6-466B-B03E-0930F42B2703} [2013.01.18 21:36:48 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{AA7BAFBE-B44E-4F62-B2BE-C8C16B4864D7} [2013.01.18 09:36:04 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{7FFEC400-9915-4A84-A22F-98A29CAD81E4} [2013.01.17 21:35:28 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{52DC8E4E-6284-488E-AAA8-A439391D5361} [2013.01.17 20:23:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com [2013.01.17 20:23:40 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\APN [2013.01.17 17:15:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask [2013.01.17 10:46:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1&1 Mail & Media [2013.01.17 09:35:00 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{20698CBA-D5DC-44D7-BE6D-2680DA66F87C} [2013.01.16 11:47:25 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{F024962B-0E62-4639-A3D2-0433B966B0F1} [2013.01.15 21:47:04 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{3742B625-8C70-4419-B73A-D2997668FAF1} [2013.01.15 09:46:27 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{B50A2EEE-ECBD-4B95-B053-6C18ADE6A903} [2013.01.14 21:45:56 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{8A4D8B2A-8DA2-4CF3-A03D-9A996157A1DF} [2013.01.14 09:45:12 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{4A9F3E6C-0282-42E4-817F-373F9DFA8B09} [2013.01.13 19:44:22 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{C6F649CE-7333-4582-B431-FA4070331DB4} [2013.01.12 16:19:04 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{9B3CB9A9-FDDF-426E-BD32-862E06AFE893} [2013.01.12 12:12:40 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{584766E2-82AD-41FF-8020-74DA926580F1} [2013.01.11 23:15:09 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{0099E5D4-0B8E-4248-A7EE-4BFAA74E12F3} [2013.01.11 10:12:32 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{FA8584DE-A524-45FE-A6EA-FE684BB9ABE3} [2013.01.10 22:11:54 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{9DE97496-1434-4E31-9A8F-B087C9D17953} [2013.01.10 10:11:04 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{77C3B87B-E23F-45D8-ADA8-53517DE6D26D} [2013.01.08 12:34:06 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{FCB4975C-7C05-48D7-8FC6-648C61CCD6AB} [2013.01.07 23:16:34 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{3B65230F-5278-4C8D-BE6D-A14E743E1D74} [2013.01.07 11:12:54 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{50492BA2-2DFC-4F75-B699-B5DA11020219} [2013.01.06 23:12:17 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{D2C30C92-8D58-4D42-A2DF-1498F28C8CD1} [2013.01.06 11:11:48 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{794313FD-D088-4A14-A75F-2D28D5D204C6} [2013.01.06 10:30:30 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{A641D6F0-607E-48B7-BBFA-CD0039620424} [2013.01.06 10:29:23 | 000,000,000 | ---D | C] -- C:\Users\Rupi\Documents\6.1.13 [2013.01.05 22:30:01 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{8273EDAA-5131-42F7-BA33-13EB38DA1333} [2013.01.05 10:29:23 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{336B3873-8698-4877-87A9-CE0ECBDA28F0} [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.03 23:27:16 | 000,001,064 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.03 23:26:00 | 000,000,902 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.02.03 23:24:26 | 000,016,416 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.03 23:24:26 | 000,016,416 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.03 23:16:35 | 000,001,060 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.03 23:16:33 | 000,000,356 | ---- | M] () -- C:\windows\tasks\ROC_JAN2013_TB_rmv.job [2013.02.03 23:16:15 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.02.03 23:16:07 | 1583,128,576 | -HS- | M] () -- C:\hiberfil.sys [2013.02.03 23:14:32 | 000,000,020 | ---- | M] () -- C:\Users\Rupi\defogger_reenable [2013.02.03 13:08:55 | 000,978,074 | ---- | M] () -- C:\Users\Rupi\Documents\garota1.png [2013.02.02 20:18:53 | 148,843,957 | ---- | M] () -- C:\Users\Rupi\Documents\Jambala.wmv [2013.02.02 18:42:34 | 002,344,832 | ---- | M] () -- C:\Users\Rupi\Documents\Mein Film.wmv [2013.02.02 18:18:38 | 019,082,704 | ---- | M] ( ) -- C:\Users\Rupi\Desktop\K-Lite_Codec_Pack_970_Full.exe [2013.02.02 14:34:08 | 000,003,584 | ---- | M] () -- C:\Users\Rupi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.02.02 14:19:00 | 000,001,205 | ---- | M] () -- C:\Users\Rupi\Desktop\Format Factory.lnk [2013.02.01 22:49:51 | 034,821,404 | ---- | M] () -- C:\Users\Rupi\Desktop\SAMBAvvvv.wav [2013.02.01 14:36:29 | 034,821,404 | ---- | M] () -- C:\Users\Rupi\Desktop\SAMBAvvv.wav [2013.02.01 14:23:47 | 034,821,404 | ---- | M] () -- C:\Users\Rupi\Desktop\SAMBAvv.wav [2013.02.01 10:22:08 | 039,049,882 | ---- | M] () -- C:\Users\Rupi\Documents\Jambala neu.mp4 [2013.02.01 09:48:31 | 003,075,904 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013.01.31 21:57:13 | 000,034,533 | ---- | M] () -- C:\Users\Rupi\Documents\Jambala neu.wlmp [2013.01.31 18:04:41 | 000,001,014 | ---- | M] () -- C:\Users\Rupi\Desktop\Audacity.lnk [2013.01.31 17:23:07 | 000,034,936 | ---- | M] () -- C:\windows\SysWow64\uninstHelixYUV.exe [2013.01.31 17:22:40 | 000,001,872 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2013.01.31 17:22:03 | 007,760,687 | ---- | M] (Boraxsoft) -- C:\Users\Rupi\AppData\Roaming\SetupGFD.exe [2013.01.31 17:21:52 | 005,243,208 | ---- | M] ( ) -- C:\Users\Rupi\AppData\Roaming\AvsP.exe [2013.01.31 17:21:43 | 001,357,348 | ---- | M] () -- C:\Users\Rupi\AppData\Roaming\MatroskaSplitter.exe [2013.01.31 17:21:39 | 000,117,723 | ---- | M] () -- C:\Users\Rupi\AppData\Roaming\yuvcodecs-1.3.exe [2013.01.31 17:21:37 | 005,514,668 | ---- | M] (LIGHTNING UK!) -- C:\Users\Rupi\AppData\Roaming\Imgburn.exe [2013.01.31 17:21:27 | 005,082,084 | ---- | M] (The Public) -- C:\Users\Rupi\AppData\Roaming\Avisynth.exe [2013.01.31 10:06:40 | 000,037,720 | ---- | M] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys [2013.01.31 00:42:39 | 000,599,067 | ---- | M] () -- C:\Users\Rupi\Documents\forum.botfrei.de.png [2013.01.30 21:56:41 | 004,228,258 | ---- | M] () -- C:\Users\Rupi\Documents\Jambalakurz.mp4 [2013.01.30 21:42:49 | 040,931,281 | ---- | M] () -- C:\Users\Rupi\Documents\Jambala.mp4 [2013.01.30 21:06:53 | 000,000,878 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.01.29 16:07:40 | 000,002,053 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013.01.29 16:07:40 | 000,002,053 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013.01.29 13:40:43 | 000,029,964 | ---- | M] () -- C:\Users\Rupi\Documents\Jambala.wlmp [2013.01.29 11:15:06 | 075,737,972 | ---- | M] () -- C:\Users\Rupi\Documents\Jambala2.mp4 [2013.01.29 00:00:23 | 251,044,534 | ---- | M] () -- C:\windows\MEMORY.DMP [2013.01.28 00:02:29 | 031,363,964 | ---- | M] () -- C:\Users\Rupi\Desktop\ANNA5vvvv.wav [2013.01.27 17:46:08 | 031,363,964 | ---- | M] () -- C:\Users\Rupi\Desktop\ANNA5v.wav [2013.01.24 11:18:47 | 000,001,017 | ---- | M] () -- C:\Users\Rupi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.01.24 11:18:24 | 000,000,983 | ---- | M] () -- C:\Users\Rupi\Desktop\Dropbox.lnk [2013.01.21 09:58:27 | 025,648,604 | ---- | M] () -- C:\Users\Rupi\Desktop\TAMOR3v7.wav [2013.01.20 12:58:19 | 031,363,964 | ---- | M] () -- C:\Users\Rupi\Desktop\ANNAv5.wav [2013.01.16 13:05:28 | 000,376,174 | ---- | M] () -- C:\Users\Rupi\Desktop\urubu2.png [2013.01.16 13:02:32 | 000,554,544 | ---- | M] () -- C:\Users\Rupi\Desktop\urubu.png [2013.01.14 22:07:08 | 001,599,152 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013.01.14 22:07:08 | 000,687,894 | ---- | M] () -- C:\windows\SysNative\prfh0416.dat [2013.01.14 22:07:08 | 000,639,478 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013.01.14 22:07:08 | 000,139,854 | ---- | M] () -- C:\windows\SysNative\prfc0416.dat [2013.01.14 22:07:08 | 000,116,808 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013.01.12 16:17:35 | 000,002,262 | ---- | M] () -- C:\Users\Rupi\Desktop\Google Chrome.lnk [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.03 23:14:32 | 000,000,020 | ---- | C] () -- C:\Users\Rupi\defogger_reenable [2013.02.03 13:08:54 | 000,978,074 | ---- | C] () -- C:\Users\Rupi\Documents\garota1.png [2013.02.02 20:08:37 | 148,843,957 | ---- | C] () -- C:\Users\Rupi\Documents\Jambala.wmv [2013.02.02 18:41:48 | 002,344,832 | ---- | C] () -- C:\Users\Rupi\Documents\Mein Film.wmv [2013.02.02 18:17:30 | 019,082,704 | ---- | C] ( ) -- C:\Users\Rupi\Desktop\K-Lite_Codec_Pack_970_Full.exe [2013.02.02 14:19:00 | 000,001,205 | ---- | C] () -- C:\Users\Rupi\Desktop\Format Factory.lnk [2013.02.02 13:59:57 | 000,001,312 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk [2013.02.02 13:59:08 | 000,001,381 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk [2013.02.02 13:56:52 | 000,002,493 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk [2013.02.01 22:31:22 | 034,821,404 | ---- | C] () -- C:\Users\Rupi\Desktop\SAMBAvvvv.wav [2013.02.01 14:28:17 | 034,821,404 | ---- | C] () -- C:\Users\Rupi\Desktop\SAMBAvvv.wav [2013.02.01 14:23:46 | 034,821,404 | ---- | C] () -- C:\Users\Rupi\Desktop\SAMBAvv.wav [2013.02.01 10:09:42 | 039,049,882 | ---- | C] () -- C:\Users\Rupi\Documents\Jambala neu.mp4 [2013.01.31 20:11:44 | 000,034,533 | ---- | C] () -- C:\Users\Rupi\Documents\Jambala neu.wlmp [2013.01.31 18:04:41 | 000,001,026 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk [2013.01.31 18:04:41 | 000,001,014 | ---- | C] () -- C:\Users\Rupi\Desktop\Audacity.lnk [2013.01.31 17:23:07 | 000,034,936 | ---- | C] () -- C:\windows\SysWow64\uninstHelixYUV.exe [2013.01.31 17:22:40 | 000,001,884 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk [2013.01.31 17:22:40 | 000,001,872 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2013.01.31 17:21:44 | 005,243,208 | ---- | C] ( ) -- C:\Users\Rupi\AppData\Roaming\AvsP.exe [2013.01.31 17:21:39 | 001,357,348 | ---- | C] () -- C:\Users\Rupi\AppData\Roaming\MatroskaSplitter.exe [2013.01.31 17:21:37 | 000,117,723 | ---- | C] () -- C:\Users\Rupi\AppData\Roaming\yuvcodecs-1.3.exe [2013.01.31 10:08:00 | 000,000,356 | ---- | C] () -- C:\windows\tasks\ROC_JAN2013_TB_rmv.job [2013.01.31 00:42:38 | 000,599,067 | ---- | C] () -- C:\Users\Rupi\Documents\forum.botfrei.de.png [2013.01.30 21:55:19 | 004,228,258 | ---- | C] () -- C:\Users\Rupi\Documents\Jambalakurz.mp4 [2013.01.30 21:27:59 | 040,931,281 | ---- | C] () -- C:\Users\Rupi\Documents\Jambala.mp4 [2013.01.30 21:06:53 | 000,000,878 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.01.29 10:41:58 | 075,737,972 | ---- | C] () -- C:\Users\Rupi\Documents\Jambala2.mp4 [2013.01.28 12:06:30 | 000,029,964 | ---- | C] () -- C:\Users\Rupi\Documents\Jambala.wlmp [2013.01.27 23:20:40 | 031,363,964 | ---- | C] () -- C:\Users\Rupi\Desktop\ANNA5vvvv.wav [2013.01.27 17:41:07 | 031,363,964 | ---- | C] () -- C:\Users\Rupi\Desktop\ANNA5v.wav [2013.01.21 09:48:59 | 025,648,604 | ---- | C] () -- C:\Users\Rupi\Desktop\TAMOR3v7.wav [2013.01.20 12:45:32 | 031,363,964 | ---- | C] () -- C:\Users\Rupi\Desktop\ANNAv5.wav [2013.01.16 13:05:28 | 000,376,174 | ---- | C] () -- C:\Users\Rupi\Desktop\urubu2.png [2013.01.16 13:02:31 | 000,554,544 | ---- | C] () -- C:\Users\Rupi\Desktop\urubu.png [2012.10.06 10:57:52 | 000,511,488 | ---- | C] () -- C:\windows\SysWow64\lame_enc.dll [2012.10.06 10:57:52 | 000,110,080 | ---- | C] () -- C:\windows\SysWow64\advd.dll [2012.10.06 10:57:52 | 000,023,040 | ---- | C] () -- C:\windows\SysWow64\auth.dll [2012.09.26 17:37:31 | 000,005,005 | ---- | C] () -- C:\windows\wininit.ini [2012.06.13 16:33:16 | 000,000,000 | ---- | C] () -- C:\windows\cdplayer.ini [2011.10.16 21:26:07 | 000,003,584 | ---- | C] () -- C:\Users\Rupi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.11.24 19:17:08 | 000,000,631 | ---- | C] () -- C:\Users\Rupi\Rupi - Atalho.lnk ========== ZeroAccess Check ========== [2009.07.14 02:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 03:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 02:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.13 23:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 10:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.13 23:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.12.20 11:51:39 | 000,000,000 | ---D | M] -- C:\Users\Rupi\AppData\Roaming\1&1 Mail & Media GmbH [2013.01.29 12:27:23 | 000,000,000 | ---D | M] -- C:\Users\Rupi\AppData\Roaming\AnvSoft [2012.06.13 17:28:48 | 000,000,000 | ---D | M] -- C:\Users\Rupi\AppData\Roaming\Ashampoo [2013.01.31 18:22:13 | 000,000,000 | ---D | M] -- C:\Users\Rupi\AppData\Roaming\Audacity [2009.10.28 02:14:51 | 000,000,000 | ---D | M] -- C:\Users\Rupi\AppData\Roaming\BrOffice.org [2009.11.24 19:16:38 | 000,000,000 | ---D | M] -- C:\Users\Rupi\AppData\Roaming\Canneverbe Limited [2009.11.01 23:44:11 | 000,000,000 | ---D | M] -- C:\Users\Rupi\AppData\Roaming\Canon [2012.10.06 11:01:34 | 000,000,000 | ---D | M] -- C:\Users\Rupi\AppData\Roaming\concept design [2009.11.01 20:44:49 | 000,000,000 | ---D | M] -- C:\Users\Rupi\AppData\Roaming\DAEMON Tools Lite [2013.02.03 23:17:39 | 000,000,000 | ---D | M] -- C:\Users\Rupi\AppData\Roaming\Dropbox [2011.05.18 12:46:50 | 000,000,000 | ---D | M] -- C:\Users\Rupi\AppData\Roaming\Duden [2011.03.13 14:14:20 | 000,000,000 | ---D | M] -- C:\Users\Rupi\AppData\Roaming\fotobuch.de AG [2012.08.10 07:27:06 | 000,000,000 | ---D | M] -- C:\Users\Rupi\AppData\Roaming\GetRightToGo [2010.12.23 15:36:45 | 000,000,000 | ---D | M] -- C:\Users\Rupi\AppData\Roaming\GlarySoft [2012.06.14 23:00:20 | 000,000,000 | ---D | M] -- C:\Users\Rupi\AppData\Roaming\SoftMaker [2011.09.16 15:34:05 | 000,000,000 | ---D | M] -- C:\Users\Rupi\AppData\Roaming\TeamViewer [2012.05.24 10:30:51 | 000,000,000 | ---D | M] -- C:\Users\Rupi\AppData\Roaming\uTorrent ========== Purity Check ========== < End of report > |
|
04.02.2013, 13:44
| #2 |
| /// Malware-holic   | Unerwünschte Software (und Viren?) hi
__________________öffne bite superantispyware, poste berichte mit Funden Öffne Avira, Verwaltung, Quarantäne, poste fundmeldungen mit Pfadangabe als Text
__________________ |
|
04.02.2013, 18:04
| #3 |
| | Unerwünschte Software (und Viren?) Hallo Markus,
__________________vielen Dank für die rasche Antwort!!! Ich habe versucht, an deine E-Mail Adresse zu antworten, aber das Programm sendet nicht... Hier ist die Quatantäne-Meldung von Avira: Datei: Enthält verdächtigen Code GEN/PwdZIP Quelle: C:\Programm...\SweetIM64.zip 26.09.2012 Datei: Ist das Trojanische Pferd TR/Crypt.XPACK.Gen2 Quelle: C:\Pro...\GraphicsDecoder.dll 12.08.2012 Ich habe Avira seitdem nicht mehr upgedatet und benutzt, weil es sich mit SUPERAntiSpyware und Spybot beisst, und ich hatte den Eindruck, die beiden finden mehr Malware. Sorry, mit SUPERAntiSpyware hatte ich schon gescannt und bereinigt, nachdem ich die verschiedenen Softwares geladen hatte. Deshalb fand der Scan jetzt keine Bedrohungen mehr. (Ich habe mich erst bei euch gemeldet, nachdem die beschriebenen Symptome andauerten). Nach den Scans mit Defogger, OTL und GMER ist das Problem mit den Pünktchen im Passwort-Feld meines E-Mails (vorerst) nicht mehr aufgetaucht. Gibt es noch weitere Möglichkeiten, eventuellen Viren/Trojanern auf die Spur zu kommen? Viele Grüße aus SSA! Zalgado |
|
04.02.2013, 18:06
| #4 |
| /// Malware-holic | Unerwünschte Software (und Viren?) ich möchte die logs von SUPERAntiSpyware sehen, spybot und SUPERAntiSpyware sind lang nicht so gut wie avira und finden häufig nur sinnloses zeug wie Kookies. also, fundmeldungen posten von Superantispyware
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.02.2013, 18:21
| #5 |
| | Unerwünschte Software (und Viren?) Alles klar, jetzt habe ichs kapiert! ... Dann wäre es also besser, SuperAntspyware zu desaktivieren und zu Avira zurückzukehren? SUPERAntiSpyware Scan Log SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware! Generated 01/04/2013 at 01:17 PM Application Version : 5.1.1002 Core Rules Database Version : 9965 Trace Rules Database Version: 7777 Scan type : Complete Scan Total Scan Time : 01:14:10 Operating System Information Windows 7 Home Basic 64-bit, Service Pack 1 (Build 6.01.7601) UAC On - Limited User Memory items scanned : 537 Memory threats detected : 0 Registry items scanned : 73303 Registry threats detected : 0 File items scanned : 70420 File threats detected : 106 Adware.Tracking Cookie C:\Users\Rupi\AppData\Roaming\Microsoft\Windows\Cookies\Q1L3A1Q1.txt [ /c.atdmt.com ] C:\Users\Rupi\AppData\Roaming\Microsoft\Windows\Cookies\DNEAUSG3.txt [ /atdmt.com ] C:\USERS\RUPI\Cookies\DNEAUSG3.txt [ Cookie:rupi@atdmt.com/ ] .revsci.net [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .imrworldwide.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .imrworldwide.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .invitemedia.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] adx.chip.de [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] adx.chip.de [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .lucidmedia.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .banner.t-online.de [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .smartadserver.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .smartadserver.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .smartadserver.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .atdmt.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad.yieldmanager.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad.yieldmanager.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad.yieldmanager.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adinterax.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] tracking.mlsat02.de [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .microsoftwllivemkt.112.2o7.net [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .zanox-affiliate.de [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad.dyntracker.de [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad.yieldmanager.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] track.adform.net [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .accounts.google.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .accounts.google.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .xiti.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .revsci.net [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .invitemedia.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .pro-market.net [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .eaeacom.112.2o7.net [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .ad.mlnadvertising.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .c1.atdmt.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .pro-market.net [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .pro-market.net [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .pro-market.net [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .atdmt.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .c.atdmt.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .c.atdmt.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .atdmt.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .atdmt.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .c.atdmt.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .c.atdmt.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .smartadserver.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .smartadserver.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ww251.smartadserver.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .smartadserver.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] adx.chip.de [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .im.banner.t-online.de [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .zanox.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad.zanox.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] banner.slashcam.de [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adinterax.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] banner.slashcam.de [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .revsci.net [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .revsci.net [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .revsci.net [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] adx.chip.de [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] adx.chip.de [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .vinsight.de [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .2o7.net [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .doubleclick.net [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .invitemedia.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .histats.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .histats.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .yadro.ru [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .yadro.ru [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad.yieldmanager.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad.yieldmanager.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad.yieldmanager.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .webstatschecker.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .webstatschecker.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .webstatschecker.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] Web Stats Checker - Check stats for Domains, Keywords, Competitors, Inbound Links and many more [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] Web Stats Checker - Check stats for Domains, Keywords, Competitors, Inbound Links and many more [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] Web Stats Checker - Check stats for Domains, Keywords, Competitors, Inbound Links and many more [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ads.crakmedia.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .statcounter.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .exoclick.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adtech.de [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adtech.de [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .apmebf.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .mediaplex.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] Startseite der ARD Mediathek mit Audios und Videos zum Abruf [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] Startseite der ARD Mediathek mit Audios und Videos zum Abruf [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .questionmarket.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .questionmarket.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .invitemedia.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .invitemedia.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .invitemedia.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .invitemedia.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .doubleclick.net [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] accounts.google.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] accounts.youtube.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .mediaplex.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] track.adform.net [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adform.net [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad4.adfarm1.adition.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adfarm1.adition.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] adfarm1.adition.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad2.adfarm1.adition.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adfarm1.adition.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad1.adfarm1.adition.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adfarm1.adition.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad3.adfarm1.adition.com [ C:\USERS\RUPI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] |
|
04.02.2013, 19:40
| #6 |
| /// Malware-holic | Unerwünschte Software (und Viren?) nur kookies, ich sag ja, superantispyware ersetzt kein vernünftiges AV. Gibts weitere Fund Logs?
__________________ --> Unerwünschte Software (und Viren?) |
|
05.02.2013, 14:23
| #7 |
| | Unerwünschte Software (und Viren?) Hallo Markus, da bin ich wieder. Ich habe die neueste Version von Avira geladen und gescannt (dauert fast ewig). Das Ergebnis: Keine Funde. Hier der Report: Avira Free Antivirus Erstellungsdatum der Reportdatei: terça-feira, 5 de fevereiro de 2013 09:08 Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows 7 Home Basic Windowsversion : (Service Pack 1) [6.1.7601] Boot Modus : Normal gebootet Benutzername : SISTEMA Computername : RUPI-PC Versionsinformationen: BUILD.DAT : 13.0.0.2890 48567 Bytes 05/12/2012 17:11:00 AVSCAN.EXE : 13.6.0.402 639264 Bytes 05/02/2013 01:04:45 AVSCANRC.DLL : 13.4.0.360 64800 Bytes 05/02/2013 01:04:45 LUKE.DLL : 13.6.0.400 67360 Bytes 05/02/2013 01:05:31 AVSCPLR.DLL : 13.6.0.628 94432 Bytes 05/02/2013 10:41:12 AVREG.DLL : 13.6.0.600 250592 Bytes 05/02/2013 10:41:11 avlode.dll : 13.6.1.402 428832 Bytes 05/02/2013 01:06:48 avlode.rdf : 13.0.0.36 10917 Bytes 05/02/2013 01:06:47 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 00:59:40 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 01:00:34 VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 01:01:28 VBASE003.VDF : 7.11.21.238 4472832 Bytes 01/02/2012 01:01:45 VBASE004.VDF : 7.11.26.44 4329472 Bytes 28/03/2012 01:02:01 VBASE005.VDF : 7.11.34.116 4034048 Bytes 29/06/2012 01:02:16 VBASE006.VDF : 7.11.41.250 4902400 Bytes 06/09/2012 01:02:34 VBASE007.VDF : 7.11.50.230 3904512 Bytes 22/11/2012 01:02:51 VBASE008.VDF : 7.11.55.142 2214912 Bytes 03/01/2013 01:03:00 VBASE009.VDF : 7.11.55.143 2048 Bytes 03/01/2013 01:03:00 VBASE010.VDF : 7.11.55.144 2048 Bytes 03/01/2013 01:03:00 VBASE011.VDF : 7.11.55.145 2048 Bytes 03/01/2013 01:03:01 VBASE012.VDF : 7.11.55.146 2048 Bytes 03/01/2013 01:03:01 VBASE013.VDF : 7.11.55.196 260096 Bytes 04/01/2013 01:03:02 VBASE014.VDF : 7.11.56.23 206848 Bytes 07/01/2013 01:03:03 VBASE015.VDF : 7.11.56.83 186880 Bytes 08/01/2013 01:03:04 VBASE016.VDF : 7.11.56.145 135168 Bytes 09/01/2013 01:03:04 VBASE017.VDF : 7.11.56.211 139776 Bytes 11/01/2013 01:03:05 VBASE018.VDF : 7.11.57.11 153088 Bytes 13/01/2013 01:03:06 VBASE019.VDF : 7.11.57.75 165888 Bytes 15/01/2013 01:03:07 VBASE020.VDF : 7.11.57.163 190976 Bytes 17/01/2013 01:03:07 VBASE021.VDF : 7.11.57.219 119808 Bytes 18/01/2013 01:03:08 VBASE022.VDF : 7.11.58.7 167936 Bytes 21/01/2013 01:03:09 VBASE023.VDF : 7.11.58.49 140288 Bytes 22/01/2013 01:03:09 VBASE024.VDF : 7.11.58.119 137728 Bytes 24/01/2013 01:03:10 VBASE025.VDF : 7.11.58.175 132608 Bytes 25/01/2013 01:03:11 VBASE026.VDF : 7.11.58.213 116736 Bytes 27/01/2013 01:03:11 VBASE027.VDF : 7.11.59.68 1887744 Bytes 31/01/2013 01:03:18 VBASE028.VDF : 7.11.59.159 431104 Bytes 04/02/2013 01:03:20 VBASE029.VDF : 7.11.59.160 2048 Bytes 04/02/2013 01:03:20 VBASE030.VDF : 7.11.59.161 2048 Bytes 04/02/2013 01:03:20 VBASE031.VDF : 7.11.59.186 1084928 Bytes 05/02/2013 10:41:09 Engineversion : 8.2.10.246 AEVDF.DLL : 8.1.2.10 102772 Bytes 05/02/2013 01:03:39 AESCRIPT.DLL : 8.1.4.86 467323 Bytes 05/02/2013 01:03:38 AESCN.DLL : 8.1.10.0 131445 Bytes 05/02/2013 01:03:38 AESBX.DLL : 8.2.5.12 606578 Bytes 05/02/2013 01:03:40 AERDL.DLL : 8.2.0.88 643444 Bytes 05/02/2013 01:03:37 AEPACK.DLL : 8.3.1.2 819574 Bytes 05/02/2013 01:03:36 AEOFFICE.DLL : 8.1.2.50 201084 Bytes 05/02/2013 01:03:34 AEHEUR.DLL : 8.1.4.194 5710199 Bytes 05/02/2013 01:03:34 AEHELP.DLL : 8.1.25.2 258423 Bytes 05/02/2013 01:03:25 AEGEN.DLL : 8.1.6.16 434549 Bytes 05/02/2013 01:03:24 AEEXP.DLL : 8.3.0.18 188789 Bytes 05/02/2013 01:03:40 AEEMU.DLL : 8.1.3.2 393587 Bytes 05/02/2013 01:03:23 AECORE.DLL : 8.1.30.0 201079 Bytes 05/02/2013 01:03:22 AEBB.DLL : 8.1.1.4 53619 Bytes 05/02/2013 01:03:22 AVWINLL.DLL : 13.4.0.163 25888 Bytes 05/02/2013 00:58:12 AVPREF.DLL : 13.4.0.360 50464 Bytes 05/02/2013 01:04:43 AVREP.DLL : 13.6.0.480 178544 Bytes 05/02/2013 10:41:11 AVARKT.DLL : 13.6.0.402 260384 Bytes 05/02/2013 01:04:24 AVEVTLOG.DLL : 13.6.0.400 167200 Bytes 05/02/2013 01:04:29 SQLITE3.DLL : 3.7.0.1 397088 Bytes 05/02/2013 01:06:07 AVSMTP.DLL : 13.4.0.163 62240 Bytes 05/02/2013 01:04:48 NETNT.DLL : 13.4.0.360 15648 Bytes 05/02/2013 01:05:45 RCIMAGE.DLL : 13.4.0.360 4780832 Bytes 05/02/2013 00:58:15 RCTEXT.DLL : 13.4.0.360 68384 Bytes 05/02/2013 00:58:15 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Vollständige Systemprüfung Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp Protokollierung.......................: standard Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, D:, Durchsuche aktive Programme...........: ein Laufende Programme erweitert..........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: ein Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: erweitert Beginn des Suchlaufs: terça-feira, 5 de fevereiro de 2013 09:08 Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! Masterbootsektor HD1 [INFO] Es wurde kein Virus gefunden! Masterbootsektor HD2 [INFO] Es wurde kein Virus gefunden! Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! Bootsektor 'D:\' [INFO] Es wurde kein Virus gefunden! Der Suchlauf nach versteckten Objekten wird begonnen. Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '81' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '88' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '167' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '82' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '90' Modul(e) wurden durchsucht Durchsuche Prozess 'spoolsv.exe' - '83' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht Durchsuche Prozess 'SASCORE64.EXE' - '19' Modul(e) wurden durchsucht Durchsuche Prozess 'armsvc.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'mDNSResponder.exe' - '45' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'ToolbarUpdater.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '56' Modul(e) wurden durchsucht Durchsuche Prozess 'WLIDSVC.EXE' - '76' Modul(e) wurden durchsucht Durchsuche Prozess 'WLIDSvcM.exe' - '17' Modul(e) wurden durchsucht Durchsuche Prozess 'taskeng.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'WUDFHost.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'taskhost.exe' - '52' Modul(e) wurden durchsucht Durchsuche Prozess 'taskeng.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'Dwm.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'Explorer.EXE' - '162' Modul(e) wurden durchsucht Durchsuche Prozess 'igfxtray.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'hkcmd.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'igfxpers.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'igfxsrvc.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'SUPERANTISPYWARE.EXE' - '81' Modul(e) wurden durchsucht Durchsuche Prozess 'msnmsgr.exe' - '125' Modul(e) wurden durchsucht Durchsuche Prozess 'SSScheduler.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'Dropbox.exe' - '78' Modul(e) wurden durchsucht Durchsuche Prozess 'jusched.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'Updater.exe' - '41' Modul(e) wurden durchsucht Durchsuche Prozess 'vprot.exe' - '69' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '88' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchIndexer.exe' - '54' Modul(e) wurden durchsucht Durchsuche Prozess 'wmpnetwk.exe' - '64' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '54' Modul(e) wurden durchsucht Durchsuche Prozess 'NASvc.exe' - '46' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '77' Modul(e) wurden durchsucht Durchsuche Prozess 'avshadow.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '90' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '124' Modul(e) wurden durchsucht Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchProtocolHost.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchFilterHost.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'lsass.exe' - '63' Modul(e) wurden durchsucht Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '5939' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' <windows> Beginne mit der Suche in 'D:\' <recovery> Ende des Suchlaufs: terça-feira, 5 de fevereiro de 2013 11:12 Benötigte Zeit: 2:03:09 Stunde(n) Der Suchlauf wurde vollständig durchgeführt. 34705 Verzeichnisse wurden überprüft 658710 Dateien wurden geprüft 0 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 0 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 658710 Dateien ohne Befall 5785 Archive wurden durchsucht 0 Warnungen 0 Hinweise 865876 Objekte wurden beim Rootkitscan durchsucht 0 Versteckte Objekte wurden gefunden Ich bin aber immer noch nicht ganz überzeugt, dass der Rechner viren-trojaner-frei ist. Mir wurde, als ich direkt zum Trojaner-Board gehen wollte, wieder der Warnhinweis angezeigt "Dies ist wahrscheinlich nicht die Seite..." Hast Du noch eine Idee? Grüße, Zalgado |
|
05.02.2013, 16:44
| #8 |
| /// Malware-holic | Unerwünschte Software (und Viren?) wieso jetzt avira, ich hatte erst mal gefragt, ob es weitere SUPERAntiSpyware Funde gibt, die hätte ich gern. dann: download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.02.2013, 15:53
| #9 |
| | Unerwünschte Software (und Viren?) Hallo, sorry, wenn die Antwort manchmal etwas dauert - dann ist das Zimmer, in dem der Rechner steht, vermietet... Ich habe die letzten scans aus SuperAnto Spyware nachgesehen - es wurden nur cookies gefunden. TDSSKiller hat ein Objekt gefunden: C:\windows\system32\drivers\StarOpen.sys Ich habe bei skip "Kopie für Quarantäne" gedrückt. In dem Ordner TDSSKiller_Quarantine befindet sich ein weiterer: 06.02.2013_12.28.08, darin susp0000, darin svc0000 und ein Objekt, svc0000 befinden sich ein Objekt, tsk0000.data und tst0000 Ich habe von einem anderen Rechner aus mein Mailprogramm gestartet, dort funktionierte alles normal. Auf meinem Rechner waren die Felder für den Accountnamen und das Passwort gelb, das Feld fürs Passwort mit Pünktchen gefüllt. Ich habe auf dem anderen Rechner mein Passwort geändert. Viele Grüsse, Zalgado P.S. Ab morgen ist besagtes Zimmer für eine Woche vermietet, es kann sein, dass ich mich dann solange nicht mehr melden kann. Also vielleicht noch bis heute abend oder in einer Woche! |
|
07.02.2013, 13:36
| #10 |
| /// Malware-holic | Unerwünschte Software (und Viren?) hatte ich was von löschen beim tdss killer gesagt? wo ist das log?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.02.2013, 14:41
| #11 |
| | Unerwünschte Software (und Viren?) Hallo Markus, danke für Deine Antwort! Sorry, wenn ich Deine Anweisungen machmal nicht gleich richtig verstehe ... Zum Glück kann ich wieder an meinen Rechner, also kanns weitergehen. Hier ist das Logfile: 11:34:48.0116 4064 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 11:34:48.0974 4064 ============================================================ 11:34:48.0974 4064 Current date / time: 2013/02/07 11:34:48.0974 11:34:48.0974 4064 SystemInfo: 11:34:48.0974 4064 11:34:48.0974 4064 OS Version: 6.1.7601 ServicePack: 1.0 11:34:48.0974 4064 Product type: Workstation 11:34:48.0974 4064 ComputerName: RUPI-PC 11:34:48.0974 4064 UserName: Rupi 11:34:48.0974 4064 Windows directory: C:\windows 11:34:48.0974 4064 System windows directory: C:\windows 11:34:48.0974 4064 Running under WOW64 11:34:48.0974 4064 Processor architecture: Intel x64 11:34:48.0974 4064 Number of processors: 2 11:34:48.0974 4064 Page size: 0x1000 11:34:48.0974 4064 Boot type: Normal boot 11:34:48.0974 4064 ============================================================ 11:34:58.0319 4064 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 11:34:58.0319 4064 ============================================================ 11:34:58.0319 4064 \Device\Harddisk0\DR0: 11:34:58.0319 4064 MBR partitions: 11:34:58.0319 4064 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x214800 11:34:58.0319 4064 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x215000, BlocksNum 0xF9F800 11:34:58.0319 4064 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x11B4800, BlocksNum 0x24279800 11:34:58.0334 4064 ============================================================ 11:34:58.0584 4064 C: <-> \Device\Harddisk0\DR0\Partition3 11:34:58.0677 4064 D: <-> \Device\Harddisk0\DR0\Partition2 11:34:58.0677 4064 ============================================================ 11:34:58.0677 4064 Initialize success 11:34:58.0677 4064 ============================================================ Ich habe übrigens nichts gelöscht, sondern nur den Knopf gedrückt "kopieren für Quarantäne" (ich wusste nicht recht, was ich sonst machen sollte.) Herzliche Grüsse Zalgado |
|
08.02.2013, 16:32
| #12 |
| /// Malware-holic | Unerwünschte Software (und Viren?) hmm kannst du noch mal scannen und das log als txt anhängen?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.02.2013, 18:43
| #13 |
| | Unerwünschte Software (und Viren?) Hallo Markus ich habe nochmal gescannt (und nicht gelöscht) - Ergebnis 1 Treffer. Hier der logfile: 15:32:41.0844 3460 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 15:32:42.0421 3460 ============================================================ 15:32:42.0421 3460 Current date / time: 2013/02/08 15:32:42.0421 15:32:42.0421 3460 SystemInfo: 15:32:42.0421 3460 15:32:42.0421 3460 OS Version: 6.1.7601 ServicePack: 1.0 15:32:42.0421 3460 Product type: Workstation 15:32:42.0421 3460 ComputerName: RUPI-PC 15:32:42.0421 3460 UserName: Rupi 15:32:42.0421 3460 Windows directory: C:\windows 15:32:42.0421 3460 System windows directory: C:\windows 15:32:42.0421 3460 Running under WOW64 15:32:42.0421 3460 Processor architecture: Intel x64 15:32:42.0421 3460 Number of processors: 2 15:32:42.0421 3460 Page size: 0x1000 15:32:42.0421 3460 Boot type: Normal boot 15:32:42.0421 3460 ============================================================ 15:32:46.0851 3460 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 15:32:46.0851 3460 ============================================================ 15:32:46.0851 3460 \Device\Harddisk0\DR0: 15:32:46.0851 3460 MBR partitions: 15:32:46.0851 3460 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x214800 15:32:46.0851 3460 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x215000, BlocksNum 0xF9F800 15:32:46.0851 3460 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x11B4800, BlocksNum 0x24279800 15:32:46.0851 3460 ============================================================ 15:32:46.0960 3460 C: <-> \Device\Harddisk0\DR0\Partition3 15:32:47.0023 3460 D: <-> \Device\Harddisk0\DR0\Partition2 15:32:47.0023 3460 ============================================================ 15:32:47.0023 3460 Initialize success 15:32:47.0023 3460 ============================================================ 15:32:57.0724 3884 ============================================================ 15:32:57.0724 3884 Scan started 15:32:57.0724 3884 Mode: Manual; SigCheck; TDLFS; 15:32:57.0724 3884 ============================================================ 15:32:59.0628 3884 ================ Scan system memory ======================== 15:32:59.0628 3884 System memory - ok 15:32:59.0628 3884 ================ Scan services ============================= 15:33:00.0174 3884 [ 7D9D615201A483D6FA99491C2E655A5A ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE 15:33:00.0720 3884 !SASCORE - ok 15:33:01.0547 3884 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys 15:33:01.0734 3884 1394ohci - ok 15:33:02.0030 3884 [ 11DFF8697FAF248EBA8F047D0A59A3E2 ] 3xHybr64 C:\windows\system32\DRIVERS\3xHybr64.sys 15:33:02.0171 3884 3xHybr64 - ok 15:33:02.0280 3884 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys 15:33:02.0405 3884 ACPI - ok 15:33:02.0529 3884 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys 15:33:02.0717 3884 AcpiPmi - ok 15:33:02.0779 3884 [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs C:\windows\system32\drivers\adfs.sys 15:33:02.0810 3884 adfs - ok 15:33:03.0075 3884 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 15:33:03.0153 3884 AdobeARMservice - ok 15:33:03.0450 3884 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 15:33:03.0497 3884 AdobeFlashPlayerUpdateSvc - ok 15:33:03.0731 3884 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys 15:33:03.0809 3884 adp94xx - ok 15:33:03.0855 3884 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys 15:33:03.0871 3884 adpahci - ok 15:33:03.0918 3884 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys 15:33:03.0933 3884 adpu320 - ok 15:33:03.0996 3884 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll 15:33:04.0105 3884 AeLookupSvc - ok 15:33:04.0245 3884 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys 15:33:04.0323 3884 AFD - ok 15:33:04.0386 3884 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys 15:33:04.0401 3884 agp440 - ok 15:33:04.0433 3884 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe 15:33:04.0511 3884 ALG - ok 15:33:04.0526 3884 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys 15:33:04.0557 3884 aliide - ok 15:33:04.0589 3884 [ 6290BA92CA8A23DB6BED83397CF97002 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe 15:33:04.0667 3884 AMD External Events Utility - ok 15:33:04.0713 3884 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys 15:33:04.0776 3884 amdide - ok 15:33:04.0854 3884 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys 15:33:04.0932 3884 AmdK8 - ok 15:33:04.0947 3884 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys 15:33:04.0994 3884 AmdPPM - ok 15:33:05.0041 3884 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys 15:33:05.0088 3884 amdsata - ok 15:33:05.0135 3884 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys 15:33:05.0150 3884 amdsbs - ok 15:33:05.0166 3884 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys 15:33:05.0181 3884 amdxata - ok 15:33:05.0525 3884 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 15:33:05.0540 3884 AntiVirSchedulerService - ok 15:33:05.0634 3884 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 15:33:05.0649 3884 AntiVirService - ok 15:33:05.0712 3884 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys 15:33:06.0305 3884 AppID - ok 15:33:06.0336 3884 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll 15:33:06.0383 3884 AppIDSvc - ok 15:33:06.0445 3884 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll 15:33:06.0523 3884 Appinfo - ok 15:33:06.0617 3884 [ 018857EAD9A077A56AEDFC0E5EF7A24A ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 15:33:06.0648 3884 Apple Mobile Device - ok 15:33:06.0741 3884 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys 15:33:06.0757 3884 arc - ok 15:33:06.0773 3884 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys 15:33:06.0788 3884 arcsas - ok 15:33:06.0819 3884 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys 15:33:06.0866 3884 AsyncMac - ok 15:33:06.0913 3884 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys 15:33:06.0929 3884 atapi - ok 15:33:06.0975 3884 [ B63168E23AF172DD728C60F270F30D48 ] Atc002 C:\windows\system32\DRIVERS\l260x64.sys 15:33:07.0022 3884 Atc002 - ok 15:33:07.0724 3884 [ 29623DB7E23B65F0C50CA19D7E0DFD03 ] atikmdag C:\windows\system32\DRIVERS\atikmdag.sys 15:33:08.0021 3884 atikmdag - ok 15:33:08.0192 3884 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll 15:33:08.0301 3884 AudioEndpointBuilder - ok 15:33:08.0333 3884 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll 15:33:08.0379 3884 AudioSrv - ok 15:33:08.0426 3884 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\windows\system32\DRIVERS\avgntflt.sys 15:33:08.0442 3884 avgntflt - ok 15:33:08.0535 3884 [ 95AED7BB68CF3381AF19DA81BC7DD3FB ] avgtp C:\windows\system32\drivers\avgtpx64.sys 15:33:08.0567 3884 avgtp - ok 15:33:08.0629 3884 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\windows\system32\DRIVERS\avipbb.sys 15:33:08.0660 3884 avipbb - ok 15:33:08.0723 3884 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\windows\system32\DRIVERS\avkmgr.sys 15:33:08.0754 3884 avkmgr - ok 15:33:08.0769 3884 AVP - ok 15:33:08.0816 3884 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll 15:33:08.0894 3884 AxInstSV - ok 15:33:08.0925 3884 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys 15:33:09.0003 3884 b06bdrv - ok 15:33:09.0019 3884 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys 15:33:09.0050 3884 b57nd60a - ok 15:33:09.0159 3884 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll 15:33:09.0222 3884 BDESVC - ok 15:33:09.0269 3884 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys 15:33:09.0347 3884 Beep - ok 15:33:09.0518 3884 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll 15:33:09.0643 3884 BFE - ok 15:33:09.0705 3884 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\system32\qmgr.dll 15:33:09.0768 3884 BITS - ok 15:33:09.0799 3884 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys 15:33:09.0830 3884 blbdrive - ok 15:33:09.0955 3884 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe 15:33:09.0986 3884 Bonjour Service - ok 15:33:10.0033 3884 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys 15:33:10.0095 3884 bowser - ok 15:33:10.0127 3884 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys 15:33:10.0189 3884 BrFiltLo - ok 15:33:10.0205 3884 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys 15:33:10.0220 3884 BrFiltUp - ok 15:33:10.0298 3884 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys 15:33:10.0376 3884 BridgeMP - ok 15:33:10.0454 3884 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll 15:33:10.0517 3884 Browser - ok 15:33:10.0563 3884 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys 15:33:10.0626 3884 Brserid - ok 15:33:10.0657 3884 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys 15:33:10.0719 3884 BrSerWdm - ok 15:33:10.0735 3884 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys 15:33:10.0782 3884 BrUsbMdm - ok 15:33:10.0813 3884 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys 15:33:10.0829 3884 BrUsbSer - ok 15:33:10.0860 3884 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys 15:33:10.0938 3884 BTHMODEM - ok 15:33:10.0953 3884 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll 15:33:11.0016 3884 bthserv - ok 15:33:11.0047 3884 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys 15:33:11.0109 3884 cdfs - ok 15:33:11.0203 3884 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\drivers\cdrom.sys 15:33:11.0250 3884 cdrom - ok 15:33:11.0359 3884 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll 15:33:11.0437 3884 CertPropSvc - ok 15:33:11.0484 3884 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys 15:33:11.0577 3884 circlass - ok 15:33:11.0624 3884 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys 15:33:11.0655 3884 CLFS - ok 15:33:11.0967 3884 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 15:33:12.0014 3884 clr_optimization_v2.0.50727_32 - ok 15:33:12.0077 3884 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 15:33:12.0092 3884 clr_optimization_v2.0.50727_64 - ok 15:33:12.0217 3884 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 15:33:12.0326 3884 clr_optimization_v4.0.30319_32 - ok 15:33:12.0357 3884 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 15:33:12.0373 3884 clr_optimization_v4.0.30319_64 - ok 15:33:12.0389 3884 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys 15:33:12.0420 3884 CmBatt - ok 15:33:12.0451 3884 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys 15:33:12.0467 3884 cmdide - ok 15:33:12.0623 3884 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys 15:33:12.0747 3884 CNG - ok 15:33:12.0810 3884 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys 15:33:12.0857 3884 Compbatt - ok 15:33:12.0903 3884 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys 15:33:12.0935 3884 CompositeBus - ok 15:33:12.0966 3884 COMSysApp - ok 15:33:12.0981 3884 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys 15:33:12.0997 3884 crcdisk - ok 15:33:13.0059 3884 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll 15:33:13.0122 3884 CryptSvc - ok 15:33:13.0200 3884 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll 15:33:13.0262 3884 DcomLaunch - ok 15:33:13.0325 3884 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll 15:33:13.0418 3884 defragsvc - ok 15:33:13.0481 3884 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys 15:33:13.0543 3884 DfsC - ok 15:33:13.0621 3884 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll 15:33:13.0715 3884 Dhcp - ok 15:33:13.0746 3884 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys 15:33:13.0808 3884 discache - ok 15:33:13.0855 3884 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys 15:33:13.0871 3884 Disk - ok 15:33:13.0964 3884 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll 15:33:14.0105 3884 Dnscache - ok 15:33:14.0183 3884 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll 15:33:14.0229 3884 dot3svc - ok 15:33:14.0323 3884 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll 15:33:14.0354 3884 DPS - ok 15:33:14.0401 3884 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys 15:33:14.0432 3884 drmkaud - ok 15:33:14.0666 3884 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys 15:33:14.0775 3884 DXGKrnl - ok 15:33:14.0791 3884 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll 15:33:14.0853 3884 EapHost - ok 15:33:15.0540 3884 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys 15:33:15.0665 3884 ebdrv - ok 15:33:15.0743 3884 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe 15:33:15.0805 3884 EFS - ok 15:33:15.0836 3884 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys 15:33:15.0883 3884 elxstor - ok 15:33:15.0914 3884 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys 15:33:15.0961 3884 ErrDev - ok 15:33:16.0023 3884 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll 15:33:16.0086 3884 EventSystem - ok 15:33:16.0133 3884 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys 15:33:16.0179 3884 exfat - ok 15:33:16.0273 3884 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys 15:33:16.0367 3884 fastfat - ok 15:33:16.0445 3884 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe 15:33:16.0523 3884 Fax - ok 15:33:16.0538 3884 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys 15:33:16.0569 3884 fdc - ok 15:33:16.0601 3884 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll 15:33:16.0663 3884 fdPHost - ok 15:33:16.0710 3884 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll 15:33:16.0757 3884 FDResPub - ok 15:33:16.0819 3884 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys 15:33:16.0866 3884 FileInfo - ok 15:33:16.0866 3884 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys 15:33:16.0928 3884 Filetrace - ok 15:33:16.0975 3884 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 15:33:17.0006 3884 FLEXnet Licensing Service - ok 15:33:17.0209 3884 [ 1C3FB052A0BB72EDAED90785C34D6EED ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe 15:33:17.0287 3884 FLEXnet Licensing Service 64 - ok 15:33:17.0303 3884 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys 15:33:17.0334 3884 flpydisk - ok 15:33:17.0443 3884 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys 15:33:17.0459 3884 FltMgr - ok 15:33:17.0615 3884 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll 15:33:17.0724 3884 FontCache - ok 15:33:17.0771 3884 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 15:33:17.0786 3884 FontCache3.0.0.0 - ok 15:33:17.0817 3884 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys 15:33:17.0833 3884 FsDepends - ok 15:33:17.0880 3884 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys 15:33:17.0895 3884 Fs_Rec - ok 15:33:17.0989 3884 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys 15:33:18.0036 3884 fvevol - ok 15:33:18.0067 3884 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys 15:33:18.0098 3884 gagp30kx - ok 15:33:18.0254 3884 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll 15:33:18.0363 3884 gpsvc - ok 15:33:18.0519 3884 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 15:33:18.0535 3884 gupdate - ok 15:33:18.0582 3884 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 15:33:18.0582 3884 gupdatem - ok 15:33:18.0613 3884 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys 15:33:18.0660 3884 hcw85cir - ok 15:33:18.0738 3884 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys 15:33:18.0769 3884 HdAudAddService - ok 15:33:18.0800 3884 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys 15:33:18.0831 3884 HDAudBus - ok 15:33:18.0847 3884 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys 15:33:18.0878 3884 HidBatt - ok 15:33:18.0894 3884 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys 15:33:18.0925 3884 HidBth - ok 15:33:18.0987 3884 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys 15:33:19.0034 3884 HidIr - ok 15:33:19.0050 3884 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll 15:33:19.0128 3884 hidserv - ok 15:33:19.0237 3884 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\drivers\hidusb.sys 15:33:19.0284 3884 HidUsb - ok 15:33:19.0315 3884 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll 15:33:19.0393 3884 hkmsvc - ok 15:33:19.0502 3884 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll 15:33:19.0611 3884 HomeGroupListener - ok 15:33:19.0658 3884 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll 15:33:19.0721 3884 HomeGroupProvider - ok 15:33:19.0767 3884 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys 15:33:19.0799 3884 HpSAMD - ok 15:33:20.0079 3884 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys 15:33:20.0204 3884 HTTP - ok 15:33:20.0235 3884 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys 15:33:20.0298 3884 hwpolicy - ok 15:33:20.0360 3884 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys 15:33:20.0391 3884 i8042prt - ok 15:33:20.0469 3884 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys 15:33:20.0501 3884 iaStorV - ok 15:33:20.0719 3884 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 15:33:20.0797 3884 idsvc - ok 15:33:21.0312 3884 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys 15:33:21.0546 3884 igfx - ok 15:33:21.0593 3884 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys 15:33:21.0608 3884 iirsp - ok 15:33:21.0671 3884 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll 15:33:21.0733 3884 IKEEXT - ok 15:33:21.0827 3884 [ E28EDF74900E68184F44CFCDD66F1BC3 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys 15:33:21.0873 3884 IntcAzAudAddService - ok 15:33:21.0936 3884 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys 15:33:21.0998 3884 intelide - ok 15:33:22.0045 3884 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys 15:33:22.0061 3884 intelppm - ok 15:33:22.0107 3884 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll 15:33:22.0170 3884 IPBusEnum - ok 15:33:22.0217 3884 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys 15:33:22.0263 3884 IpFilterDriver - ok 15:33:22.0419 3884 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll 15:33:22.0482 3884 iphlpsvc - ok 15:33:22.0544 3884 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys 15:33:22.0591 3884 IPMIDRV - ok 15:33:22.0669 3884 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys 15:33:22.0763 3884 IPNAT - ok 15:33:22.0778 3884 [ 05360B1EA5A2ABF620D1D96EBD8BD8F1 ] irda C:\windows\system32\DRIVERS\irda.sys 15:33:22.0856 3884 irda - ok 15:33:22.0887 3884 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys 15:33:22.0919 3884 IRENUM - ok 15:33:22.0934 3884 [ 3848384AB383F0A8F506C4370635C1F9 ] Irmon C:\windows\System32\irmon.dll 15:33:22.0981 3884 Irmon - ok 15:33:23.0043 3884 [ D2CA12736624BA636F8357DC3EF0757E ] irsir C:\windows\system32\DRIVERS\irsir.sys 15:33:23.0075 3884 irsir - ok 15:33:23.0121 3884 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys 15:33:23.0153 3884 isapnp - ok 15:33:23.0246 3884 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys 15:33:23.0309 3884 iScsiPrt - ok 15:33:23.0324 3884 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\drivers\kbdclass.sys 15:33:23.0340 3884 kbdclass - ok 15:33:23.0418 3884 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys 15:33:23.0449 3884 kbdhid - ok 15:33:23.0480 3884 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe 15:33:23.0496 3884 KeyIso - ok 15:33:23.0527 3884 KL1 - ok 15:33:23.0589 3884 KLIF - ok 15:33:23.0605 3884 KLIM6 - ok 15:33:23.0605 3884 klmouflt - ok 15:33:23.0652 3884 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys 15:33:23.0683 3884 KSecDD - ok 15:33:23.0761 3884 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys 15:33:23.0823 3884 KSecPkg - ok 15:33:23.0855 3884 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys 15:33:23.0917 3884 ksthunk - ok 15:33:23.0979 3884 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll 15:33:24.0089 3884 KtmRm - ok 15:33:24.0135 3884 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll 15:33:24.0198 3884 LanmanServer - ok 15:33:24.0245 3884 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll 15:33:24.0291 3884 LanmanWorkstation - ok 15:33:24.0323 3884 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys 15:33:24.0385 3884 lltdio - ok 15:33:24.0494 3884 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll 15:33:24.0572 3884 lltdsvc - ok 15:33:24.0588 3884 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll 15:33:24.0650 3884 lmhosts - ok 15:33:24.0728 3884 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys 15:33:24.0759 3884 LSI_FC - ok 15:33:24.0791 3884 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys 15:33:24.0822 3884 LSI_SAS - ok 15:33:24.0822 3884 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys 15:33:24.0853 3884 LSI_SAS2 - ok 15:33:24.0869 3884 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys 15:33:24.0884 3884 LSI_SCSI - ok 15:33:24.0900 3884 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys 15:33:24.0947 3884 luafv - ok 15:33:25.0227 3884 [ C58F15CD4EF79210455512CF0C449F39 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.313\McCHSvc.exe 15:33:25.0243 3884 McComponentHostService - ok 15:33:25.0274 3884 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys 15:33:25.0290 3884 megasas - ok 15:33:25.0305 3884 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys 15:33:25.0337 3884 MegaSR - ok 15:33:25.0555 3884 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe 15:33:25.0571 3884 Microsoft Office Groove Audit Service - ok 15:33:25.0602 3884 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll 15:33:25.0649 3884 MMCSS - ok 15:33:25.0664 3884 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys 15:33:25.0758 3884 Modem - ok 15:33:25.0789 3884 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys 15:33:25.0820 3884 monitor - ok 15:33:25.0851 3884 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\drivers\mouclass.sys 15:33:25.0867 3884 mouclass - ok 15:33:25.0883 3884 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys 15:33:25.0929 3884 mouhid - ok 15:33:25.0961 3884 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys 15:33:26.0007 3884 mountmgr - ok 15:33:26.0054 3884 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys 15:33:26.0070 3884 mpio - ok 15:33:26.0101 3884 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys 15:33:26.0132 3884 mpsdrv - ok 15:33:26.0195 3884 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll 15:33:26.0273 3884 MpsSvc - ok 15:33:26.0319 3884 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys 15:33:26.0351 3884 MRxDAV - ok 15:33:26.0397 3884 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys 15:33:26.0460 3884 mrxsmb - ok 15:33:26.0522 3884 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys 15:33:26.0569 3884 mrxsmb10 - ok 15:33:26.0600 3884 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys 15:33:26.0647 3884 mrxsmb20 - ok 15:33:26.0725 3884 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys 15:33:26.0772 3884 msahci - ok 15:33:26.0819 3884 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys 15:33:26.0850 3884 msdsm - ok 15:33:26.0897 3884 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe 15:33:26.0943 3884 MSDTC - ok 15:33:26.0990 3884 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys 15:33:27.0021 3884 Msfs - ok 15:33:27.0037 3884 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys 15:33:27.0084 3884 mshidkmdf - ok 15:33:27.0146 3884 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys 15:33:27.0162 3884 msisadrv - ok 15:33:27.0193 3884 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll 15:33:27.0240 3884 MSiSCSI - ok 15:33:27.0255 3884 msiserver - ok 15:33:27.0302 3884 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys 15:33:27.0349 3884 MSKSSRV - ok 15:33:27.0365 3884 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys 15:33:27.0411 3884 MSPCLOCK - ok 15:33:27.0458 3884 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys 15:33:27.0505 3884 MSPQM - ok 15:33:27.0552 3884 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys 15:33:27.0583 3884 MsRPC - ok 15:33:27.0630 3884 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys 15:33:27.0661 3884 mssmbios - ok 15:33:27.0723 3884 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys 15:33:27.0770 3884 MSTEE - ok 15:33:27.0801 3884 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys 15:33:27.0817 3884 MTConfig - ok 15:33:27.0848 3884 [ CAC3BB575E4A0417BFF28D3196E44D3A ] MTsensor C:\windows\system32\DRIVERS\ASACPI.sys 15:33:27.0895 3884 MTsensor - ok 15:33:27.0911 3884 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys 15:33:27.0926 3884 Mup - ok 15:33:28.0098 3884 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll 15:33:28.0176 3884 napagent - ok 15:33:28.0238 3884 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys 15:33:28.0285 3884 NativeWifiP - ok 15:33:28.0550 3884 [ E0E4A1F81A7D69C595A8A9DDAD084C19 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe 15:33:28.0597 3884 NAUpdate - ok 15:33:28.0675 3884 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys 15:33:28.0737 3884 NDIS - ok 15:33:28.0769 3884 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys 15:33:28.0815 3884 NdisCap - ok 15:33:28.0847 3884 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys 15:33:28.0893 3884 NdisTapi - ok 15:33:28.0925 3884 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys 15:33:28.0971 3884 Ndisuio - ok 15:33:29.0049 3884 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys 15:33:29.0159 3884 NdisWan - ok 15:33:29.0205 3884 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys 15:33:29.0268 3884 NDProxy - ok 15:33:29.0299 3884 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys 15:33:29.0346 3884 NetBIOS - ok 15:33:29.0439 3884 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys 15:33:29.0564 3884 NetBT - ok 15:33:29.0580 3884 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe 15:33:29.0611 3884 Netlogon - ok 15:33:29.0642 3884 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll 15:33:29.0705 3884 Netman - ok 15:33:29.0783 3884 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll 15:33:29.0876 3884 netprofm - ok 15:33:29.0954 3884 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 15:33:30.0017 3884 NetTcpPortSharing - ok 15:33:30.0063 3884 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys 15:33:30.0079 3884 nfrd960 - ok 15:33:30.0173 3884 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll 15:33:30.0204 3884 NlaSvc - ok 15:33:30.0251 3884 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys 15:33:30.0282 3884 Npfs - ok 15:33:30.0313 3884 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll 15:33:30.0407 3884 nsi - ok 15:33:30.0438 3884 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys 15:33:30.0500 3884 nsiproxy - ok 15:33:30.0594 3884 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys 15:33:30.0765 3884 Ntfs - ok 15:33:30.0781 3884 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys 15:33:30.0828 3884 Null - ok 15:33:30.0859 3884 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys 15:33:30.0937 3884 nvraid - ok 15:33:30.0968 3884 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys 15:33:30.0984 3884 nvstor - ok 15:33:31.0031 3884 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys 15:33:31.0046 3884 nv_agp - ok 15:33:31.0265 3884 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 15:33:31.0530 3884 odserv - ok 15:33:31.0623 3884 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys 15:33:31.0701 3884 ohci1394 - ok 15:33:31.0873 3884 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 15:33:31.0935 3884 ose - ok 15:33:33.0277 3884 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 15:33:34.0104 3884 osppsvc - ok 15:33:34.0182 3884 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll 15:33:34.0322 3884 p2pimsvc - ok 15:33:34.0447 3884 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll 15:33:34.0712 3884 p2psvc - ok 15:33:34.0775 3884 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys 15:33:34.0806 3884 Parport - ok 15:33:34.0868 3884 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys 15:33:34.0899 3884 partmgr - ok 15:33:34.0962 3884 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll 15:33:35.0024 3884 PcaSvc - ok 15:33:35.0133 3884 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys 15:33:35.0165 3884 pci - ok 15:33:35.0180 3884 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys 15:33:35.0211 3884 pciide - ok 15:33:35.0274 3884 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys 15:33:35.0492 3884 pcmcia - ok 15:33:35.0539 3884 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys 15:33:35.0570 3884 pcw - ok 15:33:35.0711 3884 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys 15:33:35.0820 3884 PEAUTH - ok 15:33:36.0085 3884 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe 15:33:36.0116 3884 PerfHost - ok 15:33:36.0397 3884 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll 15:33:36.0537 3884 pla - ok 15:33:36.0584 3884 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll 15:33:36.0615 3884 PlugPlay - ok 15:33:36.0647 3884 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll 15:33:36.0740 3884 PNRPAutoReg - ok 15:33:36.0756 3884 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll 15:33:36.0771 3884 PNRPsvc - ok 15:33:36.0849 3884 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll 15:33:36.0943 3884 PolicyAgent - ok 15:33:37.0005 3884 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll 15:33:37.0083 3884 Power - ok 15:33:37.0130 3884 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys 15:33:37.0177 3884 PptpMiniport - ok 15:33:37.0208 3884 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys 15:33:37.0286 3884 Processor - ok 15:33:37.0349 3884 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll 15:33:37.0395 3884 ProfSvc - ok 15:33:37.0411 3884 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe 15:33:37.0442 3884 ProtectedStorage - ok 15:33:37.0489 3884 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys 15:33:37.0551 3884 Psched - ok 15:33:37.0598 3884 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys 15:33:37.0645 3884 ql2300 - ok 15:33:37.0723 3884 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys 15:33:37.0770 3884 ql40xx - ok 15:33:37.0785 3884 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll 15:33:37.0817 3884 QWAVE - ok 15:33:37.0832 3884 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys 15:33:37.0848 3884 QWAVEdrv - ok 15:33:37.0863 3884 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys 15:33:37.0910 3884 RasAcd - ok 15:33:37.0957 3884 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys 15:33:37.0988 3884 RasAgileVpn - ok 15:33:38.0019 3884 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll 15:33:38.0082 3884 RasAuto - ok 15:33:38.0113 3884 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys 15:33:38.0144 3884 Rasl2tp - ok 15:33:38.0191 3884 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll 15:33:38.0238 3884 RasMan - ok 15:33:38.0300 3884 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys 15:33:38.0347 3884 RasPppoe - ok 15:33:38.0347 3884 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys 15:33:38.0394 3884 RasSstp - ok 15:33:38.0534 3884 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys 15:33:38.0612 3884 rdbss - ok 15:33:38.0643 3884 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys 15:33:38.0675 3884 rdpbus - ok 15:33:38.0721 3884 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys 15:33:38.0784 3884 RDPCDD - ok 15:33:38.0815 3884 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys 15:33:38.0877 3884 RDPENCDD - ok 15:33:38.0893 3884 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys 15:33:38.0955 3884 RDPREFMP - ok 15:33:39.0033 3884 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys 15:33:39.0143 3884 RDPWD - ok 15:33:39.0267 3884 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys 15:33:39.0299 3884 rdyboost - ok 15:33:39.0314 3884 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll 15:33:39.0361 3884 RemoteAccess - ok 15:33:39.0439 3884 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll 15:33:39.0486 3884 RemoteRegistry - ok 15:33:39.0517 3884 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll 15:33:39.0579 3884 RpcEptMapper - ok 15:33:39.0611 3884 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe 15:33:39.0657 3884 RpcLocator - ok 15:33:39.0767 3884 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll 15:33:39.0813 3884 RpcSs - ok 15:33:39.0845 3884 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys 15:33:39.0891 3884 rspndr - ok 15:33:39.0938 3884 [ 3B01789EE4EAEE97F5EB46B711387D5E ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys 15:33:40.0001 3884 RTL8167 - ok 15:33:40.0001 3884 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe 15:33:40.0016 3884 SamSs - ok 15:33:40.0125 3884 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 15:33:40.0141 3884 SASDIFSV - ok 15:33:40.0172 3884 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 15:33:40.0172 3884 SASKUTIL - ok 15:33:40.0235 3884 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys 15:33:40.0281 3884 sbp2port - ok 15:33:40.0313 3884 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll 15:33:40.0359 3884 SCardSvr - ok 15:33:40.0406 3884 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys 15:33:40.0484 3884 scfilter - ok 15:33:40.0625 3884 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll 15:33:40.0734 3884 Schedule - ok 15:33:40.0796 3884 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll 15:33:40.0827 3884 SCPolicySvc - ok 15:33:40.0890 3884 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll 15:33:40.0968 3884 SDRSVC - ok 15:33:41.0015 3884 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys 15:33:41.0077 3884 secdrv - ok 15:33:41.0108 3884 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll 15:33:41.0171 3884 seclogon - ok 15:33:41.0202 3884 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll 15:33:41.0264 3884 SENS - ok 15:33:41.0327 3884 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll 15:33:41.0405 3884 SensrSvc - ok 15:33:41.0436 3884 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys 15:33:41.0483 3884 Serenum - ok 15:33:41.0514 3884 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys 15:33:41.0561 3884 Serial - ok 15:33:41.0607 3884 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys 15:33:41.0639 3884 sermouse - ok 15:33:41.0717 3884 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll 15:33:41.0826 3884 SessionEnv - ok 15:33:41.0888 3884 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys 15:33:41.0904 3884 sffdisk - ok 15:33:41.0919 3884 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys 15:33:41.0966 3884 sffp_mmc - ok 15:33:41.0982 3884 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys 15:33:42.0044 3884 sffp_sd - ok 15:33:42.0075 3884 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys 15:33:42.0091 3884 sfloppy - ok 15:33:42.0153 3884 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll 15:33:42.0247 3884 SharedAccess - ok 15:33:42.0341 3884 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll 15:33:42.0419 3884 ShellHWDetection - ok 15:33:42.0465 3884 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys 15:33:42.0481 3884 SiSRaid2 - ok 15:33:42.0481 3884 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys 15:33:42.0512 3884 SiSRaid4 - ok 15:33:42.0637 3884 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 15:33:42.0715 3884 SkypeUpdate - ok 15:33:42.0746 3884 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys 15:33:42.0809 3884 Smb - ok 15:33:42.0871 3884 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe 15:33:42.0887 3884 SNMPTRAP - ok 15:33:42.0902 3884 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys 15:33:42.0918 3884 spldr - ok 15:33:42.0980 3884 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe 15:33:43.0011 3884 Spooler - ok 15:33:43.0511 3884 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe 15:33:43.0682 3884 sppsvc - ok 15:33:43.0745 3884 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll 15:33:43.0807 3884 sppuinotify - ok 15:33:44.0041 3884 [ 602884696850C86434530790B110E8EB ] sptd C:\windows\System32\Drivers\sptd.sys 15:33:44.0135 3884 sptd - ok 15:33:44.0275 3884 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys 15:33:44.0337 3884 srv - ok 15:33:44.0400 3884 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys 15:33:44.0447 3884 srv2 - ok 15:33:44.0462 3884 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys 15:33:44.0509 3884 srvnet - ok 15:33:44.0556 3884 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll 15:33:44.0603 3884 SSDPSRV - ok 15:33:44.0634 3884 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll 15:33:44.0681 3884 SstpSvc - ok 15:33:44.0774 3884 [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen C:\windows\system32\drivers\StarOpen.sys 15:33:44.0805 3884 StarOpen ( UnsignedFile.Multi.Generic ) - warning 15:33:44.0805 3884 StarOpen - detected UnsignedFile.Multi.Generic (1) 15:33:44.0837 3884 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys 15:33:44.0852 3884 stexstor - ok 15:33:44.0977 3884 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll 15:33:45.0055 3884 stisvc - ok 15:33:45.0117 3884 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys 15:33:45.0133 3884 swenum - ok 15:33:45.0195 3884 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll 15:33:45.0258 3884 swprv - ok 15:33:45.0570 3884 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll 15:33:45.0663 3884 SysMain - ok 15:33:45.0726 3884 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll 15:33:45.0773 3884 TabletInputService - ok 15:33:45.0804 3884 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll 15:33:45.0866 3884 TapiSrv - ok 15:33:45.0913 3884 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll 15:33:45.0960 3884 TBS - ok 15:33:46.0069 3884 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\windows\system32\drivers\tcpip.sys 15:33:46.0147 3884 Tcpip - ok 15:33:46.0225 3884 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys 15:33:46.0256 3884 TCPIP6 - ok 15:33:46.0334 3884 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys 15:33:46.0365 3884 tcpipreg - ok 15:33:46.0397 3884 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys 15:33:46.0443 3884 TDPIPE - ok 15:33:46.0490 3884 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys 15:33:46.0521 3884 TDTCP - ok 15:33:46.0568 3884 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys 15:33:46.0615 3884 tdx - ok 15:33:46.0646 3884 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys 15:33:46.0662 3884 TermDD - ok 15:33:46.0771 3884 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll 15:33:46.0833 3884 TermService - ok 15:33:46.0865 3884 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll 15:33:46.0911 3884 Themes - ok 15:33:46.0927 3884 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll 15:33:46.0958 3884 THREADORDER - ok 15:33:46.0989 3884 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll 15:33:47.0036 3884 TrkWks - ok 15:33:47.0145 3884 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe 15:33:47.0223 3884 TrustedInstaller - ok 15:33:47.0270 3884 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys 15:33:47.0317 3884 tssecsrv - ok 15:33:47.0348 3884 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys 15:33:47.0442 3884 TsUsbFlt - ok 15:33:47.0489 3884 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys 15:33:47.0551 3884 tunnel - ok 15:33:47.0582 3884 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys 15:33:47.0598 3884 uagp35 - ok 15:33:47.0676 3884 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys 15:33:47.0738 3884 udfs - ok 15:33:47.0769 3884 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe 15:33:47.0816 3884 UI0Detect - ok 15:33:47.0832 3884 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys 15:33:47.0863 3884 uliagpkx - ok 15:33:47.0910 3884 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\drivers\umbus.sys 15:33:47.0957 3884 umbus - ok 15:33:47.0972 3884 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys 15:33:48.0003 3884 UmPass - ok 15:33:48.0035 3884 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll 15:33:48.0081 3884 upnphost - ok 15:33:48.0144 3884 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\windows\system32\drivers\usbaudio.sys 15:33:48.0175 3884 usbaudio - ok 15:33:48.0175 3884 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys 15:33:48.0237 3884 usbccgp - ok 15:33:48.0253 3884 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys 15:33:48.0284 3884 usbcir - ok 15:33:48.0331 3884 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys 15:33:48.0362 3884 usbehci - ok 15:33:48.0393 3884 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys 15:33:48.0425 3884 usbhub - ok 15:33:48.0456 3884 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys 15:33:48.0487 3884 usbohci - ok 15:33:48.0534 3884 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys 15:33:48.0565 3884 usbprint - ok 15:33:48.0596 3884 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\drivers\USBSTOR.SYS 15:33:48.0659 3884 USBSTOR - ok 15:33:48.0721 3884 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys 15:33:48.0783 3884 usbuhci - ok 15:33:48.0877 3884 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys 15:33:48.0924 3884 usbvideo - ok 15:33:48.0955 3884 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll 15:33:49.0017 3884 UxSms - ok 15:33:49.0033 3884 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe 15:33:49.0064 3884 VaultSvc - ok 15:33:49.0111 3884 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys 15:33:49.0127 3884 vdrvroot - ok 15:33:49.0205 3884 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe 15:33:49.0267 3884 vds - ok 15:33:49.0314 3884 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys 15:33:49.0329 3884 vga - ok 15:33:49.0376 3884 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys 15:33:49.0454 3884 VgaSave - ok 15:33:49.0532 3884 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys 15:33:49.0563 3884 vhdmp - ok 15:33:49.0626 3884 [ E3CA012150C5AA2F508CC0C2A9F0714C ] VIAHdAudAddService C:\windows\system32\drivers\viahduaa.sys 15:33:49.0735 3884 VIAHdAudAddService - ok 15:33:49.0766 3884 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys 15:33:49.0797 3884 viaide - ok 15:33:49.0829 3884 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys 15:33:49.0891 3884 volmgr - ok 15:33:49.0969 3884 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys 15:33:50.0000 3884 volmgrx - ok 15:33:50.0016 3884 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys 15:33:50.0078 3884 volsnap - ok 15:33:50.0125 3884 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys 15:33:50.0141 3884 vsmraid - ok 15:33:50.0375 3884 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe 15:33:50.0499 3884 VSS - ok 15:33:50.0718 3884 [ 50D3941555FEFDF46424431702EC5FB6 ] vToolbarUpdater14.0.1 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe 15:33:50.0733 3884 vToolbarUpdater14.0.1 - ok 15:33:50.0780 3884 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\System32\drivers\vwifibus.sys 15:33:50.0827 3884 vwifibus - ok 15:33:50.0874 3884 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll 15:33:50.0921 3884 W32Time - ok 15:33:50.0967 3884 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys 15:33:51.0014 3884 WacomPen - ok 15:33:51.0077 3884 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys 15:33:51.0139 3884 WANARP - ok 15:33:51.0139 3884 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys 15:33:51.0170 3884 Wanarpv6 - ok 15:33:51.0279 3884 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe 15:33:51.0342 3884 WatAdminSvc - ok 15:33:51.0685 3884 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe 15:33:51.0794 3884 wbengine - ok 15:33:51.0825 3884 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll 15:33:51.0857 3884 WbioSrvc - ok 15:33:51.0888 3884 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll 15:33:51.0903 3884 wcncsvc - ok 15:33:51.0935 3884 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll 15:33:51.0997 3884 WcsPlugInService - ok 15:33:52.0013 3884 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys 15:33:52.0044 3884 Wd - ok 15:33:52.0231 3884 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys 15:33:52.0293 3884 Wdf01000 - ok 15:33:52.0325 3884 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll 15:33:52.0418 3884 WdiServiceHost - ok 15:33:52.0418 3884 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll 15:33:52.0434 3884 WdiSystemHost - ok 15:33:52.0543 3884 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll 15:33:52.0637 3884 WebClient - ok 15:33:52.0668 3884 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll 15:33:52.0699 3884 Wecsvc - ok 15:33:52.0777 3884 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll 15:33:52.0871 3884 wercplsupport - ok 15:33:52.0886 3884 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll 15:33:52.0933 3884 WerSvc - ok 15:33:52.0949 3884 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys 15:33:52.0980 3884 WfpLwf - ok 15:33:53.0073 3884 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys 15:33:53.0120 3884 WIMMount - ok 15:33:53.0151 3884 WinDefend - ok 15:33:53.0151 3884 WinHttpAutoProxySvc - ok 15:33:53.0214 3884 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll 15:33:53.0276 3884 Winmgmt - ok 15:33:53.0744 3884 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll 15:33:53.0916 3884 WinRM - ok 15:33:53.0978 3884 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys 15:33:54.0025 3884 WinUsb - ok 15:33:54.0181 3884 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll 15:33:54.0259 3884 Wlansvc - ok 15:33:54.0665 3884 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 15:33:54.0758 3884 wlidsvc - ok 15:33:54.0836 3884 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys 15:33:54.0867 3884 WmiAcpi - ok 15:33:54.0961 3884 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe 15:33:55.0304 3884 wmiApSrv - ok 15:33:55.0382 3884 WMPNetworkSvc - ok 15:33:55.0460 3884 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll 15:33:55.0538 3884 WPCSvc - ok 15:33:55.0585 3884 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll 15:33:55.0663 3884 WPDBusEnum - ok 15:33:55.0725 3884 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys 15:33:55.0803 3884 ws2ifsl - ok 15:33:55.0897 3884 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll 15:33:55.0959 3884 wscsvc - ok 15:33:55.0959 3884 WSearch - ok 15:33:56.0521 3884 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll 15:33:56.0927 3884 wuauserv - ok 15:33:56.0958 3884 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys 15:33:57.0051 3884 WudfPf - ok 15:33:57.0114 3884 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys 15:33:57.0145 3884 WUDFRd - ok 15:33:57.0207 3884 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll 15:33:57.0239 3884 wudfsvc - ok 15:33:57.0332 3884 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll 15:33:57.0582 3884 WwanSvc - ok 15:33:57.0613 3884 ================ Scan global =============================== 15:33:57.0629 3884 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll 15:33:57.0691 3884 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\windows\system32\winsrv.dll 15:33:57.0769 3884 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\windows\system32\winsrv.dll 15:33:57.0785 3884 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll 15:33:57.0878 3884 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe 15:33:57.0941 3884 [Global] - ok 15:33:57.0941 3884 ================ Scan MBR ================================== 15:33:57.0956 3884 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 15:33:58.0923 3884 \Device\Harddisk0\DR0 - ok 15:33:58.0923 3884 ================ Scan VBR ================================== 15:33:58.0923 3884 [ DC512A19E319E382D45BFA7D6E3AC53E ] \Device\Harddisk0\DR0\Partition1 15:33:58.0923 3884 \Device\Harddisk0\DR0\Partition1 - ok 15:33:58.0970 3884 [ 5ED306945B50D7E8959D8065F01E964D ] \Device\Harddisk0\DR0\Partition2 15:33:59.0017 3884 \Device\Harddisk0\DR0\Partition2 - ok 15:33:59.0033 3884 [ 20A60FCCC1FE77FD57F41C21F124507C ] \Device\Harddisk0\DR0\Partition3 15:33:59.0033 3884 \Device\Harddisk0\DR0\Partition3 - ok 15:33:59.0033 3884 ============================================================ 15:33:59.0033 3884 Scan finished 15:33:59.0033 3884 ============================================================ 15:33:59.0048 3864 Detected object count: 1 15:33:59.0048 3864 Actual detected object count: 1 15:34:20.0904 3864 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user 15:34:20.0904 3864 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip Die Fenster bei meinem mail-akkount sind immer noch gelb unterlegt und mit Pünktchen. Viele Grüße, Zalgado |
|
08.02.2013, 18:44
| #14 |
| /// Malware-holic | Unerwünschte Software (und Viren?) sehr gut Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.02.2013, 21:31
| #15 |
| | Unerwünschte Software (und Viren?) Hallo Markus, ich habe es gemacht wie angegeben (online, das war hoffentlich richtig). Infiziert war : C:\Windows\SysWow64\Drivers\atapi.sys Zwischendurch erschien ein Fenster mit der Meldung: "Es wurden keine Archive zum Ersatz entdeckt. Combofix macht sich auf die Intensivsuche." Hier ist das Logfile: Combofix Logfile: Code:
ATTFilter ComboFix 13-02-07.02 - Rupi 08.02.2013 17:33:21.4.2 - x64
Microsoft Windows 7 Home Basic 6.1.7601.1.1252.55.1046.18.2013.675 [GMT -2:00]
Executando de: c:\users\Rupi\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Rupi\4.0
c:\users\Rupi\AppData\Roaming\Avisynth.exe
c:\users\Rupi\AppData\Roaming\AvsP.exe
c:\users\Rupi\AppData\Roaming\ImgBurn.exe
c:\users\Rupi\AppData\Roaming\MatroskaSplitter.exe
c:\users\Rupi\AppData\Roaming\SetupGFD.exe
c:\users\Rupi\AppData\Roaming\yuvcodecs-1.3.exe
c:\windows\Driver.
c:\windows\Driver.\AUDIO\ADIHdAud.inf
c:\windows\Driver.\AUDIO\ADIHdAud.sys
c:\windows\Driver.\AUDIO\AEAUDIO.sys
c:\windows\Driver.\AUDIO\AERTAC64.dll
c:\windows\Driver.\AUDIO\AERTAR64.dll
c:\windows\Driver.\AUDIO\AERTSr64.exe
c:\windows\Driver.\AUDIO\APOPCH.exe
c:\windows\Driver.\AUDIO\crlds3d.dll
c:\windows\Driver.\AUDIO\FMAPO64.dll
c:\windows\Driver.\AUDIO\GWfilt64.sys
c:\windows\Driver.\AUDIO\hda64.cat
c:\windows\Driver.\AUDIO\HDX861A.inf
c:\windows\Driver.\AUDIO\HDXCPC.inf
c:\windows\Driver.\AUDIO\HDXCR.inf
c:\windows\Driver.\AUDIO\HDXDELL.inf
c:\windows\Driver.\AUDIO\HDXGW.inf
c:\windows\Driver.\AUDIO\HDXHPAI1.inf
c:\windows\Driver.\AUDIO\HDXHPAI2.inf
c:\windows\Driver.\AUDIO\HDXHPNB.INF
c:\windows\Driver.\AUDIO\HDXLC.inf
c:\windows\Driver.\AUDIO\HDXLC2.inf
c:\windows\Driver.\AUDIO\HDXLC3.inf
c:\windows\Driver.\AUDIO\HDXPrmAu.inf
c:\windows\Driver.\AUDIO\HDXRT.inf
c:\windows\Driver.\AUDIO\HDXRT9.inf
c:\windows\Driver.\AUDIO\HDXSRSA.inf
c:\windows\Driver.\AUDIO\HDXSRSD.inf
c:\windows\Driver.\AUDIO\HDXSRSD2.inf
c:\windows\Driver.\AUDIO\HDXSRSS.inf
c:\windows\Driver.\AUDIO\HDXTHX.inf
c:\windows\Driver.\AUDIO\HDXTHXD.inf
c:\windows\Driver.\AUDIO\HDXToshiba.inf
c:\windows\Driver.\AUDIO\HDXXFM.inf
c:\windows\Driver.\AUDIO\MaxxAudioAPO20.dll
c:\windows\Driver.\AUDIO\MBAPO32.dll
c:\windows\Driver.\AUDIO\MBAPO64.dll
c:\windows\Driver.\AUDIO\mbfilt64.sys
c:\windows\Driver.\AUDIO\MBPPCn64.dll
c:\windows\Driver.\AUDIO\MBppld64.dll
c:\windows\Driver.\AUDIO\MBTHX32.dll
c:\windows\Driver.\AUDIO\MBTHX64.dll
c:\windows\Driver.\AUDIO\MBWrp64.dll
c:\windows\Driver.\AUDIO\mixer.ini
c:\windows\Driver.\AUDIO\Monft64.sys
c:\windows\Driver.\AUDIO\netrtx64.cat
c:\windows\Driver.\AUDIO\netrtx64.inf
c:\windows\Driver.\AUDIO\PostProc.dll
c:\windows\Driver.\AUDIO\RAVBg64.exe
c:\windows\Driver.\AUDIO\RAVCpl64.exe
c:\windows\Driver.\AUDIO\RCoInst64.dll
c:\windows\Driver.\AUDIO\RCORES64.dat
c:\windows\Driver.\AUDIO\RP3DAA64.dll
c:\windows\Driver.\AUDIO\RP3DHT64.dll
c:\windows\Driver.\AUDIO\rt64win7.sys
c:\windows\Driver.\AUDIO\RtCOM64.dll
c:\windows\Driver.\AUDIO\RTCOMDLL.dll
c:\windows\Driver.\AUDIO\RTEED64A.dll
c:\windows\Driver.\AUDIO\RTEEG64A.dll
c:\windows\Driver.\AUDIO\RTEEL64A.dll
c:\windows\Driver.\AUDIO\RTEEP64A.dll
c:\windows\Driver.\AUDIO\RtkApi64.dll
c:\windows\Driver.\AUDIO\RtkAPO64.dll
c:\windows\Driver.\AUDIO\RtkAudioService64.exe
c:\windows\Driver.\AUDIO\RtkCfg.dll
c:\windows\Driver.\AUDIO\RtkCfg64.dll
c:\windows\Driver.\AUDIO\RTKVHD64.sys
c:\windows\Driver.\AUDIO\RtlCPAPI.dll
c:\windows\Driver.\AUDIO\RtlCPAPI64.dll
c:\windows\Driver.\AUDIO\RtlUpd64.exe
c:\windows\Driver.\AUDIO\RtNicprop64.DLL
c:\windows\Driver.\AUDIO\RtPgEx64.dll
c:\windows\Driver.\AUDIO\RTSnMg64.cpl
c:\windows\Driver.\AUDIO\senfilt.sys
c:\windows\Driver.\AUDIO\SFComm64.dll
c:\windows\Driver.\AUDIO\SFDAPO64.dll
c:\windows\Driver.\AUDIO\SFHAPO64.dll
c:\windows\Driver.\AUDIO\SFProc64.dll
c:\windows\Driver.\AUDIO\SFSAPO64.dll
c:\windows\Driver.\AUDIO\SkyTel.exe
c:\windows\Driver.\AUDIO\slcshp64.dll
c:\windows\Driver.\AUDIO\slgeq64.dll
c:\windows\Driver.\AUDIO\slh36064.dll
c:\windows\Driver.\AUDIO\slInit64.dll
c:\windows\Driver.\AUDIO\slmaxv64.dll
c:\windows\Driver.\AUDIO\sltshd64.dll
c:\windows\Driver.\AUDIO\sluapo64.dll
c:\windows\Driver.\AUDIO\SMax4PNP.exe
c:\windows\Driver.\AUDIO\SMWDMIF.dll
c:\windows\Driver.\AUDIO\smx.cat
c:\windows\Driver.\AUDIO\SRSHP64.dll
c:\windows\Driver.\AUDIO\SRSTSH64.dll
c:\windows\Driver.\AUDIO\SRSTSX64.dll
c:\windows\Driver.\AUDIO\SRSWOW64.dll
c:\windows\Driver.\AUDIO\viahdb.inf
c:\windows\Driver.\AUDIO\viahdb1.inf
c:\windows\Driver.\AUDIO\viahdcmp.inf
c:\windows\Driver.\AUDIO\viahduaa.cat
c:\windows\Driver.\AUDIO\viahduaa.sys
c:\windows\Driver.\AUDIO\vncutil64.exe
c:\windows\Driver.\CHIPSET\2008s4el.cat
c:\windows\Driver.\CHIPSET\2008s4el.inf
c:\windows\Driver.\CHIPSET\5000xzvp (2).cat
c:\windows\Driver.\CHIPSET\5000XZVP (2).inf
c:\windows\Driver.\CHIPSET\5000xzvp.cat
c:\windows\Driver.\CHIPSET\5000XZVP.inf
c:\windows\Driver.\CHIPSET\5400.cat
c:\windows\Driver.\CHIPSET\5400.inf
c:\windows\Driver.\CHIPSET\852.cat
c:\windows\Driver.\CHIPSET\852.inf
c:\windows\Driver.\CHIPSET\855.cat
c:\windows\Driver.\CHIPSET\855.inf
c:\windows\Driver.\CHIPSET\865.cat
c:\windows\Driver.\CHIPSET\865.inf
c:\windows\Driver.\CHIPSET\915.cat
c:\windows\Driver.\CHIPSET\915.inf
c:\windows\Driver.\CHIPSET\915M.cat
c:\windows\Driver.\CHIPSET\915M.inf
c:\windows\Driver.\CHIPSET\945 (2).cat
c:\windows\Driver.\CHIPSET\945 (2).inf
c:\windows\Driver.\CHIPSET\945.cat
c:\windows\Driver.\CHIPSET\945.inf
c:\windows\Driver.\CHIPSET\945gm (2).cat
c:\windows\Driver.\CHIPSET\945GM (2).inf
c:\windows\Driver.\CHIPSET\945gm.cat
c:\windows\Driver.\CHIPSET\945GM.inf
c:\windows\Driver.\CHIPSET\965g (2).cat
c:\windows\Driver.\CHIPSET\965g (2).inf
c:\windows\Driver.\CHIPSET\965g.cat
c:\windows\Driver.\CHIPSET\965g.inf
c:\windows\Driver.\CHIPSET\965m (2).cat
c:\windows\Driver.\CHIPSET\965m (2).inf
c:\windows\Driver.\CHIPSET\965m.cat
c:\windows\Driver.\CHIPSET\965m.inf
c:\windows\Driver.\CHIPSET\dmi_pci.cat
c:\windows\Driver.\CHIPSET\dmi_pci.inf
c:\windows\Driver.\CHIPSET\e5100.cat
c:\windows\Driver.\CHIPSET\E5100.inf
c:\windows\Driver.\CHIPSET\E7220.cat
c:\windows\Driver.\CHIPSET\E7220.inf
c:\windows\Driver.\CHIPSET\e7230.cat
c:\windows\Driver.\CHIPSET\E7230.inf
c:\windows\Driver.\CHIPSET\e7300.cat
c:\windows\Driver.\CHIPSET\E7300.inf
c:\windows\Driver.\CHIPSET\E7520.cat
c:\windows\Driver.\CHIPSET\E7520.inf
c:\windows\Driver.\CHIPSET\E8500.cat
c:\windows\Driver.\CHIPSET\E8500.inf
c:\windows\Driver.\CHIPSET\esb2id2 (2).cat
c:\windows\Driver.\CHIPSET\ESB2id2 (2).inf
c:\windows\Driver.\CHIPSET\esb2id2.cat
c:\windows\Driver.\CHIPSET\ESB2id2.inf
c:\windows\Driver.\CHIPSET\esb2ide (2).cat
c:\windows\Driver.\CHIPSET\ESB2ide (2).inf
c:\windows\Driver.\CHIPSET\esb2ide.cat
c:\windows\Driver.\CHIPSET\ESB2ide.inf
c:\windows\Driver.\CHIPSET\esb2usb (2).cat
c:\windows\Driver.\CHIPSET\ESB2usb (2).inf
c:\windows\Driver.\CHIPSET\esb2usb.cat
c:\windows\Driver.\CHIPSET\ESB2usb.inf
c:\windows\Driver.\CHIPSET\g33q35 (2).cat
c:\windows\Driver.\CHIPSET\g33q35 (2).inf
c:\windows\Driver.\CHIPSET\g33q35.cat
c:\windows\Driver.\CHIPSET\g33q35.inf
c:\windows\Driver.\CHIPSET\ibexahci (2).cat
c:\windows\Driver.\CHIPSET\ibexahci (2).inf
c:\windows\Driver.\CHIPSET\ibexahci (3).cat
c:\windows\Driver.\CHIPSET\ibexahci (3).inf
c:\windows\Driver.\CHIPSET\ibexahci (4).cat
c:\windows\Driver.\CHIPSET\ibexahci (4).inf
c:\windows\Driver.\CHIPSET\ibexahci.cat
c:\windows\Driver.\CHIPSET\ibexahci.inf
c:\windows\Driver.\CHIPSET\ibexcore (2).cat
c:\windows\Driver.\CHIPSET\ibexcore (2).inf
c:\windows\Driver.\CHIPSET\ibexcore (3).cat
c:\windows\Driver.\CHIPSET\ibexcore (3).inf
c:\windows\Driver.\CHIPSET\ibexcore (4).cat
c:\windows\Driver.\CHIPSET\ibexcore (4).inf
c:\windows\Driver.\CHIPSET\ibexcore.cat
c:\windows\Driver.\CHIPSET\ibexcore.inf
c:\windows\Driver.\CHIPSET\ibexid2 (2).cat
c:\windows\Driver.\CHIPSET\ibexid2 (2).inf
c:\windows\Driver.\CHIPSET\ibexid2 (3).cat
c:\windows\Driver.\CHIPSET\ibexid2 (3).inf
c:\windows\Driver.\CHIPSET\ibexid2 (4).cat
c:\windows\Driver.\CHIPSET\ibexid2 (4).inf
c:\windows\Driver.\CHIPSET\ibexid2.cat
c:\windows\Driver.\CHIPSET\ibexid2.inf
c:\windows\Driver.\CHIPSET\ibexide (2).cat
c:\windows\Driver.\CHIPSET\ibexide (2).inf
c:\windows\Driver.\CHIPSET\ibexide (3).cat
c:\windows\Driver.\CHIPSET\ibexide (3).inf
c:\windows\Driver.\CHIPSET\ibexide (4).cat
c:\windows\Driver.\CHIPSET\ibexide (4).inf
c:\windows\Driver.\CHIPSET\ibexide.cat
c:\windows\Driver.\CHIPSET\ibexide.inf
c:\windows\Driver.\CHIPSET\ibexiips (2).cat
c:\windows\Driver.\CHIPSET\ibexiips (2).inf
c:\windows\Driver.\CHIPSET\ibexiips (3).cat
c:\windows\Driver.\CHIPSET\ibexiips (3).inf
c:\windows\Driver.\CHIPSET\ibexiips (4).cat
c:\windows\Driver.\CHIPSET\ibexiips (4).inf
c:\windows\Driver.\CHIPSET\ibexiips.cat
c:\windows\Driver.\CHIPSET\ibexiips.inf
c:\windows\Driver.\CHIPSET\ibexsmb (2).cat
c:\windows\Driver.\CHIPSET\ibexsmb (2).inf
c:\windows\Driver.\CHIPSET\ibexsmb (3).cat
c:\windows\Driver.\CHIPSET\ibexsmb (3).inf
c:\windows\Driver.\CHIPSET\ibexsmb (4).cat
c:\windows\Driver.\CHIPSET\ibexsmb (4).inf
c:\windows\Driver.\CHIPSET\ibexsmb.cat
c:\windows\Driver.\CHIPSET\ibexsmb.inf
c:\windows\Driver.\CHIPSET\ibexusb (2).cat
c:\windows\Driver.\CHIPSET\ibexusb (2).inf
c:\windows\Driver.\CHIPSET\ibexusb (3).cat
c:\windows\Driver.\CHIPSET\ibexusb (3).inf
c:\windows\Driver.\CHIPSET\ibexusb (4).cat
c:\windows\Driver.\CHIPSET\ibexusb (4).inf
c:\windows\Driver.\CHIPSET\ibexusb.cat
c:\windows\Driver.\CHIPSET\ibexusb.inf
c:\windows\Driver.\CHIPSET\ich5core.cat
c:\windows\Driver.\CHIPSET\ich5core.inf
c:\windows\Driver.\CHIPSET\ich5id2.cat
c:\windows\Driver.\CHIPSET\ich5id2.inf
c:\windows\Driver.\CHIPSET\ich5ide.cat
c:\windows\Driver.\CHIPSET\ich5ide.inf
c:\windows\Driver.\CHIPSET\ich5usb.cat
c:\windows\Driver.\CHIPSET\ich5usb.inf
c:\windows\Driver.\CHIPSET\ich6core.cat
c:\windows\Driver.\CHIPSET\ich6core.inf
c:\windows\Driver.\CHIPSET\ich6id2.cat
c:\windows\Driver.\CHIPSET\ich6id2.inf
c:\windows\Driver.\CHIPSET\ich6ide.cat
c:\windows\Driver.\CHIPSET\ich6ide.inf
c:\windows\Driver.\CHIPSET\ich6usb.cat
c:\windows\Driver.\CHIPSET\ich6usb.inf
c:\windows\Driver.\CHIPSET\ich78id2 (2).cat
c:\windows\Driver.\CHIPSET\ich78id2 (2).inf
c:\windows\Driver.\CHIPSET\ich78id2 (3).cat
c:\windows\Driver.\CHIPSET\ich78id2 (3).inf
c:\windows\Driver.\CHIPSET\ich78id2 (4).cat
c:\windows\Driver.\CHIPSET\ich78id2 (4).inf
c:\windows\Driver.\CHIPSET\ich78id2.cat
c:\windows\Driver.\CHIPSET\ich78id2.inf
c:\windows\Driver.\CHIPSET\ich78ide (2).cat
c:\windows\Driver.\CHIPSET\ich78ide (2).inf
c:\windows\Driver.\CHIPSET\ich78ide (3).cat
c:\windows\Driver.\CHIPSET\ich78ide (3).inf
c:\windows\Driver.\CHIPSET\ich78ide (4).cat
c:\windows\Driver.\CHIPSET\ich78ide (4).inf
c:\windows\Driver.\CHIPSET\ich78ide.cat
c:\windows\Driver.\CHIPSET\ich78ide.inf
c:\windows\Driver.\CHIPSET\ich78usb (2).cat
c:\windows\Driver.\CHIPSET\ich78usb (2).inf
c:\windows\Driver.\CHIPSET\ich78usb (3).cat
c:\windows\Driver.\CHIPSET\ich78usb (3).inf
c:\windows\Driver.\CHIPSET\ich78usb (4).cat
c:\windows\Driver.\CHIPSET\ich78usb (4).inf
c:\windows\Driver.\CHIPSET\ich78usb.cat
c:\windows\Driver.\CHIPSET\ich78usb.inf
c:\windows\Driver.\CHIPSET\ich7core (2).cat
c:\windows\Driver.\CHIPSET\ich7core (2).inf
c:\windows\Driver.\CHIPSET\ich7core (3).cat
c:\windows\Driver.\CHIPSET\ich7core (3).inf
c:\windows\Driver.\CHIPSET\ich7core (4).cat
c:\windows\Driver.\CHIPSET\ich7core (4).inf
c:\windows\Driver.\CHIPSET\ich7core (5).cat
c:\windows\Driver.\CHIPSET\ich7core (5).inf
c:\windows\Driver.\CHIPSET\ich7core.cat
c:\windows\Driver.\CHIPSET\ich7core.inf
c:\windows\Driver.\CHIPSET\ich7id2.cat
c:\windows\Driver.\CHIPSET\ich7id2.inf
c:\windows\Driver.\CHIPSET\ich7ide.cat
c:\windows\Driver.\CHIPSET\ich7ide.inf
c:\windows\Driver.\CHIPSET\ich7usb.cat
c:\windows\Driver.\CHIPSET\ich7usb.inf
c:\windows\Driver.\CHIPSET\ich8ahci.cat
c:\windows\Driver.\CHIPSET\ich8ahci.inf
c:\windows\Driver.\CHIPSET\ich8core (2).cat
c:\windows\Driver.\CHIPSET\ich8core (2).inf
c:\windows\Driver.\CHIPSET\ich8core.cat
c:\windows\Driver.\CHIPSET\ich8core.inf
c:\windows\Driver.\CHIPSET\ich8id2.cat
c:\windows\Driver.\CHIPSET\ich8id2.inf
c:\windows\Driver.\CHIPSET\ich8ide.cat
c:\windows\Driver.\CHIPSET\ich8ide.inf
c:\windows\Driver.\CHIPSET\ich8smb.cat
c:\windows\Driver.\CHIPSET\ich8smb.inf
c:\windows\Driver.\CHIPSET\ich8usb.cat
c:\windows\Driver.\CHIPSET\ich8usb.inf
c:\windows\Driver.\CHIPSET\ich9ahci.cat
c:\windows\Driver.\CHIPSET\ich9ahci.inf
c:\windows\Driver.\CHIPSET\ich9core (2).cat
c:\windows\Driver.\CHIPSET\ich9core (2).inf
c:\windows\Driver.\CHIPSET\ich9core.cat
c:\windows\Driver.\CHIPSET\ich9core.inf
c:\windows\Driver.\CHIPSET\ich9id2.cat
c:\windows\Driver.\CHIPSET\ich9id2.inf
c:\windows\Driver.\CHIPSET\ich9ide.cat
c:\windows\Driver.\CHIPSET\ich9ide.inf
c:\windows\Driver.\CHIPSET\ich9smb.cat
c:\windows\Driver.\CHIPSET\ich9smb.inf
c:\windows\Driver.\CHIPSET\ich9usb (2).cat
c:\windows\Driver.\CHIPSET\ich9usb (2).inf
c:\windows\Driver.\CHIPSET\ich9usb.cat
c:\windows\Driver.\CHIPSET\ich9usb.inf
c:\windows\Driver.\CHIPSET\ichacore.cat
c:\windows\Driver.\CHIPSET\ichacore.inf
c:\windows\Driver.\CHIPSET\ichausb.cat
c:\windows\Driver.\CHIPSET\ichausb.inf
c:\windows\Driver.\CHIPSET\ichxdev (2).cat
c:\windows\Driver.\CHIPSET\ichXdev (2).inf
c:\windows\Driver.\CHIPSET\ichxdev.cat
c:\windows\Driver.\CHIPSET\ichXdev.inf
c:\windows\Driver.\CHIPSET\INFAnswr.txt
c:\windows\Driver.\CHIPSET\intelcp2 (2).cat
c:\windows\Driver.\CHIPSET\IntelCP2 (2).inf
c:\windows\Driver.\CHIPSET\intelcp2 (3).cat
c:\windows\Driver.\CHIPSET\IntelCP2 (3).inf
c:\windows\Driver.\CHIPSET\intelcp2 (4).cat
c:\windows\Driver.\CHIPSET\IntelCP2 (4).inf
c:\windows\Driver.\CHIPSET\intelcp2.cat
c:\windows\Driver.\CHIPSET\IntelCP2.inf
c:\windows\Driver.\CHIPSET\intelcpu.cat
c:\windows\Driver.\CHIPSET\IntelCPU.inf
c:\windows\Driver.\CHIPSET\intelioh.cat
c:\windows\Driver.\CHIPSET\IntelIOH.inf
c:\windows\Driver.\CHIPSET\ioatdma.cat
c:\windows\Driver.\CHIPSET\ioatdma.inf
c:\windows\Driver.\CHIPSET\nehalmex (2).cat
c:\windows\Driver.\CHIPSET\NehalMEX (2).inf
c:\windows\Driver.\CHIPSET\nehalmex (3).cat
c:\windows\Driver.\CHIPSET\NehalMEX (3).inf
c:\windows\Driver.\CHIPSET\nehalmex (4).cat
c:\windows\Driver.\CHIPSET\NehalMEX (4).inf
c:\windows\Driver.\CHIPSET\nehalmex.cat
c:\windows\Driver.\CHIPSET\NehalMEX.inf
c:\windows\Driver.\CHIPSET\pm45gm45.cat
c:\windows\Driver.\CHIPSET\pm45gm45.inf
c:\windows\Driver.\CHIPSET\qd3nodrv.cat
c:\windows\Driver.\CHIPSET\qd3nodrv.inf
c:\windows\Driver.\CHIPSET\whed_dev (2).cat
c:\windows\Driver.\CHIPSET\whed_dev (2).inf
c:\windows\Driver.\CHIPSET\whed_dev (3).cat
c:\windows\Driver.\CHIPSET\whed_dev (3).inf
c:\windows\Driver.\CHIPSET\whed_dev (4).cat
c:\windows\Driver.\CHIPSET\whed_dev (4).inf
c:\windows\Driver.\CHIPSET\whed_dev.cat
c:\windows\Driver.\CHIPSET\whed_dev.inf
c:\windows\Driver.\Graphics\difx32.dll
c:\windows\Driver.\Graphics\difx64.dll
c:\windows\Driver.\Graphics\difx64.exe
c:\windows\Driver.\Graphics\hccutils.dll
c:\windows\Driver.\Graphics\hkcmd.exe
c:\windows\Driver.\Graphics\ig4dev32.dll
c:\windows\Driver.\Graphics\ig4dev64.dll
c:\windows\Driver.\Graphics\ig4icd32.dll
c:\windows\Driver.\Graphics\ig4icd64.dll
c:\windows\Driver.\Graphics\igcompkrng500.bin
c:\windows\Driver.\Graphics\igd10umd32.dll
c:\windows\Driver.\Graphics\igd10umd64.dll
c:\windows\Driver.\Graphics\igdkmd64.sys
c:\windows\Driver.\Graphics\igdlh.cat
c:\windows\Driver.\Graphics\igdlh64.inf
c:\windows\Driver.\Graphics\igdumd32.dll
c:\windows\Driver.\Graphics\igdumd64.dll
c:\windows\Driver.\Graphics\igdumdx32.dll
c:\windows\Driver.\Graphics\igfcg500.bin
c:\windows\Driver.\Graphics\igfcg500m.bin
c:\windows\Driver.\Graphics\igfxcfg.exe
c:\windows\Driver.\Graphics\igfxcpl.cpl
c:\windows\Driver.\Graphics\igfxdev.dll
c:\windows\Driver.\Graphics\igfxdo.dll
c:\windows\Driver.\Graphics\igfxdv32.dll
c:\windows\Driver.\Graphics\igfxexps.dll
c:\windows\Driver.\Graphics\igfxext.exe
c:\windows\Driver.\Graphics\igfxpers.exe
c:\windows\Driver.\Graphics\igfxpph.dll
c:\windows\Driver.\Graphics\igfxrara.lrc
c:\windows\Driver.\Graphics\igfxrchs.lrc
c:\windows\Driver.\Graphics\igfxrcht.lrc
c:\windows\Driver.\Graphics\igfxrcsy.lrc
c:\windows\Driver.\Graphics\igfxrdan.lrc
c:\windows\Driver.\Graphics\igfxrdeu.lrc
c:\windows\Driver.\Graphics\igfxrell.lrc
c:\windows\Driver.\Graphics\igfxrenu.lrc
c:\windows\Driver.\Graphics\igfxresp.lrc
c:\windows\Driver.\Graphics\igfxress.dll
c:\windows\Driver.\Graphics\igfxrfin.lrc
c:\windows\Driver.\Graphics\igfxrfra.lrc
c:\windows\Driver.\Graphics\igfxrheb.lrc
c:\windows\Driver.\Graphics\igfxrhun.lrc
c:\windows\Driver.\Graphics\igfxrita.lrc
c:\windows\Driver.\Graphics\igfxrjpn.lrc
c:\windows\Driver.\Graphics\igfxrkor.lrc
c:\windows\Driver.\Graphics\igfxrnld.lrc
c:\windows\Driver.\Graphics\igfxrnor.lrc
c:\windows\Driver.\Graphics\igfxrplk.lrc
c:\windows\Driver.\Graphics\igfxrptb.lrc
c:\windows\Driver.\Graphics\igfxrptg.lrc
c:\windows\Driver.\Graphics\igfxrrus.lrc
c:\windows\Driver.\Graphics\igfxrsky.lrc
c:\windows\Driver.\Graphics\igfxrslv.lrc
c:\windows\Driver.\Graphics\igfxrsve.lrc
c:\windows\Driver.\Graphics\igfxrtha.lrc
c:\windows\Driver.\Graphics\igfxrtrk.lrc
c:\windows\Driver.\Graphics\igfxsrvc.dll
c:\windows\Driver.\Graphics\igfxsrvc.exe
c:\windows\Driver.\Graphics\igfxTMM.dll
c:\windows\Driver.\Graphics\igfxtray.exe
c:\windows\Driver.\Graphics\igkrng400.bin
c:\windows\Driver.\Graphics\igkrng500.bin
c:\windows\Driver.\Graphics\iglhxa64.cpa
c:\windows\Driver.\Graphics\iglhxa64.vp
c:\windows\Driver.\Graphics\iglhxc64.vp
c:\windows\Driver.\Graphics\iglhxg64.vp
c:\windows\Driver.\Graphics\iglhxo64.vp
c:\windows\Driver.\Graphics\iglhxs64.vp
c:\windows\Driver.\Graphics\igxpco64.dll
c:\windows\Driver.\Graphics\igxpun.exe
c:\windows\Driver.\Graphics\LANG\HDMI\ARA\HDMIARA.dll
c:\windows\Driver.\Graphics\LANG\HDMI\ARA\license.txt
c:\windows\Driver.\Graphics\LANG\HDMI\CHS\HDMICHS.dll
c:\windows\Driver.\Graphics\LANG\HDMI\CHS\license.txt
c:\windows\Driver.\Graphics\LANG\HDMI\CHT\HDMICHT.dll
c:\windows\Driver.\Graphics\LANG\HDMI\CHT\license.txt
c:\windows\Driver.\Graphics\LANG\HDMI\CSY\HDMICSY.dll
c:\windows\Driver.\Graphics\LANG\HDMI\CSY\license.txt
c:\windows\Driver.\Graphics\LANG\HDMI\DAN\HDMIDAN.dll
c:\windows\Driver.\Graphics\LANG\HDMI\DAN\license.txt
c:\windows\Driver.\Graphics\LANG\HDMI\DEU\HDMIDEU.dll
c:\windows\Driver.\Graphics\LANG\HDMI\DEU\license.txt
c:\windows\Driver.\Graphics\LANG\HDMI\ELL\HDMIELL.dll
c:\windows\Driver.\Graphics\LANG\HDMI\ELL\license.txt
c:\windows\Driver.\Graphics\LANG\HDMI\ENU\HDMIENU.dll
c:\windows\Driver.\Graphics\LANG\HDMI\ENU\license.txt
c:\windows\Driver.\Graphics\LANG\HDMI\ESP\HDMIESP.dll
c:\windows\Driver.\Graphics\LANG\HDMI\ESP\license.txt
c:\windows\Driver.\Graphics\LANG\HDMI\FIN\HDMIFIN.dll
c:\windows\Driver.\Graphics\LANG\HDMI\FIN\license.txt
c:\windows\Driver.\Graphics\LANG\HDMI\FRA\HDMIFRA.dll
c:\windows\Driver.\Graphics\LANG\HDMI\FRA\license.txt
c:\windows\Driver.\Graphics\LANG\HDMI\HEB\HDMIHEB.dll
c:\windows\Driver.\Graphics\LANG\HDMI\HEB\license.txt
c:\windows\Driver.\Graphics\LANG\HDMI\HUN\HDMIHUN.dll
c:\windows\Driver.\Graphics\LANG\HDMI\HUN\license.txt
c:\windows\Driver.\Graphics\LANG\HDMI\ITA\HDMIITA.dll
c:\windows\Driver.\Graphics\LANG\HDMI\ITA\license.txt
c:\windows\Driver.\Graphics\LANG\HDMI\JPN\HDMIJPN.dll
c:\windows\Driver.\Graphics\LANG\HDMI\JPN\license.txt
c:\windows\Driver.\Graphics\LANG\HDMI\KOR\HDMIKOR.dll
c:\windows\Driver.\Graphics\LANG\HDMI\KOR\license.txt
c:\windows\Driver.\Graphics\LANG\HDMI\NLD\HDMINLD.dll
c:\windows\Driver.\Graphics\LANG\HDMI\NLD\license.txt
c:\windows\Driver.\Graphics\LANG\HDMI\NOR\HDMINOR.dll
c:\windows\Driver.\Graphics\LANG\HDMI\NOR\license.txt
c:\windows\Driver.\Graphics\LANG\HDMI\PLK\HDMIPLK.dll
c:\windows\Driver.\Graphics\LANG\HDMI\PLK\license.txt
c:\windows\Driver.\Graphics\LANG\HDMI\PTB\HDMIPTB.dll
c:\windows\Driver.\Graphics\LANG\HDMI\PTB\license.txt
c:\windows\Driver.\Graphics\LANG\HDMI\PTG\HDMIPTG.dll
c:\windows\Driver.\Graphics\LANG\HDMI\PTG\license.txt
c:\windows\Driver.\Graphics\LANG\HDMI\RUS\HDMIRUS.dll
c:\windows\Driver.\Graphics\LANG\HDMI\RUS\license.txt
c:\windows\Driver.\Graphics\LANG\HDMI\SKY\HDMISKY.dll
c:\windows\Driver.\Graphics\LANG\HDMI\SKY\license.txt
c:\windows\Driver.\Graphics\LANG\HDMI\SLV\HDMISLV.dll
c:\windows\Driver.\Graphics\LANG\HDMI\SLV\license.txt
c:\windows\Driver.\Graphics\LANG\HDMI\SVE\HDMISVE.dll
c:\windows\Driver.\Graphics\LANG\HDMI\SVE\license.txt
c:\windows\Driver.\Graphics\LANG\HDMI\THA\HDMITHA.dll
c:\windows\Driver.\Graphics\LANG\HDMI\THA\license.txt
c:\windows\Driver.\Graphics\LANG\HDMI\TRK\HDMITRK.dll
c:\windows\Driver.\Graphics\LANG\HDMI\TRK\license.txt
c:\windows\Driver.\Graphics\oemdspif.dll
c:\windows\Driver.\LAN\netrtx64.cat
c:\windows\Driver.\LAN\netrtx64.inf
c:\windows\Driver.\LAN\note.txt
c:\windows\Driver.\LAN\rt64win7.sys
c:\windows\Driver.\LAN\RtNicprop64.DLL
c:\windows\Driver.\LAN\RTNUninst64.dll
c:\windows\Driver.\tv\34CoInstaller.dll
c:\windows\Driver.\tv\3xhybr64.cat
c:\windows\Driver.\tv\3xHybr64.sys
c:\windows\Driver.\tv\3xhybrid.cat
c:\windows\Driver.\tv\3xHybrid.inf
c:\windows\Driver.\tv\3xHybrid.sys
c:\windows\Driver.\tv\Language\Chinese(Traditional).lng
c:\windows\Driver.\tv\Language\Czech.lng
c:\windows\Driver.\tv\Language\Dutch.lng
c:\windows\Driver.\tv\Language\English.lng
c:\windows\Driver.\tv\Language\French.lng
c:\windows\Driver.\tv\Language\German.lng
c:\windows\Driver.\tv\Language\Greek.lng
c:\windows\Driver.\tv\Language\Italian.lng
c:\windows\Driver.\tv\Language\Japanese.lng
c:\windows\Driver.\tv\Language\Polish.lng
c:\windows\Driver.\tv\Language\Portuguese(Brazil).lng
c:\windows\Driver.\tv\Language\Portuguese(Portugal).lng
c:\windows\Driver.\tv\Language\Romanian.lng
c:\windows\Driver.\tv\Language\Russian.lng
c:\windows\Driver.\tv\Language\Serbian(Cyrillic).lng
c:\windows\Driver.\tv\Language\Spanish.lng
c:\windows\Driver.\tv\NXPMV32.dll
c:\windows\Driver.\tv\NXPMV64.dll
c:\windows\Driver.\tv\nxpunist.exe
c:\windows\Driver.\tv\SetupDrv.exe
c:\windows\Driver.\tv\TVNXPDrv.ini
c:\windows\wininit.ini
.
c:\windows\SysWow64\Drivers\atapi.sys . . . está infectado!!
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2013-01-08 to 2013-02-08 ))))))))))))))))))))))))))))
.
.
2013-02-08 20:17 . 2013-02-08 20:17 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-02-06 14:36 . 2013-02-06 14:36 -------- d-----w- C:\TDSSKiller_Quarantine
2013-02-05 10:59 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EF6465A7-A582-4A43-A4DD-AB342C7A8E2C}\mpengine.dll
2013-02-05 01:25 . 2013-02-05 01:25 -------- d-----w- c:\users\Rupi\AppData\Roaming\Avira
2013-02-05 01:20 . 2013-02-05 01:06 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-02-05 01:20 . 2013-02-05 01:06 99912 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-02-05 01:20 . 2013-02-05 01:20 -------- d-----w- c:\program files (x86)\Avira
2013-02-04 11:23 . 2013-02-04 11:23 -------- d-----w- c:\program files (x86)\MSXML 4.0
2013-02-02 16:19 . 2013-02-02 16:19 -------- d-----w- c:\windows\CD95F661A5C444F5A6AAECDD91C240D3.TMP
2013-02-02 16:19 . 2013-02-02 16:30 -------- d-----w- C:\FFOutput
2013-02-02 16:18 . 2013-02-02 16:18 -------- d-----w- c:\program files (x86)\FreeTime
2013-02-02 16:01 . 2013-02-02 16:01 -------- d-----w- c:\windows\de
2013-02-02 15:58 . 2013-02-02 15:58 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2013-02-02 15:54 . 2013-02-02 15:54 -------- d-----w- c:\windows\PCHEALTH
2013-02-02 14:49 . 2013-02-02 14:56 -------- d-----w- c:\users\Rupi\AppData\Local\Nero
2013-02-02 13:33 . 2013-02-02 13:33 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f29eb4f51ce014909\DXSETUP.exe
2013-02-02 13:33 . 2013-02-02 13:33 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f29eb4f51ce014909\DSETUP.dll
2013-02-02 13:33 . 2013-02-02 13:33 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f29eb4f51ce014909\dsetup32.dll
2013-02-02 13:33 . 2013-02-02 13:33 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ef697a361ce014908\DXSETUP.exe
2013-02-02 13:33 . 2013-02-02 13:33 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ef697a361ce014908\DSETUP.dll
2013-02-02 13:33 . 2013-02-02 13:33 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ef697a361ce014908\dsetup32.dll
2013-01-31 20:04 . 2013-01-31 20:22 -------- d-----w- c:\users\Rupi\AppData\Roaming\Audacity
2013-01-31 20:04 . 2013-01-31 20:04 -------- d-----w- c:\program files (x86)\Audacity
2013-01-31 19:27 . 2013-01-31 19:27 -------- d-----w- C:\_OTL
2013-01-31 19:23 . 2013-01-31 19:23 -------- d-----w- c:\users\Rupi\.DVDslideshowGUI
2013-01-31 19:23 . 2013-01-31 19:23 34936 ----a-w- c:\windows\SysWow64\uninstHelixYUV.exe
2013-01-31 19:22 . 2013-01-31 19:22 -------- d-----w- c:\program files (x86)\GUI for dvdauthor
2013-01-31 19:22 . 2013-01-31 19:22 -------- d-----w- c:\program files (x86)\AvsP
2013-01-31 19:22 . 2013-01-31 19:22 -------- d-----w- c:\program files (x86)\ImgBurn
2013-01-31 19:22 . 2013-01-31 19:22 -------- d-----w- c:\program files (x86)\AviSynth 2.5
2013-01-30 23:07 . 2013-02-02 20:44 -------- d-----w- c:\users\Rupi\AppData\Roaming\vlc
2013-01-30 23:06 . 2013-01-30 23:06 -------- d-----w- c:\program files\VideoLAN
2013-01-30 11:11 . 2013-01-30 11:11 -------- d-----w- c:\users\Rupi\AppData\Local\AVG Secure Search
2013-01-30 11:11 . 2013-01-30 11:11 -------- d-----w- c:\program files\MediaInfo
2013-01-30 11:11 . 2013-01-30 11:11 -------- d-----w- c:\programdata\AVG Secure Search
2013-01-30 11:10 . 2013-01-31 12:06 37720 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-01-30 11:10 . 2013-01-31 12:07 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2013-01-30 11:10 . 2013-01-31 12:07 -------- d-----w- c:\program files (x86)\AVG Secure Search
2013-01-30 11:09 . 2013-01-30 11:09 -------- d--h--w- c:\programdata\Common Files
2013-01-29 14:27 . 2013-01-29 14:27 -------- d-----w- c:\users\Rupi\AppData\Roaming\AnvSoft
2013-01-29 14:26 . 2013-01-29 14:26 -------- d-----w- c:\program files (x86)\AnvSoft
2013-01-29 14:24 . 2013-01-29 14:24 -------- d-----w- c:\users\Rupi\AppData\Local\Programs
2013-01-28 12:33 . 2010-06-02 06:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2013-01-28 12:33 . 2010-06-02 06:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
2013-01-28 12:33 . 2010-06-02 06:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
2013-01-28 12:33 . 2010-06-02 06:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2013-01-28 12:33 . 2010-05-26 13:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2013-01-28 12:33 . 2010-05-26 13:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2013-01-28 12:31 . 2013-01-28 12:31 -------- d-----w- c:\program files (x86)\Microsoft SkyDrive
2013-01-28 12:31 . 2013-01-28 12:31 -------- d-----r- c:\users\Rupi\SkyDrive
2013-01-28 12:30 . 2013-01-28 12:30 -------- d-----w- c:\programdata\Microsoft SkyDrive
2013-01-17 22:23 . 2013-01-31 01:46 -------- d-----w- c:\program files (x86)\Ask.com
2013-01-17 22:23 . 2013-01-17 22:23 -------- d-----w- c:\users\Rupi\AppData\Local\APN
2013-01-17 19:15 . 2013-01-17 19:15 -------- d-----w- c:\programdata\Ask
2013-01-17 19:15 . 2013-01-12 05:30 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-17 12:46 . 2013-01-17 12:46 -------- d-----w- c:\program files (x86)\1&1 Mail & Media
2013-01-14 23:49 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2013-01-14 23:49 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll
2013-01-14 23:49 . 2012-11-22 04:45 626688 ----a-w- c:\windows\SysWow64\usp10.dll
2013-01-14 23:47 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-14 23:45 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
2013-01-14 23:45 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2013-01-14 23:45 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-01-14 23:45 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-01-14 23:45 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-14 23:45 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-14 23:45 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-01-11 15:45 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-11 15:45 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-05 01:06 . 2012-02-10 10:01 27800 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-02-02 15:53 . 2011-03-28 20:36 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-01-17 03:28 . 2009-12-11 19:40 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-14 23:56 . 2010-11-28 12:55 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-10 23:26 . 2012-05-24 16:27 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-10 23:26 . 2011-05-16 10:24 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-16 17:11 . 2012-12-23 21:58 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-23 21:58 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-23 21:58 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-23 21:58 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-11-30 04:45 . 2013-01-14 23:47 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-14 07:06 . 2012-12-12 11:07 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-12 11:07 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-12 11:07 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-12 11:07 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-12 11:07 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-12 11:07 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-12 11:07 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-12 11:07 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-12 11:07 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-12 11:07 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-12 11:07 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-12 11:07 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-12 11:07 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-12 11:07 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-12 11:07 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-12 11:07 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-12 11:07 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-12 11:07 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 11:07 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-12 11:07 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 11:07 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-12 11:07 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-01-31 12:06 1883824 ----a-w- c:\program files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll" [2013-01-31 1883824]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-01-28 12:30 220632 ----a-w- c:\users\Rupi\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-01-28 12:30 220632 ----a-w- c:\users\Rupi\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-01-28 12:30 220632 ----a-w- c:\users\Rupi\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Rupi\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Rupi\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Rupi\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Rupi\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-22 4786048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-12-10 1573576]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-01-31 1101488]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-02-05 384800]
.
c:\users\Rupi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Rupi\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.313\SSScheduler.exe [2012-10-26 271808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 3xHybr64;3xHybrid service;c:\windows\system32\DRIVERS\3xHybr64.sys [2009-12-03 1333376]
R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l260x64.sys [2009-06-10 34304]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-11-01 1038088]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.313\McCHSvc.exe [2012-10-26 234776]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-23 1255736]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-05-16 203264]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-01 834544]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-01-31 37720]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-02-05 27800]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-02-05 85280]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2012-07-13 769432]
S2 vToolbarUpdater14.0.1;vToolbarUpdater14.0.1;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe [2013-01-31 945328]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-21 239616]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-08-17 1282560]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-01 23:27 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-02-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-24 23:26]
.
2013-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-06 00:16]
.
2013-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-06 00:16]
.
2013-02-08 c:\windows\Tasks\ROC_JAN2013_TB_rmv.job
- c:\program files (x86)\AVG Secure Search\PostInstall\ROC.exe [2013-01-31 12:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-01-28 12:30 244696 ----a-w- c:\users\Rupi\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-01-28 12:30 244696 ----a-w- c:\users\Rupi\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-01-28 12:30 244696 ----a-w- c:\users\Rupi\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Rupi\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Rupi\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Rupi\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Rupi\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-02 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-02 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-02 363544]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-02-03 6975520]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-02-03 1833504]
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
IE: Anexar a PDF existente - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Anexar destino do link a PDF existente - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Anexar para um PDF existente - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converter destino do link em Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converter destino do link em um PDF existente - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converter em Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
TCP: DhcpNameServer = 192.168.1.1 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll
.
- - - - ORFÃOS REMOVIDOS - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Wow6432Node-HKCU-Run-LightScribe Control Panel - c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
AddRemove-HelixYUVCodecs - c:\windows\system32\uninstHelixYUV.exe
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}"=hex:51,66,7a,6c,4c,1d,38,12,c3,8a,99,
0a,e5,db,85,05,f2,8b,4b,7e,f2,58,2e,15
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:48,4c,9f,b9,3e,03,ce,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cb,2b,3a,ce,ff,58,46,43,8a,35,89,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cb,2b,3a,ce,ff,58,46,43,8a,35,89,\
.
[HKEY_USERS\S-1-5-21-3340065973-2767842447-854006908-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*)ð]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3340065973-2767842447-854006908-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*)ð\OpenWithList]
@Class="Shell"
"a"="WINWORD.EXE"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3340065973-2767842447-854006908-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*)ð\OpenWithProgids]
"?_auto_file"=hex(0):
.
[HKEY_USERS\S-1-5-21-3340065973-2767842447-854006908-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*)ð]
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:4e,00,61,00,63,00,68,00,20,00,7a,00,77,00,65,00,69,00,20,00,48,00,e4,
00,6c,00,66,00,74,00,65,00,6e,00,2e,00,2e,00,29,f0,00,00,96,00,36,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3340065973-2767842447-854006908-1000_Classes\.*)ð]
@Allowed: (Read) (RestrictedCode)
@="?_auto_file"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2013-02-08 18:22:34
ComboFix-quarantined-files.txt 2013-02-08 20:22
.
Pré-execução: 225.138.851.840 bytes disponíveis
Pós execução: 227.312.496.640 bytes disponíveis
.
- - End Of File - - 65EC5E61675433639FDB9391384663F7
Viele Grüße, Zalgado (...ich bin gespannt, ober der Rechenr jetzt wirklich sauber ist?) |
|
| Themen zu Unerwünschte Software (und Viren?) |
| adobe, antivir, avg, avg secure search, avg security toolbar, avira, bho, bonjour, converter, desktop, firefox, flash player, format, helper, home, lightning, logfile, nodrives, object, plug-in, realtek, registry, safer networking, scan, secure search, security, senden, software, superantispyware, viren, vtoolbarupdater, warnhinweis, windows |
WARNUNG an die MITLESER: 
