| |
| |||||||
Log-Analyse und Auswertung: GVU / Bundespolizeitrojaner (Skypevariante?); System Win7 32bit; Infektionszeit 09.03.13 23:05Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
10.03.2013, 15:52
| #1 |
 |  GVU / Bundespolizeitrojaner (Skypevariante?); System Win7 32bit; Infektionszeit 09.03.13 23:05 Hallo, mein Rechner wurde von einer Version befallen, auf deren Blockadebild GVU- und Bundespolizei-Logo vorhanden ist. Bezahloption ist neben Ukash auch Paysafe. Ich habe nachdem ich letztes Jahr bereits mal von der Version 2.07 befallen war, unter Verwendung eines 2.Benutzer folgende Schritte beim befallenen Benutzer durchgeführt: - Trojaner-exe (vermeintlich) gelöscht - keine .ink im Autostart gefunden Nach Neustart erschien kurz ein Auswahlfenster, in dem man eine Videoquelle angeben kann. Dann dauerte es etwas und der Blockadebildschirm war wieder da. - Suche nach Dateien zum fraglichen Zeitpunkt - löschen der Dateien skype.dat / skype.ini - löschen sämtlicher Dateien zum Zeitpunkt Danach hatte ich beim befallenen User wieder eingeschränkten Zugriff. Da es sich hierbei jedoch um einen reinen User fürs surfen handelte haben ich kurzer Hand den kompletten User gelöscht. Danach habe ich unter meinem Hauptuser folgendes durchgeführt: Avira Internet Security inkl. Bereinigung Scan mit Malewarebyte Scan mit OTL OTL.txt Code:
ATTFilter OTL logfile created on: 10.03.2013 13:11:02 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matthias\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,06 Gb Available Physical Memory | 68,84% Memory free
6,00 Gb Paging File | 4,81 Gb Available in Paging File | 80,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,69 Gb Total Space | 64,97 Gb Free Space | 58,17% Space Free | Partition Type: NTFS
Drive E: | 1863,01 Gb Total Space | 964,42 Gb Free Space | 51,77% Space Free | Partition Type: NTFS
Drive V: | 0,00 Mb Total Space | 0,00 Mb Free Space | 100,00% Space Free | Partition Type: UNKNOWN
Drive Z: | 1863,01 Gb Total Space | 108,40 Gb Free Space | 5,82% Space Free | Partition Type: NTFS
Computer Name: MATTHIAS-PC | User Name: Matthias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.03.10 10:29:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL(2).exe
PRC - [2013.03.10 08:26:49 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.10 08:26:23 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2013.03.10 08:26:22 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.03.10 08:26:20 | 000,400,608 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe
PRC - [2013.03.10 08:26:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.03.10 08:26:18 | 000,657,120 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2013.03.10 08:26:18 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.01.28 13:08:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.17 17:14:14 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012.12.17 16:48:14 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012.12.03 13:09:36 | 001,588,280 | ---- | M] () -- C:\Programme\SEH Computertechnik GmbH\SEH UTN Manager\utnservice.exe
PRC - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.09.02 17:25:42 | 003,491,792 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2012.06.28 19:49:22 | 001,173,712 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2012.06.28 19:48:10 | 005,924,712 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\SyncAgent\syncagentsrv.exe
PRC - [2012.06.28 19:47:22 | 000,821,584 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2012.06.28 19:47:12 | 000,403,688 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2012.06.28 19:46:30 | 005,993,216 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2012.05.29 12:09:52 | 001,528,672 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
PRC - [2012.05.29 12:09:52 | 001,220,960 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
PRC - [2012.01.20 20:03:48 | 000,719,672 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2011.11.04 14:40:06 | 000,687,400 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe
PRC - [2011.09.16 00:16:48 | 000,025,824 | ---- | M] (Memeo) -- C:\Programme\Memeo\AutoBackup\MemeoBackgroundService.exe
PRC - [2011.09.16 00:16:44 | 000,322,784 | ---- | M] () -- C:\Programme\Memeo\AutoBackup\InstantBackup.exe
PRC - [2011.08.03 12:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.08.03 12:50:00 | 000,812,648 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011.08.03 12:50:00 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.12.13 14:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe
PRC - [2010.11.20 13:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.03.15 10:58:30 | 000,172,544 | ---- | M] (Panasonic Corporation) -- C:\Programme\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
PRC - [2007.06.15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe
PRC - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
========== Modules (No Company Name) ==========
MOD - [2013.02.15 03:27:57 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dll
MOD - [2013.02.15 03:22:16 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll
MOD - [2013.02.15 03:22:09 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2013.02.15 03:22:00 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013.01.10 03:26:17 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013.01.10 03:26:14 | 000,689,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlServ#\61fe2f344612f7b3b87f630e89b261e6\System.Data.SqlServerCe.ni.dll
MOD - [2013.01.10 03:21:47 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.10 03:21:46 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll
MOD - [2013.01.10 03:21:46 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll
MOD - [2013.01.10 03:21:45 | 006,610,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bd5f32f9081b6307cadda7422145553e\System.Data.ni.dll
MOD - [2013.01.10 03:21:17 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.10 03:21:00 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.10 03:20:57 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.01.10 03:20:56 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.10 03:20:49 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.06.28 19:46:10 | 013,005,184 | ---- | M] () -- C:\Programme\Acronis\TrueImageHome\Common\ti_managers.dll
MOD - [2012.06.28 16:34:28 | 000,018,816 | ---- | M] () -- C:\Programme\Acronis\TrueImageHome\ti_managers_proxy_stub.dll
MOD - [2011.11.01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.09.16 00:18:06 | 000,028,672 | ---- | M] () -- C:\Programme\Memeo\AutoBackup\de-DE\InstantBackup.resources.dll
MOD - [2011.09.16 00:17:06 | 002,888,416 | ---- | M] () -- C:\Programme\Memeo\AutoBackup\Memeo.Client.UI.dll
MOD - [2011.09.16 00:17:04 | 000,025,824 | ---- | M] () -- C:\Programme\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll
MOD - [2011.09.16 00:16:44 | 000,322,784 | ---- | M] () -- C:\Programme\Memeo\AutoBackup\InstantBackup.exe
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010.11.13 01:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 02:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010.04.05 19:52:36 | 000,504,293 | ---- | M] () -- C:\Programme\Memeo\AutoBackup\sqlite3.dll
MOD - [2010.04.05 19:52:18 | 000,053,248 | ---- | M] () -- C:\Programme\Memeo\AutoBackup\Mono.Nat.dll
MOD - [2009.08.16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2009.06.10 22:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
========== Services (SafeList) ==========
SRV - [2013.03.10 08:26:49 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.10 08:26:23 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2013.03.10 08:26:20 | 000,400,608 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2013.03.10 08:26:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.03.10 08:26:18 | 000,657,120 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2013.03.09 13:36:30 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.27 09:28:39 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.08 15:19:46 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.03 13:09:36 | 001,588,280 | ---- | M] () [Auto | Running] -- C:\Programme\SEH Computertechnik GmbH\SEH UTN Manager\utnservice.exe -- (SEH UTN Service)
SRV - [2012.09.20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012.09.02 17:25:42 | 003,491,792 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2012.06.28 19:48:10 | 005,924,712 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv)
SRV - [2012.06.28 19:47:22 | 000,821,584 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2012.05.29 12:09:52 | 001,528,672 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.05.29 12:09:50 | 000,029,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.11.04 14:40:06 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011.09.16 00:16:48 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Programme\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2011.08.03 12:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010.12.13 14:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.08.10 15:59:50 | 000,178,720 | ---- | M] () [Disabled | Stopped] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2009.08.10 15:59:48 | 000,387,616 | ---- | M] () [Disabled | Stopped] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.02.03 14:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Disabled | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008.08.07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [Disabled | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2007.06.15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
========== Driver Services (SafeList) ==========
DRV - File not found [Recognizer | On_Demand | Unknown] -- -- (Paiihevca)
DRV - [2013.03.10 08:27:07 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.03.10 08:27:07 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.03.10 08:27:07 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2013.03.10 08:27:06 | 000,113,024 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avfwot.sys -- (avfwot)
DRV - [2013.03.10 08:27:06 | 000,092,448 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avfwim.sys -- (avfwim)
DRV - [2013.03.10 08:27:06 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.12.03 13:09:58 | 000,042,552 | ---- | M] (SEH Computertechnik GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\sehutn.sys -- (sehutn)
DRV - [2012.09.02 17:25:43 | 000,234,752 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV - [2012.09.02 17:25:41 | 000,775,232 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpman.sys -- (tdrpman)
DRV - [2012.09.02 17:25:37 | 000,614,592 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2012.09.02 17:25:36 | 000,126,880 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vididr.sys -- (vididr)
DRV - [2012.09.02 17:25:35 | 000,086,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vsflt67.sys -- (vidsflt67)
DRV - [2012.09.02 17:25:34 | 000,177,600 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2012.09.02 17:25:34 | 000,080,416 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\fltsrv.sys -- (fltsrv)
DRV - [2012.08.23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2011.12.12 19:31:38 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011.08.03 12:50:00 | 010,304,104 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.07.20 01:54:06 | 000,047,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV - [2011.07.19 22:12:22 | 000,225,280 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btmhsf.sys -- (btmhsf)
DRV - [2011.07.08 00:21:28 | 000,139,880 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011.02.11 01:35:44 | 000,728,064 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8192cu.sys -- (RTL8192cu)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.06.09 13:00:48 | 001,554,472 | ---- | M] (Trident Microsystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TrdCap.sys -- (TrdCap)
DRV - [2010.02.06 15:49:00 | 000,597,536 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009.08.04 16:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2009.07.30 16:12:54 | 000,287,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2009.07.13 23:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009.06.28 23:36:36 | 000,017,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2009.05.13 13:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2009.05.13 13:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2003.04.25 10:11:10 | 000,099,968 | ---- | M] (ATMEL) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vnetusbr.sys -- (D-Link FVNETusb (AR)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2136012392-1314403839-967441070-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2136012392-1314403839-967441070-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2136012392-1314403839-967441070-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 5C 6C BF 23 0A CE 01 [binary data]
IE - HKU\S-1-5-21-2136012392-1314403839-967441070-1001\..\SearchScopes,DefaultScope = {78B3DE7F-5FD7-42E9-AA71-389C717A631F}
IE - HKU\S-1-5-21-2136012392-1314403839-967441070-1001\..\SearchScopes\{78B3DE7F-5FD7-42E9-AA71-389C717A631F}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-2136012392-1314403839-967441070-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2136012392-1314403839-967441070-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2136012392-1314403839-967441070-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2136012392-1314403839-967441070-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 43 87 C5 BB BD CC 01 [binary data]
IE - HKU\S-1-5-21-2136012392-1314403839-967441070-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2136012392-1314403839-967441070-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.09 13:36:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.09 13:36:28 | 000,000,000 | ---D | M]
[2011.12.29 10:21:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\Extensions
[2013.02.14 19:48:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\nxug5y1n.default\extensions
[2013.02.14 19:48:12 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\firefox\profiles\nxug5y1n.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.03.09 13:36:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.03.09 13:36:28 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.03.09 13:36:31 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009.12.17 00:03:36 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.08.24 15:00:03 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.08 20:22:53 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.08.24 15:00:03 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.24 15:00:03 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.24 15:00:03 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.24 15:00:03 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Programme\Corel\Corel MediaOne\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-21-2136012392-1314403839-967441070-1001..\Run: [ApplePhotoStreams] C:\Programme\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2136012392-1314403839-967441070-1001..\Run: [iCloudServices] C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2136012392-1314403839-967441070-1001..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30757C13-6560-4B6E-A938-4FC7110C6322}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4c3b164b-679b-11e2-bbf7-0015832dddf5}\Shell - "" = AutoRun
O33 - MountPoints2\{4c3b164b-679b-11e2-bbf7-0015832dddf5}\Shell\AutoRun\command - "" = G:\HTC_Sync_Manager_PC.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.03.10 10:29:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL(2).exe
[2013.03.10 10:22:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL(1).exe
[2013.03.10 08:33:15 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\Avira
[2013.03.10 08:32:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.03.10 08:32:17 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.03.10 08:32:17 | 000,113,024 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avfwot.sys
[2013.03.10 08:32:17 | 000,092,448 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avfwim.sys
[2013.03.10 08:32:17 | 000,083,944 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.03.10 08:32:17 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.03.10 08:32:17 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.03.10 08:32:16 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013.03.09 23:55:16 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Matthias\Desktop\mbam-setup.exe
[2013.03.09 13:36:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.03.01 20:44:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.02.26 21:04:08 | 000,000,000 | ---D | C] -- C:\Users\Matthias\MEDION NAS TOOL
[2013.02.26 21:01:37 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\Memeo
[2013.02.26 21:01:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDION
[2013.02.26 21:01:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Memeo
[2013.02.26 21:01:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Memeo
[2013.02.26 21:01:14 | 000,000,000 | ---D | C] -- C:\Program Files\Memeo
[2013.02.26 21:00:14 | 000,000,000 | ---D | C] -- C:\Program Files\MEDION
[2013.02.24 17:53:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.24 17:53:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.02.21 22:29:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.02.21 22:29:07 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.02.21 22:29:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.02.21 22:29:06 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
========== Files - Modified Within 30 Days ==========
[2013.03.10 13:09:51 | 000,000,000 | ---- | M] () -- C:\Users\Matthias\defogger_reenable
[2013.03.10 12:57:50 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.10 12:43:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.10 12:31:32 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.10 12:31:32 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.10 12:28:24 | 000,671,812 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.10 12:28:24 | 000,622,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.10 12:28:24 | 000,135,160 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.10 12:28:24 | 000,110,926 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.10 12:28:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.10 12:24:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.10 12:23:59 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.10 10:30:30 | 000,377,856 | ---- | M] () -- C:\Users\Matthias\Desktop\gmer_2.1.19155.exe
[2013.03.10 10:29:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL(2).exe
[2013.03.10 10:29:42 | 000,050,477 | ---- | M] () -- C:\Users\Matthias\Desktop\Defogger.exe
[2013.03.10 10:22:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL(1).exe
[2013.03.10 08:27:07 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.03.10 08:27:07 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.03.10 08:27:07 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.03.10 08:27:06 | 000,113,024 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avfwot.sys
[2013.03.10 08:27:06 | 000,092,448 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avfwim.sys
[2013.03.10 08:27:06 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.03.09 23:54:52 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Matthias\Desktop\mbam-setup.exe
[2013.03.09 23:32:17 | 301,768,704 | ---- | M] () -- C:\Users\Matthias\Desktop\kav_rescue_10.iso
[2013.03.09 15:00:17 | 000,000,450 | ---- | M] () -- C:\Windows\tasks\Intel_C_CVPR134604BU120LGN.job
[2013.02.26 21:01:37 | 000,002,086 | ---- | M] () -- C:\Users\Public\Desktop\MEDION NAS TOOL.lnk
[2013.02.26 21:01:20 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\Memeo Instant Backup.lnk
[2013.02.24 17:53:24 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.02.21 22:29:19 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.15 03:21:15 | 000,832,168 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2013.03.10 13:09:51 | 000,000,000 | ---- | C] () -- C:\Users\Matthias\defogger_reenable
[2013.03.10 10:30:30 | 000,377,856 | ---- | C] () -- C:\Users\Matthias\Desktop\gmer_2.1.19155.exe
[2013.03.10 10:29:41 | 000,050,477 | ---- | C] () -- C:\Users\Matthias\Desktop\Defogger.exe
[2013.03.09 23:25:00 | 301,768,704 | ---- | C] () -- C:\Users\Matthias\Desktop\kav_rescue_10.iso
[2013.02.26 21:01:37 | 000,002,086 | ---- | C] () -- C:\Users\Public\Desktop\MEDION NAS TOOL.lnk
[2013.02.26 21:01:20 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\Memeo Instant Backup.lnk
[2013.02.21 22:29:19 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.01.21 21:33:16 | 000,001,077 | ---- | C] () -- C:\Windows\cdplayer.ini
[2012.10.11 02:19:19 | 000,832,168 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.01.02 13:32:30 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2012.01.02 13:32:30 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\DF38B70230.sys
[2012.01.02 13:04:04 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2012.01.02 10:07:33 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2012.01.02 10:07:33 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2012.01.02 10:07:33 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2012.01.02 10:07:33 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2012.01.02 10:07:33 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2012.01.02 10:07:33 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2012.01.02 10:07:33 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2012.01.02 10:07:33 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2012.01.02 10:07:33 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2012.01.02 10:07:33 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2012.01.02 10:07:33 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2012.01.02 10:07:33 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2012.01.02 10:07:33 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2012.01.02 10:07:33 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2012.01.02 10:07:33 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2012.01.02 10:07:33 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2012.01.02 10:07:33 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2012.01.02 10:07:33 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2012.01.02 10:07:33 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011.12.30 17:53:36 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.12.30 17:53:36 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.12.30 17:51:56 | 000,001,534 | ---- | C] () -- C:\ProgramData\ss.ini
[2011.12.30 16:45:38 | 000,001,285 | ---- | C] () -- C:\Users\Matthias\InterCon-NetTool.ini
[2011.12.18 21:36:35 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2011.12.18 21:36:34 | 000,149,504 | ---- | C] () -- C:\Windows\unwise32_setup.exe
[2011.12.18 21:00:47 | 000,006,136 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
========== ZeroAccess Check ==========
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012.09.02 17:25:43 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\328A4CAB-EC49-48FC-8749-ABE8159A4DCD
[2012.01.04 10:33:20 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Acronis
[2011.12.30 17:35:15 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Canon
[2011.12.30 21:11:32 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Haenlein-Software
[2013.03.10 01:37:39 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Ibyl
[2011.12.30 20:55:12 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\IrfanView
[2013.01.12 07:35:47 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Luqiy
[2012.01.02 13:06:38 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\MAGIX
[2013.02.26 21:01:37 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Memeo
[2011.12.22 21:51:24 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\OpenCandy
[2013.01.12 07:35:47 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Rifae
[2011.12.31 12:45:03 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\TuneUp Software
[2013.03.10 12:58:24 | 000,000,000 | ---D | M] -- C:\Users\Surfen II\AppData\Roaming\Memeo
[2013.03.10 13:02:51 | 000,000,000 | ---D | M] -- C:\Users\Surfen II\AppData\Roaming\TuneUp Software
[2012.09.02 17:00:23 | 000,000,000 | ---D | M] -- C:\Users\Susu\AppData\Roaming\Acronis
[2012.04.05 18:18:40 | 000,000,000 | ---D | M] -- C:\Users\Susu\AppData\Roaming\Canon
[2013.02.27 08:44:08 | 000,000,000 | ---D | M] -- C:\Users\Susu\AppData\Roaming\Memeo
[2011.12.31 18:44:03 | 000,000,000 | ---D | M] -- C:\Users\Susu\AppData\Roaming\TuneUp Software
========== Purity Check ==========
< End of report >
Code:
ATTFilter OTL Extras logfile created on: 10.03.2013 13:11:03 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matthias\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,06 Gb Available Physical Memory | 68,84% Memory free
6,00 Gb Paging File | 4,81 Gb Available in Paging File | 80,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,69 Gb Total Space | 64,97 Gb Free Space | 58,17% Space Free | Partition Type: NTFS
Drive E: | 1863,01 Gb Total Space | 964,42 Gb Free Space | 51,77% Space Free | Partition Type: NTFS
Drive V: | 0,00 Mb Total Space | 0,00 Mb Free Space | 100,00% Space Free | Partition Type: UNKNOWN
Drive Z: | 1863,01 Gb Total Space | 108,40 Gb Free Space | 5,82% Space Free | Partition Type: NTFS
Computer Name: MATTHIAS-PC | User Name: Matthias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2136012392-1314403839-967441070-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{012F5876-6340-4AF0-A960-65893CB7C697}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{11FD5DB3-9BAF-469B-A97E-A76AA7D7F27D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{145E8013-B05A-40B9-A683-51A090BCF556}" = rport=139 | protocol=6 | dir=out | app=system |
"{3B3D43F2-3A13-4CB0-ABC7-E551C2226AEC}" = lport=137 | protocol=17 | dir=in | app=system |
"{53169140-2AD5-4B6A-8F83-21606215591F}" = lport=445 | protocol=6 | dir=in | app=system |
"{5A6C736D-D0B7-4392-AE03-693A8A6B7F0C}" = rport=445 | protocol=6 | dir=out | app=system |
"{61AC5E4A-F131-4927-84D5-F2E64B68BFF0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{70384BA5-5C52-48D7-AE92-DC5AEDBCA5B7}" = rport=138 | protocol=17 | dir=out | app=system |
"{9BCC93A7-FB58-479E-B286-245BF650D3C9}" = rport=137 | protocol=17 | dir=out | app=system |
"{A0942FE7-CA85-4D7F-BCA3-45187709DDA7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A283ECCB-7049-4504-813F-4054BAE6C46A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ABC5C753-256B-4579-B76B-701A51800F72}" = lport=139 | protocol=6 | dir=in | app=system |
"{BEB27A48-D661-4E8B-B41C-EA733E7BC329}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{D37235E0-9626-446C-9FDD-042CC6C1E53E}" = lport=138 | protocol=17 | dir=in | app=system |
"{DD27A23B-8878-4A3F-B8E9-8FA358B742DF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B822A4-6AD3-4F71-A500-008458A435AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0884757A-63B6-40E3-86D6-8477A1FFD087}" = protocol=17 | dir=in | app=c:\program files\seh computertechnik gmbh\seh utn manager\utnmanager.exe |
"{0D819C40-E54F-497D-85D0-CD2B86554713}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{10A2FF7F-BE97-4FB6-87C8-D626FB1DE20E}" = protocol=6 | dir=in | app=c:\program files\seh computertechnik gmbh\seh utn manager\utnmanager.exe |
"{13C0BFB5-BD33-479F-A3D6-4D2EFB4A69A3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{15C5E4D2-2748-4E20-AA0C-A03C976B2F8F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{304404F7-54B5-40EB-B4D7-497497DBA205}" = protocol=6 | dir=in | app=c:\program files\seh computertechnik gmbh\seh utn manager\utnservice.exe |
"{30DB9C28-EE89-414E-9F60-977509CCDF35}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{4828DEA3-9AC2-446D-A41A-5026114781E2}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{4A4BAC61-D6FC-4786-B269-EF08FB7642AD}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{57C21E1E-C3BB-46E4-82DB-7261F6C442C5}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{5B62A447-1A6C-4117-BE2A-A6B4370D609B}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{62F40EB2-50E7-425D-9201-9083FB85C3D5}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{72D947C5-1102-4F7E-A8EB-DAA7336D48B7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{88178E6B-0C60-4E25-9D45-38B9CE19F29A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8A34A0CF-5B8C-4C8B-9E59-F52A63883EE8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8E3AEC75-9C56-41B3-951A-1E4519F1F8A4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{8EC11F25-BAF0-4756-B169-E00C64F26D49}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{919C8484-5F47-4AC0-AAA1-30D744C31FC8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{A6DCCA19-B357-490D-A456-0FF6CAF7E18D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A9E2E53D-F30A-425D-BD58-D7BA0BFFDB6E}" = protocol=17 | dir=in | app=c:\program files\seh computertechnik gmbh\intercon-nettool\intercon-nettool.exe |
"{ACB2FACC-0207-4E81-8EE7-9C08CE21E7EF}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{BD816E3D-DE62-4B1B-BD8D-85A853E05241}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C2E9550C-6F94-4076-BCB2-373A64CFA8E1}" = protocol=17 | dir=in | app=c:\program files\seh computertechnik gmbh\seh utn manager\utnservice.exe |
"{C77850CD-F881-4951-A66C-98B773E3C2E5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D0BC8AFC-02D8-43DD-B028-3D9B92A6D100}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{E0D84C68-A643-4437-87F8-E0BF2939856F}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{F11711F0-1DD8-4A67-814C-2169EF81D1DA}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{FABC09A2-6ED7-44BD-9221-00C832104D0B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FE3D14EC-D2DE-449C-A31D-258483B82D79}" = protocol=6 | dir=in | app=c:\program files\seh computertechnik gmbh\intercon-nettool\intercon-nettool.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{054A5F46-6DCE-4D09-8BC0-170428A4ED56}" = Acronis*True*Image*Home 2012
"{054A5F46-6DCE-4D09-8BC0-170428A4ED56}Visible" = Acronis*True*Image*Home 2012
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807" = CanoScan LiDE 200 Scanner Driver
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10 Platinum HD
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}" = Nero 10 Menu TemplatePack 1
"{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Kwik Themes 1
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP 3.92
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70F19404-B96C-4EBB-AD2B-3574F8736197}" = Nero 10 Kwik Themes 2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85BEC8F6-9AA3-43FF-B56B-8276277137B3}" = Nero 10 Video TransitionPack 1
"{8973631B-D3CE-4F74-8A72-F734D928B940}" = DVRManager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{92146419-AE44-4C8B-A48B-0ABB1B5EC026}" = Nero 10 Menu TemplatePack 3
"{92A10E9D-EA00-4A46-8F22-EEA660992D61}" = Nero 10 Sample Videos
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{959282E3-55A9-49D8-B885-D27CF8A2FD82}" = PHOTOfunSTUDIO 5.1 HD Edition
"{96ED4B78-300E-4033-AE6C-C115CEB4DF07}" = Nero 10 ClipartPack
"{975C8028-51D8-44A9-9585-82E9810FE96A}" = hp LaserJet 1000
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{A70B0C7B-3527-4D53-A694-E9492ECE9EE1}" = Nero 10 Kwik Themes 4
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A8EFC6C1-DF0C-4F51-8779-EAC4CDB440A4}" = Plus Pack für Acronis True Image Home 2012
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ACD15FDF-FC42-4175-B477-576F92FF2256}" = Nero 10 Sample ImagePack
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BD60F72D-3F2F-4AE1-9C41-3CF75B2CA59A}" = DVR-Studio Pro 2
"{BD61F72D-2F1F-4BE1-9D41-3DF75B2CA59A}" = DVR-Compress
"{BD71B413-9FEE-49BB-A6D1-2C0BFB99BDFE}" = Microsoft LifeCam
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C82C515A-CAE3-44B3-B5CC-81C5E4A92E8F}" = Nero Prerequisite Installer 1.0
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DD238642-14C7-4D54-8BD7-FAD6DEA9999B}" = Nero 10 Kwik Themes 3
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E712C273-7564-4C8E-AA59-0FA19BC35117}" = Nero 10 Menu TemplatePack 2
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EF3A4DAE-F16F-4AC1-87BB-FE00A784084F}" = Nero 10 PiP EffectPack 1
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Album Cover Finder_is1" = Album Cover Finder v.7.1.0
"ALDI Süd Foto Manager Free D" = ALDI Süd Foto Manager Free
"ALDI Süd Foto Service D" = ALDI Süd Foto Service
"Aldi Süd Fotoservice_is1" = Aldi Süd Fotoservice
"ALDI Süd Online Druck Service D" = ALDI Süd Online Druck Service
"Avira AntiVir Desktop" = Avira Internet Security
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CrystalDiskInfo_is1" = CrystalDiskInfo 4.1.4
"dm-Fotowelt" = dm-Fotowelt
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"Intel(R) Solid-State Drive Toolbox" = Intel(R) Solid-State Drive Toolbox
"InterCon-NetTool" = SEH InterCon-NetTool 1.8.43
"IrfanView" = IrfanView (remove only)
"Jasc Paint Shop Pro 8.10 Update Patch" = Jasc Paint Shop Pro 8.10 Update Patch
"MEDION Fotos auf CD & DVD SE Sued D" = MEDION Fotos auf CD & DVD SE Sued
"MEDION NAS TOOL" = MEDION NAS TOOL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"SEH Print Monitor" = SEH Print Monitor 4.5.5
"SEH UTN Manager" = SEH UTN Manager 1.5.6
"Tag&Rename_is1" = Tag&Rename 3.6
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"WinZip" = WinZip
"X10Hardware" = X10 Hardware(TM)
"Xvid Video Codec 1.3.1" = Xvid Video Codec
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2136012392-1314403839-967441070-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Anwendungserkennung
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 09.03.2013 22:04:01 | Computer Name = Matthias-PC | Source = Microsoft-Windows-User Profiles Service | ID = 1511
Description = Das lokale Benutzerprofil wurde nicht gefunden. Sie werden mit einem
temporären Benutzerprofil angemeldet. Änderungen, die Sie am Benutzerprofil vornehmen,
gehen bei der Abmeldung verloren.
Error - 10.03.2013 03:09:36 | Computer Name = Matthias-PC | Source = MemeoBackgroundService | ID = 0
Description =
Error - 10.03.2013 03:12:12 | Computer Name = Matthias-PC | Source = MemeoBackgroundService | ID = 0
Description =
Error - 10.03.2013 03:22:58 | Computer Name = Matthias-PC | Source = MemeoBackgroundService | ID = 0
Description =
Error - 10.03.2013 03:34:32 | Computer Name = Matthias-PC | Source = MemeoBackgroundService | ID = 0
Description =
Error - 10.03.2013 04:02:55 | Computer Name = Matthias-PC | Source = MemeoBackgroundService | ID = 0
Description =
Error - 10.03.2013 04:54:08 | Computer Name = Matthias-PC | Source = VSS | ID = 8193
Description =
Error - 10.03.2013 04:56:29 | Computer Name = Matthias-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: utnservice.exe, Version: 0.0.0.0,
Zeitstempel: 0x50bc9681 Name des fehlerhaften Moduls: utnservice.exe, Version: 0.0.0.0,
Zeitstempel: 0x50bc9681 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000599a ID des fehlerhaften
Prozesses: 0x1528 Startzeit der fehlerhaften Anwendung: 0x01ce1d6cd91cb5f0 Pfad der
fehlerhaften Anwendung: C:\Program Files\SEH Computertechnik GmbH\SEH UTN Manager\utnservice.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\SEH Computertechnik GmbH\SEH UTN Manager\utnservice.exe
Berichtskennung:
656e0900-8960-11e2-aa62-0015832dddf5
Error - 10.03.2013 05:25:29 | Computer Name = Matthias-PC | Source = Application Hang | ID = 1002
Description = Programm TrueImage.exe, Version 15.0.0.7133 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in
der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 120c Startzeit: 01ce1d705ca83fe0 Endzeit: 18726 Anwendungspfad:
C:\Program Files\Acronis\TrueImageHome\TrueImage.exe Berichts-ID: 4b0dc241-8964-11e2-aa62-0015832dddf5
Error - 10.03.2013 07:24:16 | Computer Name = Matthias-PC | Source = MemeoBackgroundService | ID = 0
Description =
[ Media Center Events ]
Error - 05.03.2012 18:07:23 | Computer Name = Matthias-PC | Source = MCUpdate | ID = 0
Description = 23:07:22 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
konnte keine Vertrauensstellung hergestellt werden..)
Error - 17.02.2013 08:03:32 | Computer Name = Matthias-PC | Source = MCUpdate | ID = 0
Description = 13:03:32 - Fehler beim Herstellen der Internetverbindung. 13:03:32
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 01.03.2013 10:58:15 | Computer Name = Matthias-PC | Source = srv | ID = 2017
Description = Der Server konnte keinen nicht-ausgelagerten Poolspeicher reservieren,
da die konfigurierte Grenze für die Reservierung von nicht-ausgelagertem Poolspeicher
erreicht wurde.
Error - 01.03.2013 11:30:15 | Computer Name = Matthias-PC | Source = srv | ID = 2017
Description = Der Server konnte keinen nicht-ausgelagerten Poolspeicher reservieren,
da die konfigurierte Grenze für die Reservierung von nicht-ausgelagertem Poolspeicher
erreicht wurde.
Error - 01.03.2013 12:03:15 | Computer Name = Matthias-PC | Source = srv | ID = 2017
Description = Der Server konnte keinen nicht-ausgelagerten Poolspeicher reservieren,
da die konfigurierte Grenze für die Reservierung von nicht-ausgelagertem Poolspeicher
erreicht wurde.
Error - 01.03.2013 12:35:15 | Computer Name = Matthias-PC | Source = srv | ID = 2017
Description = Der Server konnte keinen nicht-ausgelagerten Poolspeicher reservieren,
da die konfigurierte Grenze für die Reservierung von nicht-ausgelagertem Poolspeicher
erreicht wurde.
Error - 01.03.2013 13:07:15 | Computer Name = Matthias-PC | Source = srv | ID = 2017
Description = Der Server konnte keinen nicht-ausgelagerten Poolspeicher reservieren,
da die konfigurierte Grenze für die Reservierung von nicht-ausgelagertem Poolspeicher
erreicht wurde.
Error - 01.03.2013 13:39:15 | Computer Name = Matthias-PC | Source = srv | ID = 2017
Description = Der Server konnte keinen nicht-ausgelagerten Poolspeicher reservieren,
da die konfigurierte Grenze für die Reservierung von nicht-ausgelagertem Poolspeicher
erreicht wurde.
Error - 01.03.2013 14:11:15 | Computer Name = Matthias-PC | Source = srv | ID = 2017
Description = Der Server konnte keinen nicht-ausgelagerten Poolspeicher reservieren,
da die konfigurierte Grenze für die Reservierung von nicht-ausgelagertem Poolspeicher
erreicht wurde.
Error - 01.03.2013 14:43:15 | Computer Name = Matthias-PC | Source = srv | ID = 2017
Description = Der Server konnte keinen nicht-ausgelagerten Poolspeicher reservieren,
da die konfigurierte Grenze für die Reservierung von nicht-ausgelagertem Poolspeicher
erreicht wurde.
Error - 01.03.2013 15:16:15 | Computer Name = Matthias-PC | Source = srv | ID = 2017
Description = Der Server konnte keinen nicht-ausgelagerten Poolspeicher reservieren,
da die konfigurierte Grenze für die Reservierung von nicht-ausgelagertem Poolspeicher
erreicht wurde.
Error - 02.03.2013 04:25:15 | Computer Name = Matthias-PC | Source = srv | ID = 2017
Description = Der Server konnte keinen nicht-ausgelagerten Poolspeicher reservieren,
da die konfigurierte Grenze für die Reservierung von nicht-ausgelagertem Poolspeicher
erreicht wurde.
[ TuneUp Events ]
Error - 09.02.2012 13:21:30 | Computer Name = Matthias-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 09.02.2012 13:21:30 | Computer Name = Matthias-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 14.02.2012 20:23:06 | Computer Name = Matthias-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 27.02.2012 22:48:07 | Computer Name = Matthias-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 28.02.2012 02:57:03 | Computer Name = Matthias-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 28.02.2012 02:57:29 | Computer Name = Matthias-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 28.02.2012 03:58:11 | Computer Name = Matthias-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 28.02.2012 03:59:01 | Computer Name = Matthias-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 07.07.2012 08:35:23 | Computer Name = Matthias-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 21.09.2012 21:15:55 | Computer Name = Matthias-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
< End of report >
Gmer.txt Code:
ATTFilter GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-10 15:08:06
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 INTEL_SSDSA2CW120G3 rev.4PC10362 111,79GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Matthias\AppData\Local\Temp\fxldqkow.sys
---- System - GMER 2.1 ----
SSDT 8F258496 ZwCreateSection
SSDT 8F25846E ZwCreateSymbolicLinkObject
SSDT 8F258473 ZwLoadDriver
SSDT 8F258469 ZwOpenSection
SSDT 8F2584A0 ZwRequestWaitReplyPort
SSDT 8F25849B ZwSetContextThread
SSDT 8F2584A5 ZwSetSecurityObject
SSDT 8F258478 ZwSetSystemInformation
SSDT 8F2584AA ZwSystemDebugControl
SSDT 8F258437 ZwTerminateProcess
SSDT 8F258432 ZwWriteVirtualMemory
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 8323F9E9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 832791C2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 8328030C 4 Bytes [96, 84, 25, 8F]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11FF 83280314 4 Bytes [6E, 84, 25, 8F]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1313 83280428 4 Bytes [73, 84, 25, 8F]
.text ntkrnlpa.exe!KeRemoveQueueEx + 13AF 832804C4 4 Bytes [69, 84, 25, 8F]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 83280668 4 Bytes [A0, 84, 25, 8F]
.text ...
---- Devices - GMER 2.1 ----
Device Ntfs.sys
AttachedDevice tdrpman.sys
Device \Driver\BTHUSB \Device\0000009b bthport.sys
Device \Driver\BTHUSB \Device\0000009b bthport.sys
Device \Driver\BTHUSB \Device\0000009d bthport.sys
Device \Driver\BTHUSB \Device\0000009d bthport.sys
Device \Driver\volmgr \Device\VolMgrControl fltsrv.sys
AttachedDevice \Driver\tdx \Device\Tcp avfwot.sys
Device \Driver\volmgr \Device\HarddiskVolume1 fltsrv.sys
Device \Driver\volmgr \Device\HarddiskVolume2 fltsrv.sys
Device \Driver\volmgr \Device\HarddiskVolume3 fltsrv.sys
Device \Driver\volmgr \Device\HarddiskVolume4 fltsrv.sys
Device \Driver\volmgr \Device\HarddiskVolume5 fltsrv.sys
Device \Driver\volmgr \Device\HarddiskVolume6 fltsrv.sys
Device \Driver\volmgr \Device\HarddiskVolume7 fltsrv.sys
Device \Driver\volmgr \Device\HarddiskVolume8 fltsrv.sys
Device \Driver\volmgr \Device\HarddiskVolume9 fltsrv.sys
Device \Driver\partmgr \Device\PartmgrControl fltsrv.sys
AttachedDevice \Driver\tdx \Device\Udp avfwot.sys
Device \Driver\Disk \Device\Harddisk0\DR0 fltsrv.sys
AttachedDevice \Driver\tdx \Device\RawIp avfwot.sys
Device \Driver\Disk \Device\Harddisk1\DR1 fltsrv.sys
Device \Driver\Disk \Device\Harddisk2\DR2 fltsrv.sys
Device \Driver\Disk \Device\Harddisk3\DR3 fltsrv.sys
Device \Driver\Disk \Device\Harddisk4\DR4 fltsrv.sys
Device \Driver\Disk \Device\Harddisk5\DR5 fltsrv.sys
Device \Driver\Disk \Device\Harddisk6\DR6 fltsrv.sys
Device \Driver\Disk \Device\Harddisk7\DR7 fltsrv.sys
Device \Driver\Disk \Device\Harddisk8\DR8 fltsrv.sys
Device \Driver\volmgr \Device\HarddiskVolume10 fltsrv.sys
Device \Driver\Disk \Device\Harddisk9\DR9 fltsrv.sys
Device \Driver\volmgr \Device\HarddiskVolume11 fltsrv.sys
Device \Driver\rdyboost \Device\RdyBoost fltsrv.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015832dddf5
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015832dddf5 (not active ControlSet)
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9816170D-898A-84EB-A621-DF7F7D25E3F7}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9816170D-898A-84EB-A621-DF7F7D25E3F7}@pafkmibdkdbjfhlpkelkigoielnfgmof 0x61 0x61 0x00 0x00
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9816170D-898A-84EB-A621-DF7F7D25E3F7}@padpmljobipagfdfhgnhbjohlbompdoa 0x61 0x61 0x00 0x01
---- EOF - GMER 2.1 ----
Ich bin mir nicht sicher, ob ich bereits alles entfernen konnte. Meine Avira Internet Security Suite arbeitete zunächst nicht. Fehlermeldung bzgl. folgender fehlerhaften oder fehlenden DLL C:\\WINDOWS\WinSxS\x86_microsoft.windows.common_controls_6595b64144ccf1df_6.0.7691.17514_none_41e6975e2bd6f2b2\COMCTL32.dll Nach Deinstallation und Neuinstallation von Avira ist bisher vermeintlich alles in Ordnung. Ich bitte um Hilfe und verbleibe mit Besten Grüssen Ratte2000 |
|
11.03.2013, 11:41
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | GVU / Bundespolizeitrojaner (Skypevariante?); System Win7 32bit; Infektionszeit 09.03.13 23:05 Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
11.03.2013, 22:56
| #3 |
| | GVU / Bundespolizeitrojaner (Skypevariante?); System Win7 32bit; Infektionszeit 09.03.13 23:05 Hi cosinus,
__________________leider sind keine weiteren Logfiles mehr vorhanden. Malwarebytes: habe ich deinstalliert, da laut Avira inkompatibel zu Antivir => Logfiles weg Avira Antivir: deinstalliert und neuinstalliert, da fehlerhaft gearbeitet => Logfiles weg Ich hab alles mehrfach nochmals durchsucht, leider ohne Erfolg. Gruß, Ratte2000 |
|
12.03.2013, 10:47
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU / Bundespolizeitrojaner (Skypevariante?); System Win7 32bit; Infektionszeit 09.03.13 23:05 Schau mal nach ob die Logs noch hier zu sehen sind in Form von Textdateien. Damit du die Ordner auch siehst das hier VORHER umsetzen!! => http://www.trojaner-board.de/59624-a...-sichtbar.html Hauptlogs nach Scans (Quick, Full oder Flash):
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
12.03.2013, 21:33
| #5 |
| | GVU / Bundespolizeitrojaner (Skypevariante?); System Win7 32bit; Infektionszeit 09.03.13 23:05 Dort hatte ich schon nachgesehen. Es existiert zwar noch ein Log von MBAM, allerdings ohne Fund. Deswegen hatte ich es nicht gepostet Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.09.13 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Matthias :: MATTHIAS-PC [Administrator] 10.03.2013 03:07:54 mbam-log-2013-03-10 (03-07-54).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 671191 Laufzeit: 1 Stunde(n), 54 Minute(n), 43 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter Avira Internet Security
Erstellungsdatum der Reportdatei: Sonntag, 10. März 2013 09:06
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Matthias Tasler
Seriennummer : 2215453209-ISECE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : MATTHIAS-PC
Versionsinformationen:
BUILD.DAT : 13.0.0.3185 56198 Bytes 30.01.2013 10:04:00
AVSCAN.EXE : 13.6.0.584 640224 Bytes 10.03.2013 07:26:21
AVSCANRC.DLL : 13.4.0.360 64800 Bytes 10.03.2013 07:26:21
LUKE.DLL : 13.6.0.602 67808 Bytes 10.03.2013 07:26:40
AVSCPLR.DLL : 13.6.0.628 94432 Bytes 10.03.2013 07:27:08
AVREG.DLL : 13.6.0.600 250592 Bytes 10.03.2013 07:27:08
avlode.dll : 13.6.2.624 434912 Bytes 10.03.2013 07:27:08
avlode.rdf : 13.0.0.38 15231 Bytes 10.03.2013 07:27:08
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 07:24:26
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 07:24:45
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 07:25:05
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 07:25:11
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 07:25:17
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 07:25:22
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 07:25:29
VBASE007.VDF : 7.11.50.230 3904512 Bytes 22.11.2012 07:25:35
VBASE008.VDF : 7.11.60.10 6627328 Bytes 07.02.2013 07:25:44
VBASE009.VDF : 7.11.60.11 2048 Bytes 07.02.2013 07:25:44
VBASE010.VDF : 7.11.60.12 2048 Bytes 07.02.2013 07:25:44
VBASE011.VDF : 7.11.60.13 2048 Bytes 07.02.2013 07:25:44
VBASE012.VDF : 7.11.60.14 2048 Bytes 07.02.2013 07:25:44
VBASE013.VDF : 7.11.60.62 351232 Bytes 08.02.2013 07:25:45
VBASE014.VDF : 7.11.60.115 190976 Bytes 09.02.2013 07:25:45
VBASE015.VDF : 7.11.60.177 282624 Bytes 11.02.2013 07:25:46
VBASE016.VDF : 7.11.60.249 215552 Bytes 13.02.2013 07:25:46
VBASE017.VDF : 7.11.61.65 151040 Bytes 15.02.2013 07:25:46
VBASE018.VDF : 7.11.61.135 159232 Bytes 18.02.2013 07:25:46
VBASE019.VDF : 7.11.61.163 152064 Bytes 18.02.2013 07:25:47
VBASE020.VDF : 7.11.61.207 164352 Bytes 19.02.2013 07:25:47
VBASE021.VDF : 7.11.62.43 206336 Bytes 21.02.2013 07:25:47
VBASE022.VDF : 7.11.62.111 136192 Bytes 23.02.2013 07:25:48
VBASE023.VDF : 7.11.62.157 143360 Bytes 25.02.2013 07:25:48
VBASE024.VDF : 7.11.62.237 199168 Bytes 27.02.2013 07:25:48
VBASE025.VDF : 7.11.63.71 209408 Bytes 01.03.2013 07:25:48
VBASE026.VDF : 7.11.63.121 257536 Bytes 04.03.2013 07:25:49
VBASE027.VDF : 7.11.63.211 212480 Bytes 06.03.2013 07:25:49
VBASE028.VDF : 7.11.64.21 198656 Bytes 08.03.2013 07:25:49
VBASE029.VDF : 7.11.64.22 2048 Bytes 08.03.2013 07:25:49
VBASE030.VDF : 7.11.64.23 2048 Bytes 08.03.2013 07:25:50
VBASE031.VDF : 7.11.64.68 167936 Bytes 09.03.2013 07:25:50
Engineversion : 8.2.12.14
AEVDF.DLL : 8.1.2.10 102772 Bytes 10.03.2013 07:25:57
AESCRIPT.DLL : 8.1.4.96 471420 Bytes 10.03.2013 07:25:56
AESCN.DLL : 8.1.10.0 131445 Bytes 10.03.2013 07:25:56
AESBX.DLL : 8.2.5.12 606578 Bytes 10.03.2013 07:25:57
AERDL.DLL : 8.2.0.88 643444 Bytes 10.03.2013 07:25:56
AEPACK.DLL : 8.3.2.0 827767 Bytes 10.03.2013 07:25:56
AEOFFICE.DLL : 8.1.2.56 205180 Bytes 10.03.2013 07:25:55
AEHEUR.DLL : 8.1.4.236 5833081 Bytes 10.03.2013 07:25:55
AEHELP.DLL : 8.1.25.2 258423 Bytes 10.03.2013 07:25:51
AEGEN.DLL : 8.1.6.16 434549 Bytes 10.03.2013 07:25:51
AEEXP.DLL : 8.4.0.10 192886 Bytes 10.03.2013 07:25:57
AEEMU.DLL : 8.1.3.2 393587 Bytes 10.03.2013 07:25:51
AECORE.DLL : 8.1.31.2 201080 Bytes 10.03.2013 07:25:50
AEBB.DLL : 8.1.1.4 53619 Bytes 10.03.2013 07:25:50
AVWINLL.DLL : 13.6.0.480 26480 Bytes 10.03.2013 07:23:44
AVPREF.DLL : 13.6.0.480 51056 Bytes 10.03.2013 07:26:21
AVREP.DLL : 13.6.0.480 178544 Bytes 10.03.2013 07:27:08
AVARKT.DLL : 13.6.0.624 260832 Bytes 10.03.2013 07:26:14
AVEVTLOG.DLL : 13.6.0.600 167648 Bytes 10.03.2013 07:26:16
SQLITE3.DLL : 3.7.0.1 397704 Bytes 10.03.2013 07:26:53
AVSMTP.DLL : 13.6.0.480 63344 Bytes 10.03.2013 07:26:22
NETNT.DLL : 13.6.0.480 16240 Bytes 10.03.2013 07:26:46
RCIMAGE.DLL : 13.4.0.360 5154080 Bytes 10.03.2013 07:23:45
RCTEXT.DLL : 13.6.0.480 68976 Bytes 10.03.2013 07:23:45
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, E:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+SPR,
Beginn des Suchlaufs: Sonntag, 10. März 2013 09:06
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'E:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
HKEY_USERS\S-1-5-21-2136012392-1314403839-967441070-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder\1
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_USERS\S-1-5-21-2136012392-1314403839-967441070-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
Versteckter Treiber
[HINWEIS] Eine Speicherveränderung wurde entdeckt, die möglicherweise zur versteckten Dateizugriffen missbraucht werden könnte.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'DllHost.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'WMIADAP.EXE' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'TrustedInstaller.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '120' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '101' Modul(e) wurden durchsucht
Durchsuche Prozess 'sppsvc.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'NASvc.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '135' Modul(e) wurden durchsucht
Durchsuche Prozess 'InstantBackup.exe' - '124' Modul(e) wurden durchsucht
Durchsuche Prozess 'AutoStartupService.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'ApplePhotoStreams.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'iCloudServices.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'ISUSPM.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'MSOSYNC.EXE' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '137' Modul(e) wurden durchsucht
Durchsuche Prozess 'TimounterMonitor.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'APSDaemon.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'schedhlp.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvtray.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'TrueImageMonitor.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'avmailc.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '172' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'TuneUpUtilitiesApp32.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'x10nets.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'TuneUpUtilitiesService32.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'syncagentsrv.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'utnservice.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'MSCamS32.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'MemeoBackgroundService.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'bgsvcgen.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '96' Modul(e) wurden durchsucht
Durchsuche Prozess 'avfwsvc.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'afcdpsrv.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'schedul2.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '96' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvxdsync.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '153' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '105' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '30364' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\'
Beginne mit der Suche in 'E:\' <Daten>
Ende des Suchlaufs: Sonntag, 10. März 2013 10:51
Benötigte Zeit: 1:45:39 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
50191 Verzeichnisse wurden überprüft
1193205 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
1193205 Dateien ohne Befall
31939 Archive wurden durchsucht
0 Warnungen
3 Hinweise
853432 Objekte wurden beim Rootkitscan durchsucht
3 Versteckte Objekte wurden gefunden
|
|
12.03.2013, 23:50
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU / Bundespolizeitrojaner (Skypevariante?); System Win7 32bit; Infektionszeit 09.03.13 23:05 Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> GVU / Bundespolizeitrojaner (Skypevariante?); System Win7 32bit; Infektionszeit 09.03.13 23:05 |
|
13.03.2013, 22:50
| #7 |
| | GVU / Bundespolizeitrojaner (Skypevariante?); System Win7 32bit; Infektionszeit 09.03.13 23:05 anbei die Ergebnisse der Scans: MBAR: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.13.12
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Matthias :: MATTHIAS-PC [administrator]
13.03.2013 21:15:38
mbar-log-2013-03-13 (21-15-38).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30187
Time elapsed: 6 minute(s), 19 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
es war kein vollständiger Scan möglich; Programm bricht immer (auch nach mehrmaligen Neustart) mit angehängter Fehlermeldung ab TDSS-Killer Code:
ATTFilter 21:43:39.0374 5700 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:43:39.0483 5700 ============================================================
21:43:39.0483 5700 Current date / time: 2013/03/13 21:43:39.0483
21:43:39.0483 5700 SystemInfo:
21:43:39.0483 5700
21:43:39.0483 5700 OS Version: 6.1.7601 ServicePack: 1.0
21:43:39.0483 5700 Product type: Workstation
21:43:39.0483 5700 ComputerName: MATTHIAS-PC
21:43:39.0483 5700 UserName: Matthias
21:43:39.0483 5700 Windows directory: C:\Windows
21:43:39.0483 5700 System windows directory: C:\Windows
21:43:39.0483 5700 Processor architecture: Intel x86
21:43:39.0483 5700 Number of processors: 4
21:43:39.0483 5700 Page size: 0x1000
21:43:39.0483 5700 Boot type: Normal boot
21:43:39.0483 5700 ============================================================
21:43:39.0749 5700 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:43:39.0749 5700 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:43:39.0795 5700 ============================================================
21:43:39.0795 5700 \Device\Harddisk1\DR1:
21:43:39.0795 5700 MBR partitions:
21:43:39.0795 5700 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
21:43:39.0795 5700 \Device\Harddisk0\DR0:
21:43:39.0795 5700 MBR partitions:
21:43:39.0795 5700 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:43:39.0795 5700 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
21:43:39.0795 5700 ============================================================
21:43:39.0795 5700 C: <-> \Device\Harddisk0\DR0\Partition2
21:43:39.0811 5700 E: <-> \Device\Harddisk1\DR1\Partition1
21:43:39.0811 5700 ============================================================
21:43:39.0811 5700 Initialize success
21:43:39.0811 5700 ============================================================
21:44:03.0773 3276 ============================================================
21:44:03.0773 3276 Scan started
21:44:03.0773 3276 Mode: Manual; SigCheck; TDLFS;
21:44:03.0773 3276 ============================================================
21:44:03.0929 3276 ================ Scan system memory ========================
21:44:03.0929 3276 System memory - ok
21:44:03.0929 3276 ================ Scan services =============================
21:44:03.0960 3276 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:44:04.0022 3276 1394ohci - ok
21:44:04.0038 3276 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:44:04.0053 3276 ACPI - ok
21:44:04.0053 3276 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:44:04.0085 3276 AcpiPmi - ok
21:44:04.0100 3276 [ D13C68CD5776C900A73C609422191BAF ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
21:44:04.0116 3276 AcrSch2Svc - ok
21:44:04.0116 3276 [ F84C9DEE4698DF3C1D76801B7B1B55D7 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
21:44:04.0131 3276 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
21:44:04.0131 3276 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
21:44:04.0131 3276 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:44:04.0147 3276 AdobeARMservice - ok
21:44:04.0163 3276 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:44:04.0178 3276 AdobeFlashPlayerUpdateSvc - ok
21:44:04.0178 3276 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:44:04.0209 3276 adp94xx - ok
21:44:04.0209 3276 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:44:04.0241 3276 adpahci - ok
21:44:04.0241 3276 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:44:04.0256 3276 adpu320 - ok
21:44:04.0256 3276 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:44:04.0272 3276 AeLookupSvc - ok
21:44:04.0287 3276 [ 158ED54CE49CF828C1E46A811FFF8804 ] afcdp C:\Windows\system32\DRIVERS\afcdp.sys
21:44:04.0303 3276 afcdp - ok
21:44:04.0350 3276 [ 50BD54F16710AE4AEF88D57E63ECFEF8 ] afcdpsrv C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
21:44:04.0412 3276 afcdpsrv - ok
21:44:04.0428 3276 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
21:44:04.0443 3276 AFD - ok
21:44:04.0443 3276 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
21:44:04.0459 3276 agp440 - ok
21:44:04.0459 3276 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
21:44:04.0475 3276 aic78xx - ok
21:44:04.0490 3276 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
21:44:04.0506 3276 ALG - ok
21:44:04.0506 3276 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
21:44:04.0521 3276 aliide - ok
21:44:04.0521 3276 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
21:44:04.0537 3276 amdagp - ok
21:44:04.0537 3276 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
21:44:04.0553 3276 amdide - ok
21:44:04.0568 3276 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:44:04.0584 3276 AmdK8 - ok
21:44:04.0584 3276 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:44:04.0599 3276 AmdPPM - ok
21:44:04.0615 3276 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:44:04.0615 3276 amdsata - ok
21:44:04.0631 3276 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:44:04.0646 3276 amdsbs - ok
21:44:04.0646 3276 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:44:04.0662 3276 amdxata - ok
21:44:04.0677 3276 [ 6DB54F2A69E07C25A79E23B1AC87A0AC ] AntiVirFirewallService C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
21:44:04.0693 3276 AntiVirFirewallService - ok
21:44:04.0709 3276 [ BD6469AB30F7B6EDED03ECF7712208EA ] AntiVirMailService C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
21:44:04.0724 3276 AntiVirMailService - ok
21:44:04.0724 3276 [ 7BF68342758EC38D3378543AD53843CA ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
21:44:04.0740 3276 AntiVirSchedulerService - ok
21:44:04.0740 3276 [ 8E1404EB1A49007203B310A8FFE9CBB5 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
21:44:04.0755 3276 AntiVirService - ok
21:44:04.0771 3276 [ FC3EE590B471815A4CA6AFDF8A435DE2 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
21:44:04.0787 3276 AntiVirWebService - ok
21:44:04.0802 3276 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
21:44:04.0818 3276 AppID - ok
21:44:04.0818 3276 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:44:04.0849 3276 AppIDSvc - ok
21:44:04.0865 3276 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
21:44:04.0880 3276 Appinfo - ok
21:44:04.0896 3276 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:44:04.0896 3276 Apple Mobile Device - ok
21:44:04.0911 3276 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
21:44:04.0927 3276 arc - ok
21:44:04.0927 3276 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:44:04.0943 3276 arcsas - ok
21:44:04.0943 3276 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:44:04.0974 3276 AsyncMac - ok
21:44:04.0974 3276 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
21:44:04.0989 3276 atapi - ok
21:44:05.0005 3276 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:44:05.0036 3276 AudioEndpointBuilder - ok
21:44:05.0052 3276 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
21:44:05.0067 3276 Audiosrv - ok
21:44:05.0083 3276 [ 662ECAEC0FAE2C2069B75EF8A762BE87 ] avfwim C:\Windows\system32\DRIVERS\avfwim.sys
21:44:05.0099 3276 avfwim - ok
21:44:05.0099 3276 [ E4DC0228AB7492086B96FCC8298CF3B6 ] avfwot C:\Windows\system32\DRIVERS\avfwot.sys
21:44:05.0114 3276 avfwot - ok
21:44:05.0114 3276 [ 2060DAAC61CC3F65B6517CE840E4F6DA ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
21:44:05.0130 3276 avgntflt - ok
21:44:05.0145 3276 [ F3AF2B17AE92A378979ADD8D6981E818 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
21:44:05.0145 3276 avipbb - ok
21:44:05.0161 3276 [ 793C820F0199C2964A908C9F0748E99D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
21:44:05.0177 3276 avkmgr - ok
21:44:05.0177 3276 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:44:05.0192 3276 AxInstSV - ok
21:44:05.0208 3276 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
21:44:05.0223 3276 b06bdrv - ok
21:44:05.0239 3276 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
21:44:05.0255 3276 b57nd60x - ok
21:44:05.0255 3276 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
21:44:05.0270 3276 BDESVC - ok
21:44:05.0286 3276 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
21:44:05.0301 3276 Beep - ok
21:44:05.0317 3276 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
21:44:05.0348 3276 BFE - ok
21:44:05.0364 3276 [ ACC9C8C560C567FAD6F79C977AB2EA09 ] bgsvcgen C:\Windows\System32\bgsvcgen.exe
21:44:05.0364 3276 bgsvcgen - ok
21:44:05.0379 3276 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
21:44:05.0426 3276 BITS - ok
21:44:05.0426 3276 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:44:05.0442 3276 blbdrive - ok
21:44:05.0457 3276 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:44:05.0473 3276 Bonjour Service - ok
21:44:05.0473 3276 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:44:05.0489 3276 bowser - ok
21:44:05.0489 3276 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:44:05.0520 3276 BrFiltLo - ok
21:44:05.0520 3276 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:44:05.0535 3276 BrFiltUp - ok
21:44:05.0551 3276 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
21:44:05.0567 3276 Browser - ok
21:44:05.0567 3276 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:44:05.0582 3276 Brserid - ok
21:44:05.0598 3276 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:44:05.0613 3276 BrSerWdm - ok
21:44:05.0613 3276 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:44:05.0629 3276 BrUsbMdm - ok
21:44:05.0629 3276 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:44:05.0645 3276 BrUsbSer - ok
21:44:05.0660 3276 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
21:44:05.0676 3276 BthEnum - ok
21:44:05.0676 3276 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:44:05.0691 3276 BTHMODEM - ok
21:44:05.0707 3276 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
21:44:05.0707 3276 BthPan - ok
21:44:05.0723 3276 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
21:44:05.0754 3276 BTHPORT - ok
21:44:05.0754 3276 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
21:44:05.0785 3276 bthserv - ok
21:44:05.0785 3276 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
21:44:05.0801 3276 BTHUSB - ok
21:44:05.0816 3276 [ D517BA16793D76210C963DAB2A88B74F ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys
21:44:05.0832 3276 btmhsf - ok
21:44:05.0832 3276 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:44:05.0863 3276 cdfs - ok
21:44:05.0863 3276 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:44:05.0879 3276 cdrom - ok
21:44:05.0894 3276 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
21:44:05.0910 3276 CertPropSvc - ok
21:44:05.0925 3276 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:44:05.0941 3276 circlass - ok
21:44:05.0941 3276 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
21:44:05.0957 3276 CLFS - ok
21:44:05.0972 3276 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:44:05.0988 3276 clr_optimization_v2.0.50727_32 - ok
21:44:06.0003 3276 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:44:06.0019 3276 clr_optimization_v4.0.30319_32 - ok
21:44:06.0019 3276 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:44:06.0035 3276 CmBatt - ok
21:44:06.0035 3276 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:44:06.0050 3276 cmdide - ok
21:44:06.0066 3276 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys
21:44:06.0081 3276 CNG - ok
21:44:06.0097 3276 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:44:06.0113 3276 Compbatt - ok
21:44:06.0113 3276 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:44:06.0128 3276 CompositeBus - ok
21:44:06.0128 3276 COMSysApp - ok
21:44:06.0144 3276 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:44:06.0159 3276 crcdisk - ok
21:44:06.0175 3276 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:44:06.0191 3276 CryptSvc - ok
21:44:06.0191 3276 [ D35558A535EE2613511AE39F9E9970A7 ] D-Link FVNETusb (AR)(R) C:\Windows\system32\DRIVERS\vnetusbr.sys
21:44:06.0206 3276 D-Link FVNETusb (AR)(R) - ok
21:44:06.0222 3276 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
21:44:06.0253 3276 DcomLaunch - ok
21:44:06.0253 3276 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
21:44:06.0284 3276 defragsvc - ok
21:44:06.0284 3276 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:44:06.0315 3276 DfsC - ok
21:44:06.0331 3276 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
21:44:06.0347 3276 Dhcp - ok
21:44:06.0347 3276 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
21:44:06.0378 3276 discache - ok
21:44:06.0378 3276 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:44:06.0393 3276 Disk - ok
21:44:06.0409 3276 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:44:06.0425 3276 Dnscache - ok
21:44:06.0425 3276 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
21:44:06.0456 3276 dot3svc - ok
21:44:06.0456 3276 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
21:44:06.0487 3276 DPS - ok
21:44:06.0487 3276 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:44:06.0503 3276 drmkaud - ok
21:44:06.0518 3276 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:44:06.0549 3276 DXGKrnl - ok
21:44:06.0549 3276 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
21:44:06.0581 3276 EapHost - ok
21:44:06.0627 3276 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
21:44:06.0674 3276 ebdrv - ok
21:44:06.0690 3276 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
21:44:06.0705 3276 EFS - ok
21:44:06.0721 3276 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:44:06.0737 3276 ehRecvr - ok
21:44:06.0737 3276 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
21:44:06.0752 3276 ehSched - ok
21:44:06.0768 3276 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:44:06.0799 3276 elxstor - ok
21:44:06.0799 3276 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:44:06.0815 3276 ErrDev - ok
21:44:06.0830 3276 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
21:44:06.0861 3276 EventSystem - ok
21:44:06.0861 3276 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
21:44:06.0893 3276 exfat - ok
21:44:06.0893 3276 Fabs - ok
21:44:06.0908 3276 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:44:06.0939 3276 fastfat - ok
21:44:06.0939 3276 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
21:44:06.0971 3276 Fax - ok
21:44:06.0971 3276 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:44:06.0986 3276 fdc - ok
21:44:06.0986 3276 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
21:44:07.0017 3276 fdPHost - ok
21:44:07.0017 3276 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
21:44:07.0049 3276 FDResPub - ok
21:44:07.0064 3276 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:44:07.0064 3276 FileInfo - ok
21:44:07.0080 3276 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:44:07.0095 3276 Filetrace - ok
21:44:07.0142 3276 [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
21:44:07.0205 3276 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
21:44:07.0205 3276 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
21:44:07.0205 3276 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:44:07.0220 3276 flpydisk - ok
21:44:07.0236 3276 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:44:07.0251 3276 FltMgr - ok
21:44:07.0251 3276 [ 17119D86FB4A43A99BF5242DD3038394 ] fltsrv C:\Windows\system32\DRIVERS\fltsrv.sys
21:44:07.0267 3276 fltsrv - ok
21:44:07.0283 3276 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
21:44:07.0314 3276 FontCache - ok
21:44:07.0329 3276 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:44:07.0345 3276 FontCache3.0.0.0 - ok
21:44:07.0345 3276 [ C96C52D0D80666AF585516FFA97B7C00 ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
21:44:07.0376 3276 ForceWare Intelligent Application Manager (IAM) - ok
21:44:07.0376 3276 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:44:07.0392 3276 FsDepends - ok
21:44:07.0392 3276 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:44:07.0407 3276 Fs_Rec - ok
21:44:07.0423 3276 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:44:07.0439 3276 fvevol - ok
21:44:07.0439 3276 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:44:07.0454 3276 gagp30kx - ok
21:44:07.0454 3276 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:44:07.0470 3276 GEARAspiWDM - ok
21:44:07.0485 3276 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
21:44:07.0517 3276 gpsvc - ok
21:44:07.0517 3276 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
21:44:07.0532 3276 gupdate - ok
21:44:07.0532 3276 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
21:44:07.0548 3276 gupdatem - ok
21:44:07.0563 3276 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:44:07.0579 3276 hcw85cir - ok
21:44:07.0579 3276 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:44:07.0595 3276 HdAudAddService - ok
21:44:07.0610 3276 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:44:07.0626 3276 HDAudBus - ok
21:44:07.0626 3276 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:44:07.0641 3276 HidBatt - ok
21:44:07.0657 3276 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:44:07.0673 3276 HidBth - ok
21:44:07.0673 3276 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:44:07.0688 3276 HidIr - ok
21:44:07.0704 3276 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
21:44:07.0719 3276 hidserv - ok
21:44:07.0735 3276 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:44:07.0751 3276 HidUsb - ok
21:44:07.0751 3276 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:44:07.0782 3276 hkmsvc - ok
21:44:07.0782 3276 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:44:07.0797 3276 HomeGroupListener - ok
21:44:07.0813 3276 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:44:07.0829 3276 HomeGroupProvider - ok
21:44:07.0829 3276 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:44:07.0844 3276 HpSAMD - ok
21:44:07.0860 3276 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:44:07.0891 3276 HTTP - ok
21:44:07.0891 3276 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:44:07.0907 3276 hwpolicy - ok
21:44:07.0922 3276 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:44:07.0922 3276 i8042prt - ok
21:44:07.0938 3276 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:44:07.0953 3276 iaStorV - ok
21:44:07.0969 3276 [ 61401BA4183BC171BA114FCE4981BB33 ] iBtFltCoex C:\Windows\system32\DRIVERS\iBtFltCoex.sys
21:44:07.0969 3276 iBtFltCoex - ok
21:44:07.0985 3276 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:44:08.0016 3276 idsvc - ok
21:44:08.0031 3276 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:44:08.0047 3276 iirsp - ok
21:44:08.0063 3276 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
21:44:08.0094 3276 IKEEXT - ok
21:44:08.0141 3276 [ CD08B2DAD1ED85BC4BFAF82099FDA604 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
21:44:08.0187 3276 IntcAzAudAddService - ok
21:44:08.0203 3276 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
21:44:08.0219 3276 intelide - ok
21:44:08.0219 3276 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:44:08.0234 3276 intelppm - ok
21:44:08.0234 3276 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:44:08.0265 3276 IPBusEnum - ok
21:44:08.0281 3276 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:44:08.0297 3276 IpFilterDriver - ok
21:44:08.0312 3276 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:44:08.0343 3276 iphlpsvc - ok
21:44:08.0343 3276 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:44:08.0359 3276 IPMIDRV - ok
21:44:08.0375 3276 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:44:08.0390 3276 IPNAT - ok
21:44:08.0406 3276 [ E46B17060D3962A384AE484094614788 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:44:08.0437 3276 iPod Service - ok
21:44:08.0437 3276 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:44:08.0453 3276 IRENUM - ok
21:44:08.0468 3276 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:44:08.0484 3276 isapnp - ok
21:44:08.0484 3276 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:44:08.0499 3276 iScsiPrt - ok
21:44:08.0515 3276 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
21:44:08.0515 3276 kbdclass - ok
21:44:08.0531 3276 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
21:44:08.0546 3276 kbdhid - ok
21:44:08.0546 3276 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
21:44:08.0562 3276 KeyIso - ok
21:44:08.0562 3276 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:44:08.0577 3276 KSecDD - ok
21:44:08.0593 3276 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:44:08.0609 3276 KSecPkg - ok
21:44:08.0609 3276 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
21:44:08.0640 3276 KtmRm - ok
21:44:08.0655 3276 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
21:44:08.0687 3276 LanmanServer - ok
21:44:08.0687 3276 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:44:08.0718 3276 LanmanWorkstation - ok
21:44:08.0718 3276 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:44:08.0749 3276 lltdio - ok
21:44:08.0765 3276 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:44:08.0796 3276 lltdsvc - ok
21:44:08.0796 3276 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
21:44:08.0827 3276 lmhosts - ok
21:44:08.0827 3276 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:44:08.0843 3276 LSI_FC - ok
21:44:08.0843 3276 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:44:08.0858 3276 LSI_SAS - ok
21:44:08.0874 3276 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:44:08.0889 3276 LSI_SAS2 - ok
21:44:08.0889 3276 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:44:08.0905 3276 LSI_SCSI - ok
21:44:08.0905 3276 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
21:44:08.0936 3276 luafv - ok
21:44:08.0936 3276 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:44:08.0952 3276 Mcx2Svc - ok
21:44:08.0967 3276 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:44:08.0983 3276 megasas - ok
21:44:08.0983 3276 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:44:08.0999 3276 MegaSR - ok
21:44:09.0014 3276 Microsoft SharePoint Workspace Audit Service - ok
21:44:09.0030 3276 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
21:44:09.0045 3276 MMCSS - ok
21:44:09.0061 3276 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
21:44:09.0077 3276 Modem - ok
21:44:09.0092 3276 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:44:09.0108 3276 monitor - ok
21:44:09.0108 3276 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
21:44:09.0123 3276 mouclass - ok
21:44:09.0123 3276 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:44:09.0139 3276 mouhid - ok
21:44:09.0155 3276 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:44:09.0170 3276 mountmgr - ok
21:44:09.0170 3276 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:44:09.0186 3276 MozillaMaintenance - ok
21:44:09.0186 3276 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
21:44:09.0201 3276 mpio - ok
21:44:09.0217 3276 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:44:09.0233 3276 mpsdrv - ok
21:44:09.0248 3276 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:44:09.0279 3276 MpsSvc - ok
21:44:09.0295 3276 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:44:09.0311 3276 MRxDAV - ok
21:44:09.0311 3276 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:44:09.0342 3276 mrxsmb - ok
21:44:09.0342 3276 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:44:09.0357 3276 mrxsmb10 - ok
21:44:09.0373 3276 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:44:09.0389 3276 mrxsmb20 - ok
21:44:09.0389 3276 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
21:44:09.0404 3276 msahci - ok
21:44:09.0404 3276 [ B03E3F64B70F8031E65EB26DA23DE91A ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS32.exe
21:44:09.0420 3276 MSCamSvc - ok
21:44:09.0435 3276 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:44:09.0435 3276 msdsm - ok
21:44:09.0451 3276 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
21:44:09.0467 3276 MSDTC - ok
21:44:09.0482 3276 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:44:09.0498 3276 Msfs - ok
21:44:09.0513 3276 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:44:09.0529 3276 mshidkmdf - ok
21:44:09.0545 3276 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:44:09.0545 3276 msisadrv - ok
21:44:09.0560 3276 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:44:09.0591 3276 MSiSCSI - ok
21:44:09.0591 3276 msiserver - ok
21:44:09.0591 3276 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:44:09.0623 3276 MSKSSRV - ok
21:44:09.0623 3276 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:44:09.0654 3276 MSPCLOCK - ok
21:44:09.0669 3276 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:44:09.0685 3276 MSPQM - ok
21:44:09.0701 3276 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:44:09.0716 3276 MsRPC - ok
21:44:09.0716 3276 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:44:09.0732 3276 mssmbios - ok
21:44:09.0732 3276 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:44:09.0763 3276 MSTEE - ok
21:44:09.0763 3276 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:44:09.0779 3276 MTConfig - ok
21:44:09.0794 3276 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
21:44:09.0794 3276 Mup - ok
21:44:09.0810 3276 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
21:44:09.0841 3276 napagent - ok
21:44:09.0857 3276 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:44:09.0872 3276 NativeWifiP - ok
21:44:09.0888 3276 [ DFE14D63F0F649EE94A9E3442B7C8F2C ] NAUpdate C:\Program Files\Nero\Update\NASvc.exe
21:44:09.0903 3276 NAUpdate - ok
21:44:09.0919 3276 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:44:09.0950 3276 NDIS - ok
21:44:09.0950 3276 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:44:09.0981 3276 NdisCap - ok
21:44:09.0981 3276 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:44:10.0013 3276 NdisTapi - ok
21:44:10.0013 3276 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:44:10.0044 3276 Ndisuio - ok
21:44:10.0044 3276 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:44:10.0075 3276 NdisWan - ok
21:44:10.0075 3276 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:44:10.0106 3276 NDProxy - ok
21:44:10.0106 3276 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:44:10.0137 3276 NetBIOS - ok
21:44:10.0153 3276 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:44:10.0169 3276 NetBT - ok
21:44:10.0184 3276 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
21:44:10.0184 3276 Netlogon - ok
21:44:10.0200 3276 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
21:44:10.0231 3276 Netman - ok
21:44:10.0247 3276 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
21:44:10.0278 3276 netprofm - ok
21:44:10.0278 3276 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:44:10.0293 3276 NetTcpPortSharing - ok
21:44:10.0293 3276 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:44:10.0309 3276 nfrd960 - ok
21:44:10.0325 3276 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
21:44:10.0340 3276 NlaSvc - ok
21:44:10.0340 3276 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:44:10.0371 3276 Npfs - ok
21:44:10.0371 3276 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
21:44:10.0403 3276 nsi - ok
21:44:10.0418 3276 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:44:10.0434 3276 nsiproxy - ok
21:44:10.0449 3276 [ B6C48D01147EC020DE7F1856734127F8 ] nSvcIp C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
21:44:10.0465 3276 nSvcIp - ok
21:44:10.0481 3276 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:44:10.0512 3276 Ntfs - ok
21:44:10.0527 3276 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
21:44:10.0559 3276 Null - ok
21:44:10.0559 3276 [ B5E37E31C053BC9950455A257526514B ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x32.sys
21:44:10.0574 3276 NVENETFD - ok
21:44:10.0590 3276 [ 93C0F383B39B1F5FE7203E3270D4CF52 ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
21:44:10.0605 3276 NVHDA - ok
21:44:10.0715 3276 [ 4152708C0C24E30DAE7FA87D5AFE1D7B ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:44:10.0855 3276 nvlddmkm - ok
21:44:10.0871 3276 [ 5BF9C11586F4764446407F509F1BECA8 ] NVNET C:\Windows\system32\DRIVERS\nvmf6232.sys
21:44:10.0886 3276 NVNET - ok
21:44:10.0902 3276 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:44:10.0917 3276 nvraid - ok
21:44:10.0917 3276 [ F13618F0CB1E95232F4C2401592A59E9 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
21:44:10.0933 3276 nvsmu - ok
21:44:10.0933 3276 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:44:10.0949 3276 nvstor - ok
21:44:10.0964 3276 [ 3FF57A9A657C9690ECBC8B1E3B6E3979 ] nvstor32 C:\Windows\system32\DRIVERS\nvstor32.sys
21:44:10.0980 3276 nvstor32 - ok
21:44:10.0995 3276 [ 26DB28B32E8D2F57CB5065A4A053801A ] nvsvc C:\Windows\system32\nvvsvc.exe
21:44:11.0011 3276 nvsvc - ok
21:44:11.0042 3276 [ A19BBE1E3E3FEF50B94CA07DCC0FB776 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
21:44:11.0089 3276 nvUpdatusService - ok
21:44:11.0089 3276 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:44:11.0105 3276 nv_agp - ok
21:44:11.0120 3276 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:44:11.0120 3276 ohci1394 - ok
21:44:11.0136 3276 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:44:11.0151 3276 ose - ok
21:44:11.0198 3276 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:44:11.0292 3276 osppsvc - ok
21:44:11.0307 3276 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:44:11.0339 3276 p2pimsvc - ok
21:44:11.0339 3276 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
21:44:11.0354 3276 p2psvc - ok
21:44:11.0370 3276 Paiihevca - ok
21:44:11.0370 3276 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:44:11.0385 3276 Parport - ok
21:44:11.0401 3276 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:44:11.0401 3276 partmgr - ok
21:44:11.0417 3276 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
21:44:11.0432 3276 Parvdm - ok
21:44:11.0432 3276 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:44:11.0448 3276 PcaSvc - ok
21:44:11.0463 3276 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
21:44:11.0479 3276 pci - ok
21:44:11.0479 3276 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
21:44:11.0495 3276 pciide - ok
21:44:11.0510 3276 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:44:11.0526 3276 pcmcia - ok
21:44:11.0526 3276 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
21:44:11.0541 3276 pcw - ok
21:44:11.0557 3276 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:44:11.0588 3276 PEAUTH - ok
21:44:11.0619 3276 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
21:44:11.0682 3276 pla - ok
21:44:11.0682 3276 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:44:11.0697 3276 PlugPlay - ok
21:44:11.0713 3276 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:44:11.0729 3276 PNRPAutoReg - ok
21:44:11.0729 3276 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:44:11.0744 3276 PNRPsvc - ok
21:44:11.0760 3276 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:44:11.0791 3276 PolicyAgent - ok
21:44:11.0807 3276 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
21:44:11.0822 3276 Power - ok
21:44:11.0838 3276 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:44:11.0853 3276 PptpMiniport - ok
21:44:11.0869 3276 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:44:11.0885 3276 Processor - ok
21:44:11.0885 3276 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
21:44:11.0900 3276 ProfSvc - ok
21:44:11.0916 3276 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:44:11.0916 3276 ProtectedStorage - ok
21:44:11.0931 3276 [ F115AF58ABE5605D7D709CBFBD83F418 ] ProtexisLicensing C:\Windows\system32\PSIService.exe
21:44:11.0947 3276 ProtexisLicensing - ok
21:44:11.0947 3276 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:44:11.0978 3276 Psched - ok
21:44:11.0994 3276 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:44:12.0041 3276 ql2300 - ok
21:44:12.0056 3276 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:44:12.0056 3276 ql40xx - ok
21:44:12.0072 3276 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
21:44:12.0087 3276 QWAVE - ok
21:44:12.0103 3276 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:44:12.0119 3276 QWAVEdrv - ok
21:44:12.0119 3276 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:44:12.0150 3276 RasAcd - ok
21:44:12.0150 3276 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:44:12.0181 3276 RasAgileVpn - ok
21:44:12.0181 3276 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
21:44:12.0212 3276 RasAuto - ok
21:44:12.0212 3276 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:44:12.0243 3276 Rasl2tp - ok
21:44:12.0259 3276 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
21:44:12.0290 3276 RasMan - ok
21:44:12.0290 3276 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:44:12.0321 3276 RasPppoe - ok
21:44:12.0321 3276 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:44:12.0353 3276 RasSstp - ok
21:44:12.0353 3276 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:44:12.0384 3276 rdbss - ok
21:44:12.0399 3276 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:44:12.0399 3276 rdpbus - ok
21:44:12.0415 3276 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:44:12.0446 3276 RDPCDD - ok
21:44:12.0446 3276 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:44:12.0477 3276 RDPENCDD - ok
21:44:12.0477 3276 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:44:12.0509 3276 RDPREFMP - ok
21:44:12.0509 3276 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:44:12.0524 3276 RdpVideoMiniport - ok
21:44:12.0540 3276 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:44:12.0555 3276 RDPWD - ok
21:44:12.0555 3276 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:44:12.0571 3276 rdyboost - ok
21:44:12.0587 3276 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
21:44:12.0602 3276 RemoteAccess - ok
21:44:12.0618 3276 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:44:12.0649 3276 RemoteRegistry - ok
21:44:12.0649 3276 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
21:44:12.0665 3276 RFCOMM - ok
21:44:12.0680 3276 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:44:12.0696 3276 RpcEptMapper - ok
21:44:12.0711 3276 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
21:44:12.0727 3276 RpcLocator - ok
21:44:12.0727 3276 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
21:44:12.0758 3276 RpcSs - ok
21:44:12.0758 3276 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:44:12.0789 3276 rspndr - ok
21:44:12.0805 3276 [ EE2996714B6B12DD4AA2EA65F39B80D3 ] RTL8192cu C:\Windows\system32\DRIVERS\RTL8192cu.sys
21:44:12.0821 3276 RTL8192cu ( UnsignedFile.Multi.Generic ) - warning
21:44:12.0821 3276 RTL8192cu - detected UnsignedFile.Multi.Generic (1)
21:44:12.0836 3276 [ 740FD26A79655A90E60B4E752BEF0FE3 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
21:44:12.0867 3276 RTL8192su - ok
21:44:12.0867 3276 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
21:44:12.0883 3276 SamSs - ok
21:44:12.0883 3276 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:44:12.0899 3276 sbp2port - ok
21:44:12.0914 3276 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:44:12.0930 3276 SCardSvr - ok
21:44:12.0945 3276 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:44:12.0961 3276 scfilter - ok
21:44:12.0977 3276 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
21:44:13.0023 3276 Schedule - ok
21:44:13.0023 3276 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:44:13.0055 3276 SCPolicySvc - ok
21:44:13.0055 3276 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:44:13.0070 3276 SDRSVC - ok
21:44:13.0086 3276 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:44:13.0101 3276 secdrv - ok
21:44:13.0117 3276 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
21:44:13.0133 3276 seclogon - ok
21:44:13.0164 3276 [ 04574EE019E3DE199D25347AE69DDE5B ] SEH UTN Service C:\Program Files\SEH Computertechnik GmbH\SEH UTN Manager\utnservice.exe
21:44:13.0195 3276 SEH UTN Service - ok
21:44:13.0211 3276 [ C4B55B304DB846FA3CF3835D43CB9C3C ] sehutn C:\Windows\system32\DRIVERS\sehutn.sys
21:44:13.0226 3276 sehutn - ok
21:44:13.0226 3276 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
21:44:13.0257 3276 SENS - ok
21:44:13.0257 3276 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:44:13.0273 3276 SensrSvc - ok
21:44:13.0273 3276 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:44:13.0289 3276 Serenum - ok
21:44:13.0304 3276 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:44:13.0304 3276 Serial - ok
21:44:13.0320 3276 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:44:13.0335 3276 sermouse - ok
21:44:13.0351 3276 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
21:44:13.0382 3276 SessionEnv - ok
21:44:13.0382 3276 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
21:44:13.0398 3276 sffdisk - ok
21:44:13.0398 3276 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:44:13.0413 3276 sffp_mmc - ok
21:44:13.0413 3276 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
21:44:13.0429 3276 sffp_sd - ok
21:44:13.0445 3276 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:44:13.0460 3276 sfloppy - ok
21:44:13.0460 3276 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:44:13.0491 3276 SharedAccess - ok
21:44:13.0507 3276 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:44:13.0538 3276 ShellHWDetection - ok
21:44:13.0538 3276 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
21:44:13.0554 3276 sisagp - ok
21:44:13.0554 3276 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:44:13.0569 3276 SiSRaid2 - ok
21:44:13.0585 3276 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:44:13.0601 3276 SiSRaid4 - ok
21:44:13.0601 3276 [ 0F575481EAD4CDD41AA82ED38BC8F6B3 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
21:44:13.0616 3276 SkypeUpdate - ok
21:44:13.0616 3276 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:44:13.0647 3276 Smb - ok
21:44:13.0663 3276 [ 1BC68A9A70F92D5EFFBF0700AE2D7432 ] snapman C:\Windows\system32\DRIVERS\snapman.sys
21:44:13.0679 3276 snapman - ok
21:44:13.0679 3276 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:44:13.0694 3276 SNMPTRAP - ok
21:44:13.0694 3276 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
21:44:13.0710 3276 spldr - ok
21:44:13.0725 3276 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
21:44:13.0741 3276 Spooler - ok
21:44:13.0788 3276 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
21:44:13.0850 3276 sppsvc - ok
21:44:13.0866 3276 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:44:13.0881 3276 sppuinotify - ok
21:44:13.0897 3276 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:44:13.0913 3276 srv - ok
21:44:13.0928 3276 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:44:13.0944 3276 srv2 - ok
21:44:13.0944 3276 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:44:13.0959 3276 srvnet - ok
21:44:13.0975 3276 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:44:14.0006 3276 SSDPSRV - ok
21:44:14.0006 3276 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
21:44:14.0022 3276 ssmdrv - ok
21:44:14.0022 3276 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:44:14.0053 3276 SstpSvc - ok
21:44:14.0053 3276 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:44:14.0069 3276 stexstor - ok
21:44:14.0084 3276 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
21:44:14.0100 3276 StiSvc - ok
21:44:14.0115 3276 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
21:44:14.0131 3276 swenum - ok
21:44:14.0131 3276 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
21:44:14.0162 3276 swprv - ok
21:44:14.0225 3276 [ 10196D1696B0B18168AD7FCDB8488F60 ] syncagentsrv C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
21:44:14.0318 3276 syncagentsrv - ok
21:44:14.0349 3276 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
21:44:14.0381 3276 SysMain - ok
21:44:14.0396 3276 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:44:14.0412 3276 TabletInputService - ok
21:44:14.0412 3276 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
21:44:14.0443 3276 TapiSrv - ok
21:44:14.0443 3276 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
21:44:14.0474 3276 TBS - ok
21:44:14.0505 3276 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:44:14.0537 3276 Tcpip - ok
21:44:14.0552 3276 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:44:14.0583 3276 TCPIP6 - ok
21:44:14.0599 3276 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:44:14.0615 3276 tcpipreg - ok
21:44:14.0615 3276 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:44:14.0630 3276 TDPIPE - ok
21:44:14.0646 3276 [ E04AB70501B2AD59DA3612C175AFD5D7 ] tdrpman C:\Windows\system32\DRIVERS\tdrpman.sys
21:44:14.0677 3276 tdrpman - ok
21:44:14.0677 3276 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:44:14.0693 3276 TDTCP - ok
21:44:14.0708 3276 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:44:14.0724 3276 tdx - ok
21:44:14.0739 3276 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:44:14.0739 3276 TermDD - ok
21:44:14.0755 3276 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
21:44:14.0786 3276 TermService - ok
21:44:14.0802 3276 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
21:44:14.0817 3276 Themes - ok
21:44:14.0817 3276 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
21:44:14.0849 3276 THREADORDER - ok
21:44:14.0864 3276 [ 4E4BA74565E8300596025FDF8B271CD1 ] timounter C:\Windows\system32\DRIVERS\timntr.sys
21:44:14.0880 3276 timounter - ok
21:44:14.0911 3276 [ 7EEAD8BDAFD8F6DDACDD83CEB3191D42 ] TrdCap C:\Windows\system32\DRIVERS\TrdCap.sys
21:44:14.0942 3276 TrdCap - ok
21:44:14.0942 3276 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
21:44:14.0973 3276 TrkWks - ok
21:44:14.0989 3276 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:44:15.0005 3276 TrustedInstaller - ok
21:44:15.0020 3276 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:44:15.0051 3276 tssecsrv - ok
21:44:15.0051 3276 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:44:15.0067 3276 TsUsbFlt - ok
21:44:15.0098 3276 [ AF5F31156EE89D35AD6EC3179A805D23 ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
21:44:15.0129 3276 TuneUp.UtilitiesSvc - ok
21:44:15.0129 3276 [ F2107C9D85EC0DF116939CCCE06AE697 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
21:44:15.0145 3276 TuneUpUtilitiesDrv - ok
21:44:15.0145 3276 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:44:15.0176 3276 tunnel - ok
21:44:15.0176 3276 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:44:15.0192 3276 uagp35 - ok
21:44:15.0207 3276 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:44:15.0223 3276 udfs - ok
21:44:15.0239 3276 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:44:15.0254 3276 UI0Detect - ok
21:44:15.0254 3276 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:44:15.0270 3276 uliagpkx - ok
21:44:15.0285 3276 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:44:15.0301 3276 umbus - ok
21:44:15.0301 3276 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:44:15.0317 3276 UmPass - ok
21:44:15.0332 3276 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
21:44:15.0363 3276 upnphost - ok
21:44:15.0363 3276 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
21:44:15.0363 3276 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
21:44:15.0363 3276 USBAAPL - detected UnsignedFile.Multi.Generic (1)
21:44:15.0379 3276 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
21:44:15.0395 3276 usbaudio - ok
21:44:15.0395 3276 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:44:15.0410 3276 usbccgp - ok
21:44:15.0426 3276 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:44:15.0441 3276 usbcir - ok
21:44:15.0441 3276 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:44:15.0457 3276 usbehci - ok
21:44:15.0473 3276 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:44:15.0488 3276 usbhub - ok
21:44:15.0488 3276 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
21:44:15.0504 3276 usbohci - ok
21:44:15.0504 3276 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:44:15.0519 3276 usbprint - ok
21:44:15.0535 3276 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:44:15.0551 3276 usbscan - ok
21:44:15.0551 3276 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:44:15.0566 3276 USBSTOR - ok
21:44:15.0566 3276 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:44:15.0582 3276 usbuhci - ok
21:44:15.0597 3276 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
21:44:15.0613 3276 usbvideo - ok
21:44:15.0613 3276 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
21:44:15.0644 3276 UxSms - ok
21:44:15.0644 3276 [ 6275822AC454A8A831D063841A4DBB5D ] UxTuneUp C:\Windows\System32\uxtuneup.dll
21:44:15.0660 3276 UxTuneUp - ok
21:44:15.0660 3276 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
21:44:15.0675 3276 VaultSvc - ok
21:44:15.0691 3276 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:44:15.0691 3276 vdrvroot - ok
21:44:15.0707 3276 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
21:44:15.0738 3276 vds - ok
21:44:15.0753 3276 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:44:15.0769 3276 vga - ok
21:44:15.0769 3276 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
21:44:15.0800 3276 VgaSave - ok
21:44:15.0800 3276 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:44:15.0816 3276 vhdmp - ok
21:44:15.0831 3276 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
21:44:15.0831 3276 viaagp - ok
21:44:15.0847 3276 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
21:44:15.0863 3276 ViaC7 - ok
21:44:15.0863 3276 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
21:44:15.0878 3276 viaide - ok
21:44:15.0878 3276 [ 9D71C424898E029E316FA93AD494950E ] vididr C:\Windows\system32\DRIVERS\vididr.sys
21:44:15.0894 3276 vididr - ok
21:44:15.0894 3276 [ 47AB6AC7635E40F3C55C5A32CC4B86A8 ] vidsflt67 C:\Windows\system32\DRIVERS\vsflt67.sys
21:44:15.0909 3276 vidsflt67 - ok
21:44:15.0925 3276 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:44:15.0925 3276 volmgr - ok
21:44:15.0941 3276 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:44:15.0956 3276 volmgrx - ok
21:44:15.0972 3276 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:44:15.0987 3276 volsnap - ok
21:44:15.0987 3276 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:44:16.0003 3276 vsmraid - ok
21:44:16.0034 3276 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
21:44:16.0065 3276 VSS - ok
21:44:16.0081 3276 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:44:16.0097 3276 vwifibus - ok
21:44:16.0097 3276 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:44:16.0112 3276 vwififlt - ok
21:44:16.0128 3276 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
21:44:16.0159 3276 W32Time - ok
21:44:16.0159 3276 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:44:16.0175 3276 WacomPen - ok
21:44:16.0175 3276 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:44:16.0206 3276 WANARP - ok
21:44:16.0206 3276 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:44:16.0237 3276 Wanarpv6 - ok
21:44:16.0253 3276 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
21:44:16.0284 3276 wbengine - ok
21:44:16.0299 3276 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:44:16.0315 3276 WbioSrvc - ok
21:44:16.0346 3276 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:44:16.0362 3276 wcncsvc - ok
21:44:16.0362 3276 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:44:16.0377 3276 WcsPlugInService - ok
21:44:16.0393 3276 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:44:16.0409 3276 Wd - ok
21:44:16.0424 3276 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:44:16.0455 3276 Wdf01000 - ok
21:44:16.0455 3276 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:44:16.0471 3276 WdiServiceHost - ok
21:44:16.0487 3276 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:44:16.0502 3276 WdiSystemHost - ok
21:44:16.0502 3276 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
21:44:16.0533 3276 WebClient - ok
21:44:16.0533 3276 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:44:16.0565 3276 Wecsvc - ok
21:44:16.0565 3276 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:44:16.0596 3276 wercplsupport - ok
21:44:16.0596 3276 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
21:44:16.0627 3276 WerSvc - ok
21:44:16.0643 3276 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:44:16.0658 3276 WfpLwf - ok
21:44:16.0674 3276 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:44:16.0689 3276 WIMMount - ok
21:44:16.0689 3276 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
21:44:16.0721 3276 WinDefend - ok
21:44:16.0736 3276 WinHttpAutoProxySvc - ok
21:44:16.0736 3276 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:44:16.0767 3276 Winmgmt - ok
21:44:16.0799 3276 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
21:44:16.0830 3276 WinRM - ok
21:44:16.0845 3276 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:44:16.0861 3276 WinUsb - ok
21:44:16.0877 3276 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:44:16.0908 3276 Wlansvc - ok
21:44:16.0923 3276 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:44:16.0939 3276 WmiAcpi - ok
21:44:16.0939 3276 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:44:16.0955 3276 wmiApSrv - ok
21:44:16.0970 3276 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
21:44:17.0001 3276 WMPNetworkSvc - ok
21:44:17.0017 3276 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:44:17.0033 3276 WPCSvc - ok
21:44:17.0033 3276 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:44:17.0064 3276 WPDBusEnum - ok
21:44:17.0064 3276 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:44:17.0095 3276 ws2ifsl - ok
21:44:17.0095 3276 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
21:44:17.0111 3276 wscsvc - ok
21:44:17.0111 3276 WSearch - ok
21:44:17.0142 3276 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
21:44:17.0204 3276 wuauserv - ok
21:44:17.0204 3276 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:44:17.0220 3276 WudfPf - ok
21:44:17.0235 3276 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:44:17.0251 3276 WUDFRd - ok
21:44:17.0251 3276 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:44:17.0267 3276 wudfsvc - ok
21:44:17.0267 3276 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
21:44:17.0298 3276 WwanSvc - ok
21:44:17.0298 3276 [ 1F93FCB5BAB3A921ECBA522F63586F4A ] X10Hid C:\Windows\system32\Drivers\x10hid.sys
21:44:17.0313 3276 X10Hid - ok
21:44:17.0313 3276 [ 5A0C788C5BC5F2C993CB60940ADCF95E ] x10nets C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
21:44:17.0313 3276 x10nets ( UnsignedFile.Multi.Generic ) - warning
21:44:17.0313 3276 x10nets - detected UnsignedFile.Multi.Generic (1)
21:44:17.0329 3276 [ 378DC1B0B1F62A7488EE8D31A3C6E949 ] XUIF C:\Windows\system32\Drivers\x10ufx2.sys
21:44:17.0345 3276 XUIF - ok
21:44:17.0360 3276 ================ Scan global ===============================
21:44:17.0360 3276 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
21:44:17.0360 3276 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
21:44:17.0376 3276 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
21:44:17.0391 3276 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
21:44:17.0391 3276 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
21:44:17.0391 3276 [Global] - ok
21:44:17.0391 3276 ================ Scan MBR ==================================
21:44:17.0407 3276 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
21:44:17.0469 3276 \Device\Harddisk1\DR1 - ok
21:44:17.0469 3276 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:44:17.0563 3276 \Device\Harddisk0\DR0 - ok
21:44:17.0563 3276 ================ Scan VBR ==================================
21:44:17.0579 3276 [ A6DBB188AB0C4DA18CE5B4C0C210C142 ] \Device\Harddisk1\DR1\Partition1
21:44:17.0579 3276 \Device\Harddisk1\DR1\Partition1 - ok
21:44:17.0579 3276 [ 11F3F64AA5BF30FFD1337C615228BB71 ] \Device\Harddisk0\DR0\Partition1
21:44:17.0579 3276 \Device\Harddisk0\DR0\Partition1 - ok
21:44:17.0579 3276 [ 08E2FE8C4DC32655A64F5FE6A951AEBF ] \Device\Harddisk0\DR0\Partition2
21:44:17.0579 3276 \Device\Harddisk0\DR0\Partition2 - ok
21:44:17.0579 3276 ============================================================
21:44:17.0579 3276 Scan finished
21:44:17.0579 3276 ============================================================
21:44:17.0594 1284 Detected object count: 5
21:44:17.0594 1284 Actual detected object count: 5
21:45:15.0705 1284 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:15.0705 1284 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:45:15.0705 1284 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:15.0705 1284 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:45:15.0705 1284 RTL8192cu ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:15.0705 1284 RTL8192cu ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:45:15.0705 1284 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:15.0705 1284 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:45:15.0705 1284 x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:15.0705 1284 x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
14.03.2013, 14:55
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU / Bundespolizeitrojaner (Skypevariante?); System Win7 32bit; Infektionszeit 09.03.13 23:05 Lass aswMBR erstmal weg, lt. Screenshot sollte dein MBR auch ok sein Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.03.2013, 21:41
| #9 |
| | GVU / Bundespolizeitrojaner (Skypevariante?); System Win7 32bit; Infektionszeit 09.03.13 23:05 Das war ein Schuß in den Ofen! Zu Begin des Laufs meckerte Combofix, dass Avira noch laufen würde. Habe ich wie angewiesen ignoriert. Während des Laufs von Combofix kam es öfters zum Verschwinden und Wiederherstellen der Taskleiste (anscheinend Neustart explorer.exe) Ich nahm an, dass gehört zur Prozedur...... Log konnte ich nicht postet, da explorer.exe nicht mehr richtig arbeitete. => Neustart Rechner fährt nun nicht mehr hoch; weder im abgesicherten noch im normalen Modus. Im normalen Modus erscheint eine Fehlermeldung Microsoft Visual C++ Runtime Library Runtime Error C:\\Windows\system32\nvvsvc.exe This application has requested the Runtime to terminate it in a unusual way...... Nach Bestätigung mit OK bleibt nur ein schwarzer Bildschirm mit dem Mauszeiger. UPDATE: - über Wiederherstellungspunkt System auf Zeitpunkt vor Combofix-Änderungen zurückgedreht. - Rechner fährt einwandfrei hoch Anbei das Log von Combofix Combofix Logfile: Code:
ATTFilter ComboFix 13-03-15.01 - Matthias 15.03.2013 20:57:06.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3071.2060 [GMT 1:00]
ausgeführt von:: c:\users\Matthias\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: Avira FireWall *Disabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Matthias\AppData\Roaming\Luqiy
c:\users\Matthias\AppData\Roaming\Luqiy\ibivp.ifh
c:\users\Matthias\AppData\Roaming\Rifae
c:\users\Matthias\AppData\Roaming\Rifae\afar.daq
e:\susu\Eigene Dokumente\~WRL0003.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-15 bis 2013-03-15 ))))))))))))))))))))))))))))))
.
.
2013-03-15 20:02 . 2013-03-15 20:03 -------- d-----w- c:\users\Matthias\AppData\Local\temp
2013-03-10 11:57 . 2013-03-10 11:58 -------- d-----w- c:\users\Surfen II
2013-03-10 09:07 . 2013-03-10 09:07 -------- d-----w- c:\users\Susu\AppData\Roaming\Avira
2013-03-10 07:33 . 2013-03-10 07:33 -------- d-----w- c:\users\Matthias\AppData\Roaming\Avira
2013-03-10 07:32 . 2013-03-10 07:27 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-10 07:32 . 2013-03-10 07:27 134336 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-10 07:32 . 2013-03-10 07:27 92448 ----a-w- c:\windows\system32\drivers\avfwim.sys
2013-03-10 07:32 . 2013-03-10 07:27 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-03-10 07:32 . 2013-03-10 07:27 113024 ----a-w- c:\windows\system32\drivers\avfwot.sys
2013-03-10 07:32 . 2013-03-10 07:32 -------- d-----w- c:\program files\Avira
2013-02-27 07:44 . 2013-03-10 14:14 -------- d-----w- c:\users\Susu\AppData\Roaming\Memeo
2013-02-27 06:00 . 2013-01-13 19:53 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2013-02-26 20:04 . 2013-02-26 20:26 -------- d-----w- c:\users\Matthias\MEDION NAS TOOL
2013-02-26 20:00 . 2013-02-26 20:00 -------- d-----w- c:\program files\MEDION
2013-02-26 16:00 . 2013-02-26 16:16 -------- d-----w- c:\users\Susu\AppData\Roaming\Nero
2013-02-24 16:53 . 2013-02-24 16:53 -------- d-----w- c:\program files\Common Files\Skype
2013-02-21 21:29 . 2013-02-21 21:29 -------- d-----w- c:\program files\iPod
2013-02-21 21:29 . 2013-02-21 21:29 -------- d-----w- c:\program files\iTunes
2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2013-02-15 02:02 . 2013-01-08 22:01 768000 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 03:26 . 2013-01-04 03:00 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-02-14 03:26 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-02-14 03:26 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-14 03:26 . 2013-01-03 05:05 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-14 03:26 . 2013-01-03 05:04 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-14 03:26 . 2013-01-04 04:50 169984 ----a-w- c:\windows\system32\winsrv.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 11:28 . 2012-04-25 19:31 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 11:28 . 2011-12-22 20:37 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-12 04:48 . 2013-03-13 07:55 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 07:55 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2012-12-16 14:13 . 2012-12-22 02:00 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 02:00 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-03-09 12:36 . 2013-03-09 12:36 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-20 719672]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-12-17 59872]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-12-17 59872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-01-13 10021480]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"Corel File Shell Monitor"="c:\program files\Corel\Corel MediaOne\CorelIOMonitor.exe" [2007-12-01 38400]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-06-28 5993216]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2012-06-28 403688]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2012-06-28 1173712]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-03-10 385248]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-12-31 113664]
PHOTOfunSTUDIO 5.1 HD Edition.lnk - c:\program files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2012-1-2 172544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"CanonMyPrinter"=c:\program files\Canon\MyPrinter\BJMyPrt.exe /logon
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 D-Link FVNETusb (AR)(R);D-Link FVNETusb (AR)(R) Service for D-Link DWL-120 Wireless USB Adapter;c:\windows\system32\DRIVERS\vnetusbr.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys [x]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R4 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
R4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [x]
S0 vidsflt67;Acronis Disk Storage Filter (67);c:\windows\system32\DRIVERS\vsflt67.sys [x]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 AntiVirFirewallService;Avira FireWall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [x]
S2 AntiVirMailService;Avira Email Schutz;c:\program files\Avira\AntiVir Desktop\avmailc.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x]
S2 SEH UTN Service;SEH UTN Service;c:\program files\SEH Computertechnik GmbH\SEH UTN Manager\utnservice.exe [x]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
S3 sehutn;UTN bus;c:\windows\system32\DRIVERS\sehutn.sys [x]
S3 TrdCap;CTX's capture service;c:\windows\system32\DRIVERS\TrdCap.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [x]
S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
GPSvcGroup REG_MULTI_SZ GPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 11:28]
.
2013-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-29 08:33]
.
2013-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-29 08:33]
.
2013-03-09 c:\windows\Tasks\Intel_C_CVPR134604BU120LGN.job
- c:\program files\Intel\Intel(R) Solid-State Drive Toolbox\Intel SSD Toolbox.exe [2012-01-03 07:03]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\nxug5y1n.default\
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2136012392-1314403839-967441070-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9816170D-898A-84EB-A621-DF7F7D25E3F7}*]
"pafkmibdkdbjfhlpkelkigoielnfgmof"=hex:61,61,00,00
"padpmljobipagfdfhgnhbjohlbompdoa"=hex:61,61,00,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-15 21:05:04
ComboFix-quarantined-files.txt 2013-03-15 20:05
.
Vor Suchlauf: 8 Verzeichnis(se), 67.884.933.120 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 68.747.489.280 Bytes frei
.
- - End Of File - - 280277C77922083ADBD2EC62A942DD0C
Geändert von Ratte2000 (15.03.2013 um 21:59 Uhr) |
|
15.03.2013, 22:04
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU / Bundespolizeitrojaner (Skypevariante?); System Win7 32bit; Infektionszeit 09.03.13 23:05 JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.03.2013, 22:13
| #11 |
| | GVU / Bundespolizeitrojaner (Skypevariante?); System Win7 32bit; Infektionszeit 09.03.13 23:05 Ich hab da noch ein kleines Verständnisproblem. Soll ich Combofix nicht erneut ausführen, oder sind die Änderungen von Combofix durch die Systemwiederherstellung nicht beeinflusst gewesen? |
|
15.03.2013, 22:20
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU / Bundespolizeitrojaner (Skypevariante?); System Win7 32bit; Infektionszeit 09.03.13 23:05 Nein der Rechner läuft doch wieder normal oder hab ich das falsch interpretiert?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.03.2013, 23:11
| #13 |
| | GVU / Bundespolizeitrojaner (Skypevariante?); System Win7 32bit; Infektionszeit 09.03.13 23:05 Rechner läuft wieder normal. Bin halt davon ausgegangen, dass etwaige Änderungen durch Combofix durch die Systemwiederherstellung wieder rückgängig gemacht werden. Anbei die Scans: JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.1 (03.12.2013:1)
OS: Windows 7 Home Premium x86
Ran by Matthias on 15.03.2013 at 22:22:46,69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\freerip"
Successfully deleted: [Folder] "C:\Users\Matthias\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Program Files\freerip3"
~~~ FireFox
Successfully deleted: [File] C:\Users\Matthias\AppData\Roaming\mozilla\firefox\profiles\nxug5y1n.default\user.js
Emptied folder: C:\Users\Matthias\AppData\Roaming\mozilla\firefox\profiles\nxug5y1n.default\minidumps [9 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.03.2013 at 22:25:53,87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.114 - Datei am 15/03/2013 um 22:30:24 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Matthias - MATTHIAS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Matthias\Desktop\adwcleaner(1).exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeRIP
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\GreenTree Applications
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\Software\GreenTree Applications
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\Software\PIP
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16470
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v19.0.2 (de)
Datei : C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\nxug5y1n.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\Susu\AppData\Roaming\Mozilla\Firefox\Profiles\y78tq5bi.default\prefs.js
C:\Users\Susu\AppData\Roaming\Mozilla\Firefox\Profiles\y78tq5bi.default\user.js ... Gelöscht !
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [1495 octets] - [15/03/2013 22:30:24]
########## EOF - C:\AdwCleaner[S1].txt - [1555 octets] ##########
OTL: OTL.txt Code:
ATTFilter OTL logfile created on: 15.03.2013 22:36:49 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matthias\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 70,21% Memory free
6,00 Gb Paging File | 4,98 Gb Available in Paging File | 83,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,69 Gb Total Space | 63,43 Gb Free Space | 56,79% Space Free | Partition Type: NTFS
Drive E: | 1863,01 Gb Total Space | 964,15 Gb Free Space | 51,75% Space Free | Partition Type: NTFS
Computer Name: MATTHIAS-PC | User Name: Matthias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Matthias\Desktop\OTL(2).exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Programme\SEH Computertechnik GmbH\SEH UTN Manager\utnservice.exe ()
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
PRC - C:\Programme\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis)
PRC - C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
PRC - C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)
PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
========== Modules (No Company Name) ==========
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlServ#\61fe2f344612f7b3b87f630e89b261e6\System.Data.SqlServerCe.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bd5f32f9081b6307cadda7422145553e\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Programme\Acronis\TrueImageHome\Common\ti_managers.dll ()
MOD - C:\Programme\Acronis\TrueImageHome\ti_managers_proxy_stub.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
========== Services (SafeList) ==========
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirFirewallService) -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SEH UTN Service) -- C:\Programme\SEH Computertechnik GmbH\SEH UTN Manager\utnservice.exe ()
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (afcdpsrv) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (syncagentsrv) -- C:\Programme\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis)
SRV - (AcrSch2Svc) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (nSvcIp) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
SRV - (ForceWare Intelligent Application Manager (IAM) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (bgsvcgen) -- C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
========== Driver Services (SafeList) ==========
DRV - (Paiihevca) -- File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avfwot) -- C:\Windows\System32\drivers\avfwot.sys (Avira GmbH)
DRV - (avfwim) -- C:\Windows\System32\drivers\avfwim.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (sehutn) -- C:\Windows\System32\drivers\sehutn.sys (SEH Computertechnik GmbH)
DRV - (afcdp) -- C:\Windows\System32\drivers\afcdp.sys (Acronis)
DRV - (tdrpman) -- C:\Windows\System32\drivers\tdrpman.sys (Acronis)
DRV - (timounter) -- C:\Windows\System32\drivers\timntr.sys (Acronis)
DRV - (vididr) -- C:\Windows\System32\drivers\vididr.sys (Acronis)
DRV - (vidsflt67) -- C:\Windows\System32\drivers\vsflt67.sys (Acronis)
DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis)
DRV - (fltsrv) -- C:\Windows\System32\drivers\fltsrv.sys (Acronis)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (iBtFltCoex) -- C:\Windows\System32\drivers\iBtFltCoex.sys (Intel Corporation)
DRV - (btmhsf) -- C:\Windows\System32\drivers\btmhsf.sys (Intel Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (RTL8192cu) -- C:\Windows\System32\drivers\RTL8192cu.sys (Realtek Semiconductor Corporation )
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (TrdCap) -- C:\Windows\System32\drivers\TrdCap.sys (Trident Microsystems, Inc.)
DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation )
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmf6232.sys (NVIDIA Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (D-Link FVNETusb (AR) -- C:\Windows\System32\drivers\vnetusbr.sys (ATMEL)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2136012392-1314403839-967441070-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2136012392-1314403839-967441070-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2136012392-1314403839-967441070-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 5C 6C BF 23 0A CE 01 [binary data]
IE - HKU\S-1-5-21-2136012392-1314403839-967441070-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2136012392-1314403839-967441070-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2136012392-1314403839-967441070-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2136012392-1314403839-967441070-1001\..\SearchScopes\{78B3DE7F-5FD7-42E9-AA71-389C717A631F}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-2136012392-1314403839-967441070-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2136012392-1314403839-967441070-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2136012392-1314403839-967441070-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2136012392-1314403839-967441070-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 43 87 C5 BB BD CC 01 [binary data]
IE - HKU\S-1-5-21-2136012392-1314403839-967441070-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2136012392-1314403839-967441070-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.09 13:36:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.09 13:36:28 | 000,000,000 | ---D | M]
[2011.12.29 10:21:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\Extensions
[2013.02.14 19:48:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\nxug5y1n.default\extensions
[2013.02.14 19:48:12 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\firefox\profiles\nxug5y1n.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.03.09 13:36:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.03.09 13:36:28 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.03.09 13:36:31 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009.12.17 00:03:36 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.08.24 15:00:03 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.08 20:22:53 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.08.24 15:00:03 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.24 15:00:03 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.24 15:00:03 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.24 15:00:03 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Programme\Corel\Corel MediaOne\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-21-2136012392-1314403839-967441070-1001..\Run: [ApplePhotoStreams] C:\Programme\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2136012392-1314403839-967441070-1001..\Run: [iCloudServices] C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2136012392-1314403839-967441070-1001..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30757C13-6560-4B6E-A938-4FC7110C6322}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4c3b164b-679b-11e2-bbf7-0015832dddf5}\Shell - "" = AutoRun
O33 - MountPoints2\{4c3b164b-679b-11e2-bbf7-0015832dddf5}\Shell\AutoRun\command - "" = G:\HTC_Sync_Manager_PC.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.03.15 22:22:45 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.15 22:22:27 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.15 22:21:17 | 000,550,572 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Matthias\Desktop\JRT.exe
[2013.03.15 21:53:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.03.15 21:05:06 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.03.15 20:55:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.15 20:55:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.15 20:55:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.15 20:55:37 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013.03.15 20:52:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.15 20:52:42 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.15 20:35:54 | 005,040,250 | R--- | C] (Swearware) -- C:\Users\Matthias\Desktop\ComboFix.exe
[2013.03.13 21:07:00 | 000,000,000 | ---D | C] -- C:\Users\Matthias\Desktop\mbar
[2013.03.13 21:06:27 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Matthias\Desktop\aswMBR.exe
[2013.03.13 21:06:27 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Matthias\Desktop\tdsskiller.exe
[2013.03.13 21:05:53 | 000,000,000 | ---D | C] -- C:\Users\Matthias\Desktop\Trojaner
[2013.03.13 20:37:30 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.03.13 20:37:30 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.03.13 20:37:29 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.03.13 20:37:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.03.13 20:37:29 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.03.13 20:37:28 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.03.13 20:37:28 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.03.13 20:37:28 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.03.10 10:29:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL(2).exe
[2013.03.10 08:33:15 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\Avira
[2013.03.10 08:32:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.03.10 08:32:17 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.03.10 08:32:17 | 000,113,024 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avfwot.sys
[2013.03.10 08:32:17 | 000,092,448 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avfwim.sys
[2013.03.10 08:32:17 | 000,083,944 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.03.10 08:32:17 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.03.10 08:32:17 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.03.10 08:32:16 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013.03.09 13:36:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.03.01 20:44:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.02.27 07:01:38 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2013.02.27 07:01:37 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys
[2013.02.27 07:01:37 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpvideominiport.sys
[2013.02.27 07:01:37 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2013.02.27 07:01:37 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RdpGroupPolicyExtension.dll
[2013.02.27 07:01:36 | 002,739,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2013.02.27 07:01:36 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe
[2013.02.27 07:01:36 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2013.02.27 07:01:36 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpudd.dll
[2013.02.27 07:01:36 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp_winip.dll
[2013.02.27 07:01:36 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe
[2013.02.27 07:01:36 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsRdpWebAccess.dll
[2013.02.27 07:01:36 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2013.02.27 07:01:36 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll
[2013.02.27 07:01:36 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprtPS.dll
[2013.02.27 07:00:40 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2013.02.27 07:00:38 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013.02.27 07:00:37 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2013.02.27 07:00:37 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013.02.27 07:00:37 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013.02.27 07:00:37 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.27 07:00:37 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.27 07:00:37 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.27 07:00:37 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.27 07:00:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.27 07:00:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.27 07:00:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.27 07:00:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.27 07:00:37 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.27 07:00:36 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013.02.27 07:00:36 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013.02.27 07:00:36 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013.02.27 07:00:36 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013.02.27 07:00:36 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013.02.27 07:00:36 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013.02.27 07:00:36 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013.02.27 07:00:36 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013.02.27 07:00:36 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013.02.27 07:00:36 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013.02.27 07:00:36 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013.02.27 07:00:12 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2013.02.26 21:04:08 | 000,000,000 | ---D | C] -- C:\Users\Matthias\MEDION NAS TOOL
[2013.02.26 21:01:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDION
[2013.02.26 21:00:14 | 000,000,000 | ---D | C] -- C:\Program Files\MEDION
[2013.02.24 17:53:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.24 17:53:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.02.21 22:29:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.02.21 22:29:07 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.02.21 22:29:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.02.21 22:29:06 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.02.14 04:26:49 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.02.14 04:26:46 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.02.14 04:26:46 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.02.14 04:26:45 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2013.02.14 04:26:44 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
========== Files - Modified Within 30 Days ==========
[2013.03.15 22:39:09 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.15 22:39:09 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.15 22:36:08 | 000,671,812 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.15 22:36:08 | 000,622,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.15 22:36:08 | 000,135,160 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.15 22:36:08 | 000,110,926 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.15 22:32:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.15 22:31:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.15 22:31:34 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.15 22:18:07 | 000,597,667 | ---- | M] () -- C:\Users\Matthias\Desktop\adwcleaner(1).exe
[2013.03.15 22:17:45 | 000,550,572 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Matthias\Desktop\JRT.exe
[2013.03.15 20:43:02 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.15 20:34:16 | 005,040,250 | R--- | M] (Swearware) -- C:\Users\Matthias\Desktop\ComboFix.exe
[2013.03.13 22:28:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.13 21:05:41 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Matthias\Desktop\aswMBR.exe
[2013.03.13 21:04:45 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Matthias\Desktop\tdsskiller.exe
[2013.03.13 21:04:09 | 013,786,977 | ---- | M] () -- C:\Users\Matthias\Desktop\mbar-1.01.0.1021.zip
[2013.03.13 12:28:45 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.03.13 12:28:45 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.03.10 13:09:51 | 000,000,000 | ---- | M] () -- C:\Users\Matthias\defogger_reenable
[2013.03.10 10:29:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL(2).exe
[2013.03.10 08:27:07 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.03.10 08:27:07 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.03.10 08:27:07 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.03.10 08:27:06 | 000,113,024 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avfwot.sys
[2013.03.10 08:27:06 | 000,092,448 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avfwim.sys
[2013.03.10 08:27:06 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.03.09 15:00:17 | 000,000,450 | ---- | M] () -- C:\Windows\tasks\Intel_C_CVPR134604BU120LGN.job
[2013.02.26 21:01:37 | 000,002,086 | ---- | M] () -- C:\Users\Public\Desktop\MEDION NAS TOOL.lnk
[2013.02.24 17:53:24 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.02.21 22:29:19 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.15 03:21:15 | 000,832,168 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2013.03.15 22:21:17 | 000,597,667 | ---- | C] () -- C:\Users\Matthias\Desktop\adwcleaner(1).exe
[2013.03.15 20:55:41 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.15 20:55:41 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.15 20:55:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.15 20:55:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.15 20:55:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.13 21:06:27 | 013,786,977 | ---- | C] () -- C:\Users\Matthias\Desktop\mbar-1.01.0.1021.zip
[2013.03.10 13:09:51 | 000,000,000 | ---- | C] () -- C:\Users\Matthias\defogger_reenable
[2013.02.26 21:01:37 | 000,002,086 | ---- | C] () -- C:\Users\Public\Desktop\MEDION NAS TOOL.lnk
[2013.02.21 22:29:19 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.01.21 21:33:16 | 000,001,077 | ---- | C] () -- C:\Windows\cdplayer.ini
[2012.10.11 02:19:19 | 000,832,168 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.01.02 13:32:30 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2012.01.02 13:32:30 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\DF38B70230.sys
[2012.01.02 13:04:04 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2012.01.02 10:07:33 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2012.01.02 10:07:33 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2012.01.02 10:07:33 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2012.01.02 10:07:33 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2012.01.02 10:07:33 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2012.01.02 10:07:33 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2012.01.02 10:07:33 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2012.01.02 10:07:33 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2012.01.02 10:07:33 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2012.01.02 10:07:33 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2012.01.02 10:07:33 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2012.01.02 10:07:33 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2012.01.02 10:07:33 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2012.01.02 10:07:33 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2012.01.02 10:07:33 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2012.01.02 10:07:33 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2012.01.02 10:07:33 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2012.01.02 10:07:33 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2012.01.02 10:07:33 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011.12.30 17:53:36 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.12.30 17:53:36 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.12.30 17:51:56 | 000,001,534 | ---- | C] () -- C:\ProgramData\ss.ini
[2011.12.30 16:45:38 | 000,001,285 | ---- | C] () -- C:\Users\Matthias\InterCon-NetTool.ini
[2011.12.18 21:36:35 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2011.12.18 21:36:34 | 000,149,504 | ---- | C] () -- C:\Windows\unwise32_setup.exe
[2011.12.18 21:00:47 | 000,006,136 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
========== ZeroAccess Check ==========
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
Code:
ATTFilter OTL Extras logfile created on: 15.03.2013 22:36:49 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matthias\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 70,21% Memory free
6,00 Gb Paging File | 4,98 Gb Available in Paging File | 83,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,69 Gb Total Space | 63,43 Gb Free Space | 56,79% Space Free | Partition Type: NTFS
Drive E: | 1863,01 Gb Total Space | 964,15 Gb Free Space | 51,75% Space Free | Partition Type: NTFS
Computer Name: MATTHIAS-PC | User Name: Matthias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2136012392-1314403839-967441070-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{012F5876-6340-4AF0-A960-65893CB7C697}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{11FD5DB3-9BAF-469B-A97E-A76AA7D7F27D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{145E8013-B05A-40B9-A683-51A090BCF556}" = rport=139 | protocol=6 | dir=out | app=system |
"{3B3D43F2-3A13-4CB0-ABC7-E551C2226AEC}" = lport=137 | protocol=17 | dir=in | app=system |
"{53169140-2AD5-4B6A-8F83-21606215591F}" = lport=445 | protocol=6 | dir=in | app=system |
"{5A6C736D-D0B7-4392-AE03-693A8A6B7F0C}" = rport=445 | protocol=6 | dir=out | app=system |
"{61AC5E4A-F131-4927-84D5-F2E64B68BFF0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{70384BA5-5C52-48D7-AE92-DC5AEDBCA5B7}" = rport=138 | protocol=17 | dir=out | app=system |
"{9BCC93A7-FB58-479E-B286-245BF650D3C9}" = rport=137 | protocol=17 | dir=out | app=system |
"{A0942FE7-CA85-4D7F-BCA3-45187709DDA7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A283ECCB-7049-4504-813F-4054BAE6C46A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ABC5C753-256B-4579-B76B-701A51800F72}" = lport=139 | protocol=6 | dir=in | app=system |
"{BEB27A48-D661-4E8B-B41C-EA733E7BC329}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{D37235E0-9626-446C-9FDD-042CC6C1E53E}" = lport=138 | protocol=17 | dir=in | app=system |
"{DD27A23B-8878-4A3F-B8E9-8FA358B742DF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B822A4-6AD3-4F71-A500-008458A435AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0884757A-63B6-40E3-86D6-8477A1FFD087}" = protocol=17 | dir=in | app=c:\program files\seh computertechnik gmbh\seh utn manager\utnmanager.exe |
"{0D819C40-E54F-497D-85D0-CD2B86554713}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{10A2FF7F-BE97-4FB6-87C8-D626FB1DE20E}" = protocol=6 | dir=in | app=c:\program files\seh computertechnik gmbh\seh utn manager\utnmanager.exe |
"{13C0BFB5-BD33-479F-A3D6-4D2EFB4A69A3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{15C5E4D2-2748-4E20-AA0C-A03C976B2F8F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{304404F7-54B5-40EB-B4D7-497497DBA205}" = protocol=6 | dir=in | app=c:\program files\seh computertechnik gmbh\seh utn manager\utnservice.exe |
"{30DB9C28-EE89-414E-9F60-977509CCDF35}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{4828DEA3-9AC2-446D-A41A-5026114781E2}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{4A4BAC61-D6FC-4786-B269-EF08FB7642AD}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{57C21E1E-C3BB-46E4-82DB-7261F6C442C5}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{5B62A447-1A6C-4117-BE2A-A6B4370D609B}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{62F40EB2-50E7-425D-9201-9083FB85C3D5}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{72D947C5-1102-4F7E-A8EB-DAA7336D48B7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{88178E6B-0C60-4E25-9D45-38B9CE19F29A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8A34A0CF-5B8C-4C8B-9E59-F52A63883EE8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8E3AEC75-9C56-41B3-951A-1E4519F1F8A4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{8EC11F25-BAF0-4756-B169-E00C64F26D49}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{919C8484-5F47-4AC0-AAA1-30D744C31FC8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{A6DCCA19-B357-490D-A456-0FF6CAF7E18D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A9E2E53D-F30A-425D-BD58-D7BA0BFFDB6E}" = protocol=17 | dir=in | app=c:\program files\seh computertechnik gmbh\intercon-nettool\intercon-nettool.exe |
"{ACB2FACC-0207-4E81-8EE7-9C08CE21E7EF}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{BD816E3D-DE62-4B1B-BD8D-85A853E05241}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C2E9550C-6F94-4076-BCB2-373A64CFA8E1}" = protocol=17 | dir=in | app=c:\program files\seh computertechnik gmbh\seh utn manager\utnservice.exe |
"{C77850CD-F881-4951-A66C-98B773E3C2E5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D0BC8AFC-02D8-43DD-B028-3D9B92A6D100}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{E0D84C68-A643-4437-87F8-E0BF2939856F}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{F11711F0-1DD8-4A67-814C-2169EF81D1DA}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{FABC09A2-6ED7-44BD-9221-00C832104D0B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FE3D14EC-D2DE-449C-A31D-258483B82D79}" = protocol=6 | dir=in | app=c:\program files\seh computertechnik gmbh\intercon-nettool\intercon-nettool.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{054A5F46-6DCE-4D09-8BC0-170428A4ED56}" = Acronis*True*Image*Home 2012
"{054A5F46-6DCE-4D09-8BC0-170428A4ED56}Visible" = Acronis*True*Image*Home 2012
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807" = CanoScan LiDE 200 Scanner Driver
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10 Platinum HD
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}" = Nero 10 Menu TemplatePack 1
"{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Kwik Themes 1
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP 3.92
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70F19404-B96C-4EBB-AD2B-3574F8736197}" = Nero 10 Kwik Themes 2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85BEC8F6-9AA3-43FF-B56B-8276277137B3}" = Nero 10 Video TransitionPack 1
"{8973631B-D3CE-4F74-8A72-F734D928B940}" = DVRManager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{92146419-AE44-4C8B-A48B-0ABB1B5EC026}" = Nero 10 Menu TemplatePack 3
"{92A10E9D-EA00-4A46-8F22-EEA660992D61}" = Nero 10 Sample Videos
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{959282E3-55A9-49D8-B885-D27CF8A2FD82}" = PHOTOfunSTUDIO 5.1 HD Edition
"{96ED4B78-300E-4033-AE6C-C115CEB4DF07}" = Nero 10 ClipartPack
"{975C8028-51D8-44A9-9585-82E9810FE96A}" = hp LaserJet 1000
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{A70B0C7B-3527-4D53-A694-E9492ECE9EE1}" = Nero 10 Kwik Themes 4
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A8EFC6C1-DF0C-4F51-8779-EAC4CDB440A4}" = Plus Pack für Acronis True Image Home 2012
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ACD15FDF-FC42-4175-B477-576F92FF2256}" = Nero 10 Sample ImagePack
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BD60F72D-3F2F-4AE1-9C41-3CF75B2CA59A}" = DVR-Studio Pro 2
"{BD61F72D-2F1F-4BE1-9D41-3DF75B2CA59A}" = DVR-Compress
"{BD71B413-9FEE-49BB-A6D1-2C0BFB99BDFE}" = Microsoft LifeCam
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C82C515A-CAE3-44B3-B5CC-81C5E4A92E8F}" = Nero Prerequisite Installer 1.0
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DD238642-14C7-4D54-8BD7-FAD6DEA9999B}" = Nero 10 Kwik Themes 3
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E712C273-7564-4C8E-AA59-0FA19BC35117}" = Nero 10 Menu TemplatePack 2
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EF3A4DAE-F16F-4AC1-87BB-FE00A784084F}" = Nero 10 PiP EffectPack 1
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Album Cover Finder_is1" = Album Cover Finder v.7.1.0
"ALDI Süd Foto Manager Free D" = ALDI Süd Foto Manager Free
"ALDI Süd Foto Service D" = ALDI Süd Foto Service
"Aldi Süd Fotoservice_is1" = Aldi Süd Fotoservice
"ALDI Süd Online Druck Service D" = ALDI Süd Online Druck Service
"Avira AntiVir Desktop" = Avira Internet Security
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CrystalDiskInfo_is1" = CrystalDiskInfo 4.1.4
"dm-Fotowelt" = dm-Fotowelt
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"Intel(R) Solid-State Drive Toolbox" = Intel(R) Solid-State Drive Toolbox
"InterCon-NetTool" = SEH InterCon-NetTool 1.8.43
"IrfanView" = IrfanView (remove only)
"Jasc Paint Shop Pro 8.10 Update Patch" = Jasc Paint Shop Pro 8.10 Update Patch
"MEDION Fotos auf CD & DVD SE Sued D" = MEDION Fotos auf CD & DVD SE Sued
"MEDION NAS TOOL" = MEDION NAS TOOL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"SEH Print Monitor" = SEH Print Monitor 4.5.5
"SEH UTN Manager" = SEH UTN Manager 1.5.6
"Tag&Rename_is1" = Tag&Rename 3.6
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"WinZip" = WinZip
"X10Hardware" = X10 Hardware(TM)
"Xvid Video Codec 1.3.1" = Xvid Video Codec
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2136012392-1314403839-967441070-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Anwendungserkennung
========== Last 20 Event Log Errors ==========
[ TuneUp Events ]
Error - 09.02.2012 13:21:30 | Computer Name = Matthias-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 09.02.2012 13:21:30 | Computer Name = Matthias-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 14.02.2012 20:23:06 | Computer Name = Matthias-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 27.02.2012 22:48:07 | Computer Name = Matthias-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 28.02.2012 02:57:03 | Computer Name = Matthias-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 28.02.2012 02:57:29 | Computer Name = Matthias-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 28.02.2012 03:58:11 | Computer Name = Matthias-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 28.02.2012 03:59:01 | Computer Name = Matthias-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 07.07.2012 08:35:23 | Computer Name = Matthias-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 21.09.2012 21:15:55 | Computer Name = Matthias-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
< End of report >
|
|
15.03.2013, 23:49
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU / Bundespolizeitrojaner (Skypevariante?); System Win7 32bit; Infektionszeit 09.03.13 23:05 Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.03.2013, 21:34
| #15 |
| | GVU / Bundespolizeitrojaner (Skypevariante?); System Win7 32bit; Infektionszeit 09.03.13 23:05 schaut nun wirklich gut aus anbei die Logs: Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.16.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Matthias :: MATTHIAS-PC [Administrator] 16.03.2013 09:44:00 mbam-log-2013-03-16 (09-44-00).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 280752 Laufzeit: 2 Minute(n), 55 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d5ca41ea81766b43867b755d7882ecd1
# engine=13403
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-16 04:53:57
# local_time=2013-03-16 05:53:57 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 38864409 115084028 0 0
# scanned=610756
# found=0
# cleaned=0
# scan_time=14850
|
|
| Themen zu GVU / Bundespolizeitrojaner (Skypevariante?); System Win7 32bit; Infektionszeit 09.03.13 23:05 |
| antivir, autorun, avira internet security suite, benutzerprofil, bonjour, bundespolizeitrojaner, crystaldiskinfo, entfernen, flash player, install.exe, logfile, mit temporären profil angemeldet, mozilla, plug-in, realtek, rundll, sie wurden mit einem temporären profil angemeldet, sie wurden mit einem temporären profil angemeldet windows 7 domäne, software, svchost.exe, temporären profil angemeldet, win7 temporäres profil, windows, windows 7 sie wurden mit einem temporären profil angemeldet, windows 7 sie wurden mit einem temporären profil angemeldet domäne, windows 7 temporäres profil domäne |
Linear-Darstellung
