| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Entfernung des Ukash Trojaners und DateiwiederherstellungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
14.06.2012, 17:23
| #1 |
 |  Entfernung des Ukash Trojaners und Dateiwiederherstellung Hallo ich habe seit kurzem einen Ukash Trojaner der Versoin 2.06. Ich habe bereits einige Schritte eingeleitet bevor ich auf dieses Forum gestoßen bin und bräuchte jetzt weitere Hilfe da ich befürchte das der Trojaner nicht ganz erledigt ist. Mein Virenprogramm Microsoft Security Essential hab im abgesicherten Modus mit Eingabe bereits die Ausführung des Trojaners nach einem vollständigen Scan unterbunden. So konnte ich meinen Rechner normal starten und theoretisch wieder mit ihm arbeiten. Nach einer Aktualisierung des Scanners und einem weiteren vollständigen Scan habe ich alle gefundenen Elemente gelöscht. Jetzt habe ich aus Angst das der Trojaner noch da ist die beschriebenen Schritte durchgeführt.. Im Anhang sind die entsprechenden Datein. Was soll ich jetzt tun????   LG Lisa |
|
18.06.2012, 11:46
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Entfernung des Ukash Trojaners und Dateiwiederherstellung Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
18.06.2012, 19:16
| #3 |
| | Entfernung des Ukash Trojaners und Dateiwiederherstellung Ok erstmal vielen Dank für die Antwort, habe alles so gamacht wie beschrieben hier die Logs. Hoffe es geht so manchmal bin ich leider etwas unbrauchbar daher kein Code-Tag. Ich habs als Anhang..
__________________ |
|
18.06.2012, 21:28
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Entfernung des Ukash Trojaners und DateiwiederherstellungCode:
ATTFilter C:\Users\Liz\AppData\Local\Temp\miaE282.tmp\data\OFFLINE\873987EB\53DCF9F9\registrybooster.exe
Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich. Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr startet.
Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen. Zerstörst Du die Registry, zerstörst Du Windows. Code:
ATTFilter C:\Bildbearbeitung\SoftonicDownloader_fuer_gimp.exe
 Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
19.06.2012, 17:33
| #5 |
| | Entfernung des Ukash Trojaners und Dateiwiederherstellung Also auf dem Desktop vermisse ich weder Ordner noch Anwendungen oder Ordnerinhalte. Ich kann den normalen Modus von Windows wieder benutzen. Soweit ich weiß funktionieren alle Anwendungen wobei ich bei meinem Bildbearbeitungsprogramm also Gimp (das ich mit Softonic runtergeladen habe) eine kleine Aufbauveränderung bemerkt habe (kein Fuktionsverlust sieht eher nach ner neueren Version aus). Aber alle Datein also Bilder, Dokumente und Musik in verschiedensten Ordner sind locked und somit nicht zu öffnen. Auch neu angelegte Dokumente beispielsweise werden sofort nach dem abspeichern locked. Noch kurz zum registry cleaner ich hab ehrlich gesagt keine Ahnung wo der herkommt. Wissentlich also mutwillig oder ähnliches hab ich den mir sicher nicht geholt. Hängt der bei irgendwas mir dran sodass er einfach mit gedownloaded wird bei einer Anwendung oder etc.?? |
|
19.06.2012, 22:50
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Entfernung des Ukash Trojaners und Dateiwiederherstellung Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ --> Entfernung des Ukash Trojaners und Dateiwiederherstellung |
|
20.06.2012, 16:06
| #7 |
| | Entfernung des Ukash Trojaners und Dateiwiederherstellung Ok hier ist es: Code:
ATTFilter OTL logfile created on: 20.06.2012 16:22:39 - Run 2 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Liz\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 1,30 Gb Available Physical Memory | 33,64% Memory free 7,73 Gb Paging File | 4,16 Gb Available in Paging File | 53,87% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 284,90 Gb Total Space | 84,87 Gb Free Space | 29,79% Space Free | Partition Type: NTFS Drive D: | 12,90 Gb Total Space | 2,15 Gb Free Space | 16,67% Space Free | Partition Type: NTFS Drive E: | 99,34 Mb Total Space | 95,41 Mb Free Space | 96,05% Space Free | Partition Type: FAT32 Unable to calculate disk information. Computer Name: LIZ-PC | User Name: Liz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.14 17:20:04 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Liz\Desktop\OTL.exe PRC - [2012.05.04 15:43:20 | 001,561,768 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2012.02.26 16:01:44 | 000,295,728 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe PRC - [2012.02.16 15:29:02 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.03.28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2010.05.21 00:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010.05.21 00:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2009.10.01 06:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.10.01 06:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe ========== Modules (No Company Name) ========== MOD - [2012.06.14 20:36:25 | 014,325,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\517358eb2fd962a942dd1ea6afc5b93e\PresentationFramework.ni.dll MOD - [2012.06.14 20:35:57 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll MOD - [2012.06.14 20:35:46 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll MOD - [2012.06.14 20:35:15 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\e9d0ba41128f363f2390c7e630129c2b\PresentationCore.ni.dll MOD - [2012.05.18 12:52:59 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\3f9dee1ce0ccb42145293a5bfcbe7205\System.Management.ni.dll MOD - [2012.05.09 16:50:22 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fc626095c194be137bceb219934b06a7\PresentationFramework.Aero.ni.dll MOD - [2012.05.09 16:50:05 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll MOD - [2012.05.09 16:50:04 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\294d439cfe959b5528ca81d37d3d502f\System.Data.ni.dll MOD - [2012.05.09 16:49:29 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\5e398c245811fe932ce6bcf68664e307\UIAutomationTypes.ni.dll MOD - [2012.05.09 16:49:17 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll MOD - [2012.05.09 16:49:12 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll MOD - [2012.05.09 16:49:08 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll MOD - [2012.05.09 16:49:07 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll MOD - [2012.05.09 16:49:01 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll MOD - [2011.09.18 13:19:32 | 000,036,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2010.05.04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2010.01.24 12:30:39 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2010.01.24 12:30:39 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll MOD - [2010.01.24 12:30:15 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.10.16 13:10:14 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll MOD - [2009.10.16 13:10:14 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll MOD - [2009.10.16 13:10:14 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2009.09.29 16:25:46 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll MOD - [2009.09.29 16:25:44 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll MOD - [2009.09.29 16:25:38 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll MOD - [2009.09.29 16:25:38 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll MOD - [2009.09.29 16:25:38 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll MOD - [2009.09.29 16:25:36 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll MOD - [2009.09.29 16:25:28 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll MOD - [2009.09.29 16:25:18 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll MOD - [2009.06.10 23:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.11.25 08:17:18 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2011.06.21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.03.28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2011.01.02 21:29:50 | 000,009,216 | ---- | M] (www.shadowexplorer.com) [Auto | Running] -- C:\Program Files (x86)\ShadowExplorer\sesvc.exe -- (sesvc) SRV - [2009.11.18 04:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV - [2009.10.01 06:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2009.10.01 06:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.02.22 13:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.11.25 08:52:16 | 006,174,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.11.19 04:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.11.03 20:59:04 | 000,299,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.10.24 03:53:00 | 000,291,328 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.10.13 12:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.10.05 10:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.09.23 03:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009.09.17 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.04.29 09:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2009.09.23 03:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{57D9654D-C33C-43F5-A8E4-AA77DD70F2B3}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010006&st=10 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=stonicde&s={searchTerms}&f=4 IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {32b29df0-2237-4370-9a29-37cebb730e9b} - SOFTWARE\Classes\CLSID\{32b29df0-2237-4370-9a29-37cebb730e9b}\InprocServer32 File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{57D9654D-C33C-43F5-A8E4-AA77DD70F2B3}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2704262 IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010006&st=10&q={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/br/ie9_startpage IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gerhart-hauptmann-gymnasium.de/ IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\URLSearchHook: {32b29df0-2237-4370-9a29-37cebb730e9b} - SOFTWARE\Classes\CLSID\{32b29df0-2237-4370-9a29-37cebb730e9b}\InprocServer32 File not found IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes,DefaultScope = {6B1D1FB7-7233-4F7C-802C-21A1DDB12754} IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{09038620-190C-402B-A92F-18864E6AB22F}: "URL" = hxxp://go.1und1.de/br/ie9_search_web/?su={searchTerms} IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=stonicde&s={searchTerms}&f=4 IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=109867&babsrc=SP_ss&mntrId=7a2ec57c00000000000078e400168768 IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{40064957-18EB-412d-9146-3F57E8D92EEC}: "URL" = hxxp://go.web.de/br/ie9_search_pic/?su={searchTerms} IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{57D9654D-C33C-43F5-A8E4-AA77DD70F2B3}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{5A817CF6-92D5-4DE5-AC38-82DF8A73EF28}: "URL" = hxxp://go.gmx.net/br/ie9_search_web/?su={searchTerms} IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNC_de IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{6B1D1FB7-7233-4F7C-802C-21A1DDB12754}: "URL" = hxxp://go.web.de/br/ie9_search_web/?su={searchTerms} IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{8D27B32E-89EE-460e-82D2-5FC354078EAD}: "URL" = hxxp://go.web.de/br/ie9_search_produkte/?su={searchTerms} IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{A4CB8335-3F4C-4B88-B419-C754B7E5D09D}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=931b3d9c-75d5-440a-a6d3-6063ede3a1b7&apn_sauid=74633C05-283D-4941-9754-8972F9C550ED IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2704262 IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{DCE59F23-A446-45a5-9459-E68FDC0DE38D}: "URL" = hxxp://go.web.de/br/ie9_search_maps/?su={searchTerms} IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010006&st=10&q={searchTerms} IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Liz\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.25 19:39:58 | 000,000,000 | ---D | M] [2012.05.29 16:34:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010.09.28 18:14:06 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchstonicde.xml CHR - Extension: No name found = C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\locked-.rbsl CHR - Extension: No name found = C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\locked-.gllv CHR - Extension: No name found = C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\locked-.rbsl CHR - Extension: No name found = C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\locked-.gllv O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (FreeSoundRecorder Toolbar) - {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files (x86)\FreeSoundRecorder\tbFree.dll File not found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\Softonic\1.5.21.0\bh\Softonic.dll (Softonic.com) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (FreeSoundRecorder Toolbar) - {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files (x86)\FreeSoundRecorder\tbFree.dll File not found O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.5.21.0\SoftonicTlbr.dll (Softonic.com) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3:64bit: - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\Toolbar\WebBrowser: (FreeSoundRecorder Toolbar) - {32B29DF0-2237-4370-9A29-37CEBB730E9B} - C:\Program Files (x86)\FreeSoundRecorder\tbFree.dll File not found O3 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\Toolbar\WebBrowser: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe File not found O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000..\Run: [ICQ] ~"C:\Program Files (x86)\ICQ7.2\ICQ.exe" silent loginmode=4 File not found O4 - HKLM..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Liz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O7 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Liz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Liz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8:64bit: - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html () O8 - Extra context menu item: Free YouTube Download - C:\Users\Liz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Liz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html () O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe File not found O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab (GMNRev Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DA24F72-EB71-4CC1-912A-E01DF83FDE24}: DhcpNameServer = 40.8.1.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE7AC60A-6F36-452C-83E6-B7276A634670}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS) SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{34A028E3-EB05-4902-83B8-5AAE0C5EDB32} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1 ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L) Drivers32: msacm.iac2 - C:\Windows\SysWOW64\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L) Drivers32: vidc.iv31 - C:\Windows\SysWow64\ir32_32.dll (Intel(R) Corporation) Drivers32: vidc.iv32 - C:\Windows\SysWow64\ir32_32.dll (Intel(R) Corporation) Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation) Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) Drivers32: vidc.yvu9 - C:\Windows\SysWow64\Iyvu9_32.dll () CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.06.18 18:18:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.06.18 14:48:13 | 000,000,000 | ---D | C] -- C:\Users\Liz\AppData\Roaming\Malwarebytes [2012.06.18 14:48:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.18 14:47:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.18 14:47:52 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.18 14:47:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.14 18:06:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.06.14 18:06:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2012.06.14 17:40:15 | 000,000,000 | ---D | C] -- C:\Users\Liz\AppData\Roaming\www.shadowexplorer.com [2012.06.14 17:39:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer [2012.06.14 17:39:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ShadowExplorer [2012.06.14 17:37:27 | 000,937,024 | ---- | C] (ShadowExplorer.com ) -- C:\Users\Liz\Desktop\ShadowExplorer-0.8-setup.exe [2012.06.14 17:20:04 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Liz\Desktop\OTL.exe [2012.05.29 18:50:48 | 000,000,000 | ---D | C] -- C:\Users\Liz\Desktop\Hausarbeit GEO [2012.05.29 16:58:04 | 000,000,000 | ---D | C] -- C:\Users\Liz\AppData\Local\Sony [2012.05.29 16:35:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Softonic [2012.05.29 16:34:18 | 002,557,952 | ---- | C] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Windows\SysWow64\QtCore4.dll [2012.05.29 16:33:00 | 001,671,128 | ---- | C] (Softonic) -- C:\Users\Liz\Desktop\Softonic_ggl_1.5.21.0.exe [2012.05.29 16:32:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com [2012.05.29 16:31:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony [2012.05.29 16:31:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony [2012.05.29 16:31:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony [2012.05.29 16:31:24 | 000,000,000 | ---D | C] -- C:\Users\Liz\AppData\Local\APN [2012.05.29 16:27:40 | 000,000,000 | ---D | C] -- C:\Users\Liz\AppData\Roaming\Sony [2012.05.28 18:44:13 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM [2012.05.28 18:44:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SweetIM [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.20 16:25:42 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.20 16:25:42 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.20 16:18:38 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.20 16:18:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.20 16:18:18 | 3112,587,264 | -HS- | M] () -- C:\hiberfil.sys [2012.06.19 19:35:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.18 18:09:04 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLiz.job [2012.06.18 14:48:01 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.18 14:13:23 | 000,000,147 | ---- | M] () -- C:\Windows\system32err.xml [2012.06.14 20:34:15 | 000,394,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.14 18:21:48 | 000,015,363 | ---- | M] () -- C:\Users\Liz\Desktop\Extras.rar [2012.06.14 18:06:22 | 001,110,476 | ---- | M] () -- C:\Users\Liz\Desktop\7z920.exe [2012.06.14 17:39:58 | 000,001,845 | ---- | M] () -- C:\Users\Liz\Desktop\ShadowExplorer.lnk [2012.06.14 17:37:27 | 000,937,024 | ---- | M] (ShadowExplorer.com ) -- C:\Users\Liz\Desktop\ShadowExplorer-0.8-setup.exe [2012.06.14 17:20:04 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Liz\Desktop\OTL.exe [2012.06.14 17:19:37 | 000,000,000 | ---- | M] () -- C:\Users\Liz\defogger_reenable [2012.06.14 09:55:49 | 001,478,530 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.14 09:55:49 | 000,645,966 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.14 09:55:49 | 000,609,290 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.14 09:55:49 | 000,127,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.14 09:55:49 | 000,104,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.07 15:18:22 | 000,000,680 | ---- | M] () -- C:\Users\Liz\locked-ntuser.pol.bzis [2012.06.07 15:17:37 | 000,010,240 | ---- | M] () -- C:\Users\Liz\Documents\locked-Öffnungszeiten Bahnhof WR.wps.pnsc [2012.06.07 15:17:33 | 000,025,770 | ---- | M] () -- C:\Users\Liz\Documents\locked-Weil ich das Herz dazu habe!.odt.lbhr [2012.06.07 15:17:33 | 000,002,676 | ---- | M] () -- C:\Users\Liz\Documents\locked-Vegas Pro registrieren.htm.bzbz [2012.06.07 15:17:32 | 000,027,136 | ---- | M] () -- C:\Users\Liz\Documents\locked-Turba Insula-Primo Aduento Menses.wps.xxon [2012.06.07 15:17:30 | 000,673,280 | ---- | M] () -- C:\Users\Liz\Documents\locked-sbk-we in werni.wps.irbi [2012.06.07 15:17:30 | 000,194,540 | ---- | M] () -- C:\Users\Liz\Documents\locked-Schueler-Test-Ergebnis_Hofmann.pdf.xjox [2012.06.07 15:17:28 | 000,016,896 | ---- | M] () -- C:\Users\Liz\Documents\locked-Praktikumsbericht.wps.zzhz [2012.06.07 15:17:20 | 000,175,599 | ---- | M] () -- C:\Users\Liz\Documents\locked-Muttizettel.pdf.tqxq [2012.06.07 15:17:20 | 000,002,301 | ---- | M] () -- C:\Users\Liz\Documents\locked-Neue Datenbank.odb.lrhr [2012.06.07 15:16:17 | 000,040,448 | ---- | M] () -- C:\Users\Liz\Documents\locked-Mein Leben mit dem Herr.wps.qonj [2012.06.07 15:16:16 | 000,020,489 | ---- | M] () -- C:\Users\Liz\Documents\locked-hörspiel.odt.qnnf [2012.06.07 15:16:16 | 000,009,728 | ---- | M] () -- C:\Users\Liz\Documents\locked-Gedicht.wps.aeaa [2012.06.07 15:15:44 | 000,013,312 | ---- | M] () -- C:\Users\Liz\Documents\locked-Bewerbung.wps.nrss [2012.06.07 15:15:44 | 000,012,288 | ---- | M] () -- C:\Users\Liz\Documents\locked-Christologie.wps.libi [2012.06.07 15:15:42 | 001,671,128 | ---- | M] () -- C:\Users\Liz\Desktop\locked-Softonic_ggl_1.5.21.0.exe.eglu [2012.06.07 15:15:42 | 000,033,551 | ---- | M] () -- C:\Users\Liz\Desktop\locked-Rinces Gewichtstabelle Damen.ods.apal [2012.06.07 15:15:42 | 000,013,596 | ---- | M] () -- C:\Users\Liz\Desktop\locked-reisevollmacht_deutsch.pdf.puar [2012.06.07 15:15:42 | 000,010,752 | ---- | M] () -- C:\Users\Liz\Desktop\locked-Reisevollmacht.wps.kkyp [2012.06.07 15:15:42 | 000,000,195 | ---- | M] () -- C:\Users\Liz\Desktop\locked-SweetPcFix.url.znhb [2012.06.07 15:15:41 | 665,127,020 | ---- | M] () -- C:\Users\Liz\Desktop\locked-P1280038.AVI.dofq [2012.06.07 15:15:41 | 1179,021,868 | ---- | M] () -- C:\Users\Liz\Desktop\locked-P5280045.AVI.ggru [2012.06.07 15:15:41 | 000,011,497 | ---- | M] () -- C:\Users\Liz\Desktop\locked-reisevollmacht TAB.odt.ulvr [2012.06.07 15:15:34 | 003,894,873 | ---- | M] () -- C:\Users\Liz\Desktop\locked-Deutsch Romantik.odp.shli [2012.06.07 15:15:34 | 002,682,410 | ---- | M] () -- C:\Users\Liz\locked-Derenburg neu Dari.jpg.tojf [2012.06.07 15:15:34 | 000,010,267 | ---- | M] () -- C:\Users\Liz\Desktop\locked-Abnehmen.ods.wfwe [2012.06.07 15:15:02 | 000,001,854 | ---- | M] () -- C:\Users\Liz\AppData\Roaming\locked-GhostObjGAFix.xml.lblr [2012.06.07 15:12:50 | 000,072,185 | ---- | M] () -- C:\Users\Liz\locked-.recently-used.xbel.vgpe [2012.05.29 16:35:37 | 000,000,111 | ---- | M] () -- C:\user.js [2012.05.29 16:34:18 | 000,001,199 | ---- | M] () -- C:\Users\Liz\Desktop\DVDVideoSoft Free Studio.lnk [2012.05.29 16:34:18 | 000,001,188 | ---- | M] () -- C:\Users\Liz\Desktop\Free Video Dub.lnk [2012.05.29 16:33:31 | 001,671,128 | ---- | M] (Softonic) -- C:\Users\Liz\Desktop\Softonic_ggl_1.5.21.0.exe [2012.05.29 11:45:17 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLIZ-PC$.job [2012.05.27 15:45:07 | 000,011,788 | ---- | M] () -- C:\Users\Liz\AppData\Roaming\wklnhst.dat [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.18 14:48:01 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.14 18:21:45 | 000,015,363 | ---- | C] () -- C:\Users\Liz\Desktop\Extras.rar [2012.06.14 18:06:21 | 001,110,476 | ---- | C] () -- C:\Users\Liz\Desktop\7z920.exe [2012.06.14 17:39:58 | 000,001,845 | ---- | C] () -- C:\Users\Liz\Desktop\ShadowExplorer.lnk [2012.06.14 17:19:37 | 000,000,000 | ---- | C] () -- C:\Users\Liz\defogger_reenable [2012.06.04 18:13:30 | 000,072,185 | ---- | C] () -- C:\Users\Liz\locked-.recently-used.xbel.vgpe [2012.06.03 17:35:38 | 000,000,324 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForLiz.job [2012.06.02 15:04:01 | 000,002,301 | ---- | C] () -- C:\Users\Liz\Documents\locked-Neue Datenbank.odb.lrhr [2012.05.29 16:59:50 | 000,002,676 | ---- | C] () -- C:\Users\Liz\Documents\locked-Vegas Pro registrieren.htm.bzbz [2012.05.29 16:35:37 | 000,000,111 | ---- | C] () -- C:\user.js [2012.05.29 16:34:18 | 000,001,199 | ---- | C] () -- C:\Users\Liz\Desktop\DVDVideoSoft Free Studio.lnk [2012.05.29 16:34:18 | 000,001,188 | ---- | C] () -- C:\Users\Liz\Desktop\Free Video Dub.lnk [2012.05.29 16:33:00 | 001,671,128 | ---- | C] () -- C:\Users\Liz\Desktop\locked-Softonic_ggl_1.5.21.0.exe.eglu [2012.05.28 18:44:01 | 000,000,195 | ---- | C] () -- C:\Users\Liz\Desktop\locked-SweetPcFix.url.znhb [2012.05.28 12:40:16 | 1179,021,868 | ---- | C] () -- C:\Users\Liz\Desktop\locked-P5280045.AVI.ggru [2011.07.19 18:08:50 | 000,000,244 | ---- | C] () -- C:\Windows\ODBCINST.INI [2011.02.27 16:47:29 | 000,001,854 | ---- | C] () -- C:\Users\Liz\AppData\Roaming\locked-GhostObjGAFix.xml.lblr [2011.01.26 16:12:54 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.12.10 11:52:44 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\Iyvu9_32.dll [2010.09.06 21:53:46 | 000,005,120 | ---- | C] () -- C:\Users\Liz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.04 11:48:12 | 000,216,695 | ---- | C] () -- C:\Users\Liz\AppData\Roaming\mdbu.bin [2010.06.28 17:37:35 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat ========== LOP Check ========== [2012.06.11 20:17:48 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\.minecraft [2012.06.07 15:14:57 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Babylon [2011.06.25 12:43:01 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012.05.29 16:56:01 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\DVDVideoSoft [2012.06.07 15:15:02 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\DVDVideoSoftIEHelpers [2012.06.19 18:28:01 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\gtk-2.0 [2012.06.07 15:15:10 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\ICQ [2010.06.20 15:16:59 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\newfolder3 [2010.09.21 21:24:26 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\OpenOffice.org [2012.06.07 15:15:33 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Sony [2010.05.15 12:24:20 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Template [2011.10.21 00:03:36 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\wargaming.net [2012.06.14 17:40:15 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\www.shadowexplorer.com [2012.04.15 20:00:25 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.06.11 20:17:48 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\.minecraft [2011.06.25 12:42:25 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Adobe [2012.01.13 21:24:25 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Apple Computer [2010.05.14 18:00:36 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\ATI [2012.06.07 15:14:57 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Babylon [2011.06.25 12:43:01 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2011.02.20 15:27:31 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\CyberLink [2010.08.22 16:35:33 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\DivX [2012.05.29 16:56:01 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\DVDVideoSoft [2012.06.07 15:15:02 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\DVDVideoSoftIEHelpers [2010.06.14 15:53:37 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Google [2012.06.19 18:28:01 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\gtk-2.0 [2011.05.08 11:28:04 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Hewlett-Packard [2012.06.07 15:15:05 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\HP Support Assistant [2012.06.11 20:36:22 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\hpqLog [2012.06.07 15:15:05 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\HpUpdate [2012.06.07 15:15:10 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\ICQ [2010.05.14 17:59:17 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Identities [2010.05.18 17:17:05 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Macromedia [2012.06.18 14:48:13 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Malwarebytes [2010.02.11 11:07:50 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Media Center Programs [2012.01.09 21:57:17 | 000,000,000 | --SD | M] -- C:\Users\Liz\AppData\Roaming\Microsoft [2012.06.11 20:17:49 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Mozilla [2012.06.11 20:17:49 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\NCH Software [2010.06.20 15:16:59 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\newfolder3 [2010.09.21 21:24:26 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\OpenOffice.org [2012.06.11 20:20:26 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Skype [2012.06.07 15:15:33 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Sony [2010.05.15 12:24:20 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Template [2012.06.05 21:08:50 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\vlc [2011.10.21 00:03:36 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\wargaming.net [2011.03.10 14:42:39 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\WinRAR [2012.06.14 17:40:15 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\www.shadowexplorer.com < %APPDATA%\*.exe /s > [2011.06.25 12:42:23 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Liz\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2007.11.27 08:41:32 | 000,405,504 | ---- | M] () -- C:\Users\Liz\AppData\Roaming\NCH Software\Components\mp3el2\lame.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007.05.17 22:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll < MD5 for: IASTOR.SYS > [2009.10.13 12:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2009.10.13 12:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2009.10.13 12:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Windows\SysNative\drivers\iaStor.sys [2009.10.13 12:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_6fca727099cdabf1\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < End of report > |
|
20.06.2012, 22:07
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Entfernung des Ukash Trojaners und Dateiwiederherstellung Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT/4
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010006&st=10
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=stonicde&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {32b29df0-2237-4370-9a29-37cebb730e9b} - SOFTWARE\Classes\CLSID\{32b29df0-2237-4370-9a29-37cebb730e9b}\InprocServer32 File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2704262
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010006&st=10&q={searchTerms}
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.web.de/br/ie9_startpage
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gerhart-hauptmann-gymnasium.de/
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\URLSearchHook: {32b29df0-2237-4370-9a29-37cebb730e9b} - SOFTWARE\Classes\CLSID\{32b29df0-2237-4370-9a29-37cebb730e9b}\InprocServer32 File not found
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes,DefaultScope = {6B1D1FB7-7233-4F7C-802C-21A1DDB12754}
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{09038620-190C-402B-A92F-18864E6AB22F}: "URL" = http://go.1und1.de/br/ie9_search_web/?su={searchTerms}
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=stonicde&s={searchTerms}&f=4
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=109867&babsrc=SP_ss&mntrId=7a2ec57c00000000000078e400168768
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{40064957-18EB-412d-9146-3F57E8D92EEC}: "URL" = http://go.web.de/br/ie9_search_pic/?su={searchTerms}
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{57D9654D-C33C-43F5-A8E4-AA77DD70F2B3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{5A817CF6-92D5-4DE5-AC38-82DF8A73EF28}: "URL" = http://go.gmx.net/br/ie9_search_web/?su={searchTerms}
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNC_de
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{6B1D1FB7-7233-4F7C-802C-21A1DDB12754}: "URL" = http://go.web.de/br/ie9_search_web/?su={searchTerms}
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{8D27B32E-89EE-460e-82D2-5FC354078EAD}: "URL" = http://go.web.de/br/ie9_search_produkte/?su={searchTerms}
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{A4CB8335-3F4C-4B88-B419-C754B7E5D09D}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=931b3d9c-75d5-440a-a6d3-6063ede3a1b7&apn_sauid=74633C05-283D-4941-9754-8972F9C550ED
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2704262
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{DCE59F23-A446-45a5-9459-E68FDC0DE38D}: "URL" = http://go.web.de/br/ie9_search_maps/?su={searchTerms}
IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010006&st=10&q={searchTerms}
[2010.09.28 18:14:06 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchstonicde.xml
CHR - Extension: No name found = C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\locked-.rbsl
CHR - Extension: No name found = C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\locked-.gllv
CHR - Extension: No name found = C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\locked-.rbsl
CHR - Extension: No name found = C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\locked-.gllv
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (FreeSoundRecorder Toolbar) - {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files (x86)\FreeSoundRecorder\tbFree.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\Softonic\1.5.21.0\bh\Softonic.dll (Softonic.com)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (FreeSoundRecorder Toolbar) - {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files (x86)\FreeSoundRecorder\tbFree.dll File not found
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.5.21.0\SoftonicTlbr.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\Toolbar\WebBrowser: (FreeSoundRecorder Toolbar) - {32B29DF0-2237-4370-9A29-37CEBB730E9B} - C:\Program Files (x86)\FreeSoundRecorder\tbFree.dll File not found
O3 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\Toolbar\WebBrowser: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DA24F72-EB71-4CC1-912A-E01DF83FDE24}: DhcpNameServer = 40.8.1.100
:Files
C:\Program Files (x86)\Softonic
C:\Program Files (x86)\SweetIM
C:\Program Files (x86)\Ask.com
C:\ProgramData\SweetIM
C:\Windows\system32err.xml
C:\user.js
C:\Users\Liz\AppData\Roaming\Babylon
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.06.2012, 18:56
| #9 |
| | Entfernung des Ukash Trojaners und Dateiwiederherstellung Hier ist die Datei: Code:
ATTFilter All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{32b29df0-2237-4370-9a29-37cebb730e9b} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32b29df0-2237-4370-9a29-37cebb730e9b}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
HKU\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{32b29df0-2237-4370-9a29-37cebb730e9b} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32b29df0-2237-4370-9a29-37cebb730e9b}\ not found.
Registry value HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll not found.
Registry value HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\SearchScopes\{09038620-190C-402B-A92F-18864E6AB22F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09038620-190C-402B-A92F-18864E6AB22F}\ not found.
Registry key HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Registry key HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\SearchScopes\{40064957-18EB-412d-9146-3F57E8D92EEC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40064957-18EB-412d-9146-3F57E8D92EEC}\ not found.
Registry key HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\SearchScopes\{57D9654D-C33C-43F5-A8E4-AA77DD70F2B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57D9654D-C33C-43F5-A8E4-AA77DD70F2B3}\ not found.
Registry key HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5A817CF6-92D5-4DE5-AC38-82DF8A73EF28}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A817CF6-92D5-4DE5-AC38-82DF8A73EF28}\ not found.
Registry key HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6B1D1FB7-7233-4F7C-802C-21A1DDB12754}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B1D1FB7-7233-4F7C-802C-21A1DDB12754}\ not found.
Registry key HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8D27B32E-89EE-460e-82D2-5FC354078EAD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8D27B32E-89EE-460e-82D2-5FC354078EAD}\ not found.
Registry key HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A4CB8335-3F4C-4B88-B419-C754B7E5D09D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4CB8335-3F4C-4B88-B419-C754B7E5D09D}\ not found.
Registry key HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\SearchScopes\{DCE59F23-A446-45a5-9459-E68FDC0DE38D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DCE59F23-A446-45a5-9459-E68FDC0DE38D}\ not found.
Registry key HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrchstonicde.xml moved successfully.
File C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\locked-.rbsl not found.
File C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\locked-.gllv not found.
File C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\locked-.rbsl not found.
File C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\locked-.gllv not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{32b29df0-2237-4370-9a29-37cebb730e9b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32b29df0-2237-4370-9a29-37cebb730e9b}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E87806B5-E908-45FD-AF5E-957D83E58E68}\ deleted successfully.
C:\Program Files (x86)\Softonic\Softonic\1.5.21.0\bh\Softonic.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully.
File C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32b29df0-2237-4370-9a29-37cebb730e9b} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32b29df0-2237-4370-9a29-37cebb730e9b}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}\ deleted successfully.
C:\Program Files (x86)\Softonic\Softonic\1.5.21.0\SoftonicTlbr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ deleted successfully.
File C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
64bit-Registry value HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
File C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll not found.
Registry value HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32B29DF0-2237-4370-9A29-37CEBB730E9B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32B29DF0-2237-4370-9A29-37CEBB730E9B}\ not found.
Registry value HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
File C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll not found.
Registry value HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
File C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files (x86)\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SweetIM deleted successfully.
C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Sweetpacks Communicator deleted successfully.
C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideFastUserSwitching deleted successfully.
Registry value HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableLockWorkstation deleted successfully.
Registry value HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableChangePassword deleted successfully.
Registry value HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\LogonHoursAction deleted successfully.
Registry value HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DontDisplayLogonHoursWarnings deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8DA24F72-EB71-4CC1-912A-E01DF83FDE24}\\DhcpNameServer| /E : value set successfully!
========== FILES ==========
C:\Program Files (x86)\Softonic\Softonic\1.5.21.0\bh folder moved successfully.
C:\Program Files (x86)\Softonic\Softonic\1.5.21.0 folder moved successfully.
C:\Program Files (x86)\Softonic\Softonic folder moved successfully.
C:\Program Files (x86)\Softonic folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\conf folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars folder moved successfully.
C:\Program Files (x86)\SweetIM\Messenger\resources\sqlite folder moved successfully.
C:\Program Files (x86)\SweetIM\Messenger\resources\images folder moved successfully.
C:\Program Files (x86)\SweetIM\Messenger\resources folder moved successfully.
C:\Program Files (x86)\SweetIM\Messenger folder moved successfully.
C:\Program Files (x86)\SweetIM\Communicator\resources\sqlite folder moved successfully.
C:\Program Files (x86)\SweetIM\Communicator\resources folder moved successfully.
C:\Program Files (x86)\SweetIM\Communicator\Microsoft.VC90.CRT folder moved successfully.
C:\Program Files (x86)\SweetIM\Communicator folder moved successfully.
C:\Program Files (x86)\SweetIM folder moved successfully.
C:\Program Files (x86)\Ask.com\Updater folder moved successfully.
C:\Program Files (x86)\Ask.com\assets\oobe folder moved successfully.
C:\Program Files (x86)\Ask.com\assets folder moved successfully.
C:\Program Files (x86)\Ask.com folder moved successfully.
C:\ProgramData\SweetIM\Messenger\update folder moved successfully.
C:\ProgramData\SweetIM\Messenger\logs folder moved successfully.
C:\ProgramData\SweetIM\Messenger\data\packages\FailDialog folder moved successfully.
C:\ProgramData\SweetIM\Messenger\data\packages folder moved successfully.
C:\ProgramData\SweetIM\Messenger\data\contentdb folder moved successfully.
C:\ProgramData\SweetIM\Messenger\data\Bars\Default\400 folder moved successfully.
C:\ProgramData\SweetIM\Messenger\data\Bars\Default\200 folder moved successfully.
C:\ProgramData\SweetIM\Messenger\data\Bars\Default\100 folder moved successfully.
C:\ProgramData\SweetIM\Messenger\data\Bars\Default folder moved successfully.
C:\ProgramData\SweetIM\Messenger\data\Bars folder moved successfully.
C:\ProgramData\SweetIM\Messenger\data folder moved successfully.
C:\ProgramData\SweetIM\Messenger\conf\users folder moved successfully.
C:\ProgramData\SweetIM\Messenger\conf folder moved successfully.
C:\ProgramData\SweetIM\Messenger folder moved successfully.
C:\ProgramData\SweetIM\Communicator\Logs folder moved successfully.
C:\ProgramData\SweetIM\Communicator\conf folder moved successfully.
C:\ProgramData\SweetIM\Communicator folder moved successfully.
C:\ProgramData\SweetIM folder moved successfully.
C:\Windows\system32err.xml moved successfully.
C:\user.js moved successfully.
C:\Users\Liz\AppData\Roaming\Babylon folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: AppData
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Franz
User: Liz
->Temp folder emptied: 614877201 bytes
->Temporary Internet Files folder emptied: 4463834988 bytes
->Java cache emptied: 18727 bytes
->Google Chrome cache emptied: 6679271 bytes
->Flash cache emptied: 81493 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 106859823 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes
RecycleBin emptied: 98506496 bytes
Total Files Cleaned = 5.046,00 mb
[EMPTYFLASH]
User: All Users
User: AppData
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Franz
User: Liz
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.48.0 log created on 06222012_194655
Files\Folders moved on Reboot...
C:\Users\Liz\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\MpCmdRun.log moved successfully.
Registry entries deleted on Reboot...
Hat soweit alles gut funktioniert. Wie gehts weiter? Kann ich auch in den anderen Sachen Malware und Eset die infizierten Datein jetzt löschen? LG LisaMarie |
|
24.06.2012, 15:48
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Entfernung des Ukash Trojaners und Dateiwiederherstellung Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.06.2012, 17:40
| #11 |
| | Entfernung des Ukash Trojaners und Dateiwiederherstellung Hier das Log: Code:
ATTFilter 18:33:13.0650 6064 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
18:33:13.0884 6064 ============================================================
18:33:13.0884 6064 Current date / time: 2012/06/24 18:33:13.0884
18:33:13.0884 6064 SystemInfo:
18:33:13.0884 6064
18:33:13.0884 6064 OS Version: 6.1.7600 ServicePack: 0.0
18:33:13.0884 6064 Product type: Workstation
18:33:13.0884 6064 ComputerName: LIZ-PC
18:33:13.0884 6064 UserName: Liz
18:33:13.0884 6064 Windows directory: C:\Windows
18:33:13.0884 6064 System windows directory: C:\Windows
18:33:13.0884 6064 Running under WOW64
18:33:13.0884 6064 Processor architecture: Intel x64
18:33:13.0884 6064 Number of processors: 4
18:33:13.0884 6064 Page size: 0x1000
18:33:13.0884 6064 Boot type: Normal boot
18:33:13.0884 6064 ============================================================
18:33:14.0305 6064 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:33:14.0305 6064 ============================================================
18:33:14.0305 6064 \Device\Harddisk0\DR0:
18:33:14.0305 6064 MBR partitions:
18:33:14.0305 6064 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
18:33:14.0305 6064 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x239CC000
18:33:14.0305 6064 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23A30000, BlocksNum 0x19CA800
18:33:14.0305 6064 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
18:33:14.0305 6064 ============================================================
18:33:14.0321 6064 C: <-> \Device\Harddisk0\DR0\Partition1
18:33:14.0367 6064 D: <-> \Device\Harddisk0\DR0\Partition2
18:33:14.0383 6064 E: <-> \Device\Harddisk0\DR0\Partition3
18:33:14.0383 6064 ============================================================
18:33:14.0383 6064 Initialize success
18:33:14.0383 6064 ============================================================
18:33:27.0643 5396 ============================================================
18:33:27.0643 5396 Scan started
18:33:27.0643 5396 Mode: Manual; SigCheck; TDLFS;
18:33:27.0643 5396 ============================================================
18:33:28.0220 5396 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
18:33:28.0361 5396 1394ohci - ok
18:33:28.0439 5396 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
18:33:28.0470 5396 ACPI - ok
18:33:28.0517 5396 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
18:33:28.0610 5396 AcpiPmi - ok
18:33:28.0719 5396 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:33:28.0735 5396 AdobeARMservice - ok
18:33:28.0844 5396 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:33:28.0891 5396 adp94xx - ok
18:33:28.0969 5396 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:33:29.0016 5396 adpahci - ok
18:33:29.0047 5396 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:33:29.0094 5396 adpu320 - ok
18:33:29.0125 5396 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:33:29.0297 5396 AeLookupSvc - ok
18:33:29.0375 5396 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
18:33:29.0406 5396 AERTFilters - ok
18:33:29.0499 5396 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
18:33:29.0577 5396 AFD - ok
18:33:29.0718 5396 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
18:33:29.0827 5396 AgereSoftModem - ok
18:33:29.0889 5396 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
18:33:29.0905 5396 agp440 - ok
18:33:29.0952 5396 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:33:30.0045 5396 ALG - ok
18:33:30.0108 5396 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
18:33:30.0123 5396 aliide - ok
18:33:30.0201 5396 AMD External Events Utility (1d317ea326423ff7630cf1da3bd46a1c) C:\Windows\system32\atiesrxx.exe
18:33:30.0295 5396 AMD External Events Utility - ok
18:33:30.0311 5396 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
18:33:30.0326 5396 amdide - ok
18:33:30.0404 5396 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:33:30.0467 5396 AmdK8 - ok
18:33:30.0498 5396 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:33:30.0545 5396 AmdPPM - ok
18:33:30.0591 5396 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
18:33:30.0623 5396 amdsata - ok
18:33:30.0685 5396 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:33:30.0716 5396 amdsbs - ok
18:33:30.0732 5396 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
18:33:30.0747 5396 amdxata - ok
18:33:30.0810 5396 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
18:33:30.0919 5396 AppID - ok
18:33:30.0935 5396 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:33:30.0997 5396 AppIDSvc - ok
18:33:31.0044 5396 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
18:33:31.0091 5396 Appinfo - ok
18:33:31.0137 5396 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:33:31.0169 5396 arc - ok
18:33:31.0184 5396 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:33:31.0215 5396 arcsas - ok
18:33:31.0262 5396 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:33:31.0325 5396 AsyncMac - ok
18:33:31.0371 5396 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
18:33:31.0387 5396 atapi - ok
18:33:31.0543 5396 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
18:33:31.0652 5396 athr - ok
18:33:31.0824 5396 AtiHdmiService (d481083348138b4933acfe95812db71c) C:\Windows\system32\drivers\AtiHdmi.sys
18:33:31.0871 5396 AtiHdmiService - ok
18:33:32.0339 5396 atikmdag (19b5c61cb09bff2bd69e063ee54b56c3) C:\Windows\system32\DRIVERS\atikmdag.sys
18:33:32.0479 5396 atikmdag - ok
18:33:32.0651 5396 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
18:33:32.0791 5396 AudioEndpointBuilder - ok
18:33:32.0807 5396 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
18:33:32.0853 5396 AudioSrv - ok
18:33:32.0885 5396 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
18:33:32.0994 5396 AxInstSV - ok
18:33:33.0087 5396 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:33:33.0150 5396 b06bdrv - ok
18:33:33.0228 5396 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:33:33.0275 5396 b57nd60a - ok
18:33:33.0306 5396 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:33:33.0368 5396 BDESVC - ok
18:33:33.0368 5396 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:33:33.0446 5396 Beep - ok
18:33:33.0540 5396 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
18:33:33.0618 5396 BFE - ok
18:33:33.0696 5396 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
18:33:33.0774 5396 BITS - ok
18:33:33.0852 5396 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:33:33.0883 5396 blbdrive - ok
18:33:33.0930 5396 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
18:33:34.0008 5396 bowser - ok
18:33:34.0055 5396 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:33:34.0086 5396 BrFiltLo - ok
18:33:34.0101 5396 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:33:34.0117 5396 BrFiltUp - ok
18:33:34.0164 5396 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
18:33:34.0257 5396 Browser - ok
18:33:34.0304 5396 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:33:34.0335 5396 Brserid - ok
18:33:34.0367 5396 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:33:34.0413 5396 BrSerWdm - ok
18:33:34.0429 5396 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:33:34.0476 5396 BrUsbMdm - ok
18:33:34.0491 5396 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:33:34.0538 5396 BrUsbSer - ok
18:33:34.0569 5396 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:33:34.0616 5396 BTHMODEM - ok
18:33:34.0647 5396 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:33:34.0725 5396 bthserv - ok
18:33:34.0772 5396 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:33:34.0866 5396 cdfs - ok
18:33:34.0913 5396 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
18:33:34.0959 5396 cdrom - ok
18:33:35.0006 5396 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
18:33:35.0069 5396 CertPropSvc - ok
18:33:35.0115 5396 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:33:35.0162 5396 circlass - ok
18:33:35.0225 5396 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:33:35.0256 5396 CLFS - ok
18:33:35.0318 5396 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:33:35.0334 5396 clr_optimization_v2.0.50727_32 - ok
18:33:35.0381 5396 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:33:35.0396 5396 clr_optimization_v2.0.50727_64 - ok
18:33:35.0459 5396 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:33:35.0474 5396 CmBatt - ok
18:33:35.0490 5396 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
18:33:35.0505 5396 cmdide - ok
18:33:35.0568 5396 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
18:33:35.0646 5396 CNG - ok
18:33:35.0771 5396 Com4QLBEx (c7a0e61d5714ac20de52d4f66ec773b8) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
18:33:35.0786 5396 Com4QLBEx - ok
18:33:35.0833 5396 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:33:35.0849 5396 Compbatt - ok
18:33:35.0911 5396 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
18:33:35.0958 5396 CompositeBus - ok
18:33:35.0973 5396 COMSysApp - ok
18:33:35.0989 5396 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:33:36.0005 5396 crcdisk - ok
18:33:36.0067 5396 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
18:33:36.0161 5396 CryptSvc - ok
18:33:36.0223 5396 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
18:33:36.0317 5396 DcomLaunch - ok
18:33:36.0379 5396 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:33:36.0457 5396 defragsvc - ok
18:33:36.0519 5396 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
18:33:36.0551 5396 DfsC - ok
18:33:36.0613 5396 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
18:33:36.0707 5396 Dhcp - ok
18:33:36.0738 5396 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:33:36.0800 5396 discache - ok
18:33:36.0847 5396 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:33:36.0878 5396 Disk - ok
18:33:36.0925 5396 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
18:33:36.0972 5396 Dnscache - ok
18:33:37.0003 5396 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
18:33:37.0097 5396 dot3svc - ok
18:33:37.0128 5396 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
18:33:37.0190 5396 DPS - ok
18:33:37.0221 5396 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:33:37.0253 5396 drmkaud - ok
18:33:37.0346 5396 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
18:33:37.0393 5396 DXGKrnl - ok
18:33:37.0455 5396 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:33:37.0549 5396 EapHost - ok
18:33:37.0799 5396 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:33:37.0892 5396 ebdrv - ok
18:33:38.0017 5396 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
18:33:38.0064 5396 EFS - ok
18:33:38.0189 5396 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
18:33:38.0267 5396 ehRecvr - ok
18:33:38.0313 5396 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:33:38.0376 5396 ehSched - ok
18:33:38.0485 5396 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:33:38.0516 5396 elxstor - ok
18:33:38.0532 5396 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
18:33:38.0563 5396 ErrDev - ok
18:33:38.0641 5396 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:33:38.0735 5396 EventSystem - ok
18:33:38.0797 5396 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:33:38.0891 5396 exfat - ok
18:33:38.0922 5396 ezSharedSvc - ok
18:33:38.0953 5396 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:33:39.0047 5396 fastfat - ok
18:33:39.0125 5396 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
18:33:39.0187 5396 Fax - ok
18:33:39.0234 5396 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:33:39.0281 5396 fdc - ok
18:33:39.0296 5396 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:33:39.0359 5396 fdPHost - ok
18:33:39.0390 5396 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:33:39.0437 5396 FDResPub - ok
18:33:39.0468 5396 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:33:39.0483 5396 FileInfo - ok
18:33:39.0499 5396 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:33:39.0546 5396 Filetrace - ok
18:33:39.0577 5396 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:33:39.0608 5396 flpydisk - ok
18:33:39.0624 5396 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
18:33:39.0639 5396 FltMgr - ok
18:33:39.0764 5396 FontCache (bc00505cfda789ed3be95d2ff38c4875) C:\Windows\system32\FntCache.dll
18:33:39.0858 5396 FontCache - ok
18:33:39.0889 5396 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:33:39.0920 5396 FontCache3.0.0.0 - ok
18:33:39.0936 5396 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:33:39.0951 5396 FsDepends - ok
18:33:39.0983 5396 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
18:33:39.0998 5396 Fs_Rec - ok
18:33:40.0061 5396 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
18:33:40.0092 5396 fvevol - ok
18:33:40.0139 5396 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:33:40.0154 5396 gagp30kx - ok
18:33:40.0248 5396 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
18:33:40.0326 5396 gpsvc - ok
18:33:40.0419 5396 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:33:40.0451 5396 gupdate - ok
18:33:40.0482 5396 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:33:40.0482 5396 gupdatem - ok
18:33:40.0513 5396 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:33:40.0529 5396 gusvc - ok
18:33:40.0591 5396 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:33:40.0653 5396 hcw85cir - ok
18:33:40.0716 5396 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
18:33:40.0778 5396 HdAudAddService - ok
18:33:40.0825 5396 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:33:40.0872 5396 HDAudBus - ok
18:33:40.0887 5396 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
18:33:40.0903 5396 HECIx64 - ok
18:33:40.0919 5396 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:33:40.0950 5396 HidBatt - ok
18:33:40.0981 5396 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:33:41.0028 5396 HidBth - ok
18:33:41.0059 5396 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:33:41.0106 5396 HidIr - ok
18:33:41.0137 5396 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
18:33:41.0231 5396 hidserv - ok
18:33:41.0246 5396 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
18:33:41.0262 5396 HidUsb - ok
18:33:41.0277 5396 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
18:33:41.0371 5396 hkmsvc - ok
18:33:41.0402 5396 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
18:33:41.0465 5396 HomeGroupListener - ok
18:33:41.0511 5396 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
18:33:41.0543 5396 HomeGroupProvider - ok
18:33:41.0667 5396 HP Support Assistant Service (170233b8d743efe35f462a5d516b93e3) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
18:33:41.0683 5396 HP Support Assistant Service - ok
18:33:41.0745 5396 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
18:33:41.0777 5396 HPDrvMntSvc.exe - ok
18:33:41.0823 5396 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
18:33:41.0870 5396 HpqKbFiltr - ok
18:33:41.0979 5396 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
18:33:42.0026 5396 hpqwmiex - ok
18:33:42.0073 5396 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
18:33:42.0104 5396 HpSAMD - ok
18:33:42.0213 5396 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
18:33:42.0291 5396 HTTP - ok
18:33:42.0323 5396 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
18:33:42.0323 5396 hwpolicy - ok
18:33:42.0369 5396 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
18:33:42.0385 5396 i8042prt - ok
18:33:42.0432 5396 iaStor (be7d72fcf442c26975942007e0831241) C:\Windows\system32\DRIVERS\iaStor.sys
18:33:42.0447 5396 iaStor - ok
18:33:42.0510 5396 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
18:33:42.0541 5396 iaStorV - ok
18:33:42.0650 5396 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:33:42.0697 5396 idsvc - ok
18:33:43.0134 5396 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
18:33:43.0274 5396 igfx - ok
18:33:43.0383 5396 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:33:43.0399 5396 iirsp - ok
18:33:43.0493 5396 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
18:33:43.0586 5396 IKEEXT - ok
18:33:43.0805 5396 IntcAzAudAddService (181e4ff75674a7105ecd0a02c35ef43a) C:\Windows\system32\drivers\RTKVHD64.sys
18:33:43.0883 5396 IntcAzAudAddService - ok
18:33:43.0992 5396 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
18:33:44.0007 5396 intelide - ok
18:33:44.0070 5396 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:33:44.0101 5396 intelppm - ok
18:33:44.0132 5396 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:33:44.0210 5396 IPBusEnum - ok
18:33:44.0257 5396 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:33:44.0319 5396 IpFilterDriver - ok
18:33:44.0397 5396 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
18:33:44.0491 5396 iphlpsvc - ok
18:33:44.0507 5396 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
18:33:44.0538 5396 IPMIDRV - ok
18:33:44.0553 5396 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:33:44.0616 5396 IPNAT - ok
18:33:44.0647 5396 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:33:44.0663 5396 IRENUM - ok
18:33:44.0694 5396 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
18:33:44.0709 5396 isapnp - ok
18:33:44.0741 5396 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
18:33:44.0787 5396 iScsiPrt - ok
18:33:44.0803 5396 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:33:44.0819 5396 kbdclass - ok
18:33:44.0865 5396 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
18:33:44.0912 5396 kbdhid - ok
18:33:44.0943 5396 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:33:44.0959 5396 KeyIso - ok
18:33:44.0975 5396 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
18:33:45.0006 5396 KSecDD - ok
18:33:45.0037 5396 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
18:33:45.0053 5396 KSecPkg - ok
18:33:45.0068 5396 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:33:45.0146 5396 ksthunk - ok
18:33:45.0193 5396 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:33:45.0271 5396 KtmRm - ok
18:33:45.0318 5396 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
18:33:45.0396 5396 LanmanServer - ok
18:33:45.0427 5396 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
18:33:45.0489 5396 LanmanWorkstation - ok
18:33:45.0583 5396 LightScribeService (0ee66bdf485c6828aa65c0ef5d591133) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
18:33:45.0599 5396 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
18:33:45.0599 5396 LightScribeService - detected UnsignedFile.Multi.Generic (1)
18:33:45.0630 5396 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:33:45.0692 5396 lltdio - ok
18:33:45.0739 5396 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:33:45.0801 5396 lltdsvc - ok
18:33:45.0848 5396 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:33:45.0879 5396 lmhosts - ok
18:33:45.0973 5396 LMS (7485fbcef9136f530953575e2977859d) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:33:46.0004 5396 LMS - ok
18:33:46.0067 5396 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:33:46.0098 5396 LSI_FC - ok
18:33:46.0129 5396 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:33:46.0160 5396 LSI_SAS - ok
18:33:46.0191 5396 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:33:46.0223 5396 LSI_SAS2 - ok
18:33:46.0285 5396 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:33:46.0316 5396 LSI_SCSI - ok
18:33:46.0363 5396 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:33:46.0441 5396 luafv - ok
18:33:46.0472 5396 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
18:33:46.0519 5396 Mcx2Svc - ok
18:33:46.0550 5396 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:33:46.0566 5396 megasas - ok
18:33:46.0597 5396 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:33:46.0628 5396 MegaSR - ok
18:33:46.0675 5396 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:33:46.0753 5396 MMCSS - ok
18:33:46.0784 5396 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:33:46.0847 5396 Modem - ok
18:33:46.0878 5396 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:33:46.0925 5396 monitor - ok
18:33:46.0971 5396 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:33:47.0003 5396 mouclass - ok
18:33:47.0049 5396 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:33:47.0081 5396 mouhid - ok
18:33:47.0112 5396 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
18:33:47.0127 5396 mountmgr - ok
18:33:47.0190 5396 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
18:33:47.0237 5396 MpFilter - ok
18:33:47.0268 5396 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
18:33:47.0283 5396 mpio - ok
18:33:47.0299 5396 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:33:47.0346 5396 mpsdrv - ok
18:33:47.0424 5396 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
18:33:47.0517 5396 MpsSvc - ok
18:33:47.0533 5396 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
18:33:47.0580 5396 MRxDAV - ok
18:33:47.0611 5396 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:33:47.0642 5396 mrxsmb - ok
18:33:47.0689 5396 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:33:47.0705 5396 mrxsmb10 - ok
18:33:47.0736 5396 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:33:47.0767 5396 mrxsmb20 - ok
18:33:47.0798 5396 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
18:33:47.0814 5396 msahci - ok
18:33:47.0845 5396 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
18:33:47.0861 5396 msdsm - ok
18:33:47.0892 5396 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:33:47.0939 5396 MSDTC - ok
18:33:47.0970 5396 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:33:48.0017 5396 Msfs - ok
18:33:48.0048 5396 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:33:48.0095 5396 mshidkmdf - ok
18:33:48.0126 5396 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
18:33:48.0126 5396 msisadrv - ok
18:33:48.0173 5396 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:33:48.0266 5396 MSiSCSI - ok
18:33:48.0266 5396 msiserver - ok
18:33:48.0297 5396 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:33:48.0344 5396 MSKSSRV - ok
18:33:48.0469 5396 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
18:33:48.0500 5396 MsMpSvc - ok
18:33:48.0516 5396 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:33:48.0578 5396 MSPCLOCK - ok
18:33:48.0594 5396 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:33:48.0656 5396 MSPQM - ok
18:33:48.0672 5396 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
18:33:48.0687 5396 MsRPC - ok
18:33:48.0719 5396 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
18:33:48.0734 5396 mssmbios - ok
18:33:48.0734 5396 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:33:48.0797 5396 MSTEE - ok
18:33:48.0828 5396 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:33:48.0859 5396 MTConfig - ok
18:33:48.0875 5396 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:33:48.0875 5396 Mup - ok
18:33:48.0937 5396 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
18:33:49.0031 5396 napagent - ok
18:33:49.0093 5396 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:33:49.0155 5396 NativeWifiP - ok
18:33:49.0249 5396 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
18:33:49.0296 5396 NDIS - ok
18:33:49.0343 5396 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:33:49.0405 5396 NdisCap - ok
18:33:49.0421 5396 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:33:49.0467 5396 NdisTapi - ok
18:33:49.0467 5396 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
18:33:49.0530 5396 Ndisuio - ok
18:33:49.0545 5396 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:33:49.0577 5396 NdisWan - ok
18:33:49.0592 5396 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
18:33:49.0655 5396 NDProxy - ok
18:33:49.0670 5396 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:33:49.0717 5396 NetBIOS - ok
18:33:49.0748 5396 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
18:33:49.0795 5396 NetBT - ok
18:33:49.0826 5396 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:33:49.0842 5396 Netlogon - ok
18:33:49.0904 5396 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:33:49.0998 5396 Netman - ok
18:33:50.0029 5396 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:33:50.0138 5396 netprofm - ok
18:33:50.0201 5396 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:33:50.0232 5396 NetTcpPortSharing - ok
18:33:50.0637 5396 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
18:33:50.0778 5396 netw5v64 - ok
18:33:50.0903 5396 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:33:50.0918 5396 nfrd960 - ok
18:33:50.0981 5396 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:33:51.0012 5396 NisDrv - ok
18:33:51.0137 5396 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
18:33:51.0183 5396 NisSrv - ok
18:33:51.0246 5396 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
18:33:51.0308 5396 NlaSvc - ok
18:33:51.0339 5396 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:33:51.0386 5396 Npfs - ok
18:33:51.0417 5396 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:33:51.0480 5396 nsi - ok
18:33:51.0480 5396 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:33:51.0527 5396 nsiproxy - ok
18:33:51.0667 5396 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
18:33:51.0745 5396 Ntfs - ok
18:33:51.0839 5396 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:33:51.0932 5396 Null - ok
18:33:51.0979 5396 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
18:33:51.0979 5396 nvraid - ok
18:33:52.0026 5396 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
18:33:52.0057 5396 nvstor - ok
18:33:52.0088 5396 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
18:33:52.0119 5396 nv_agp - ok
18:33:52.0275 5396 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:33:52.0307 5396 odserv - ok
18:33:52.0338 5396 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
18:33:52.0369 5396 ohci1394 - ok
18:33:52.0416 5396 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:33:52.0431 5396 ose - ok
18:33:52.0478 5396 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:33:52.0556 5396 p2pimsvc - ok
18:33:52.0603 5396 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:33:52.0634 5396 p2psvc - ok
18:33:52.0665 5396 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:33:52.0697 5396 Parport - ok
18:33:52.0743 5396 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
18:33:52.0759 5396 partmgr - ok
18:33:52.0775 5396 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:33:52.0821 5396 PcaSvc - ok
18:33:52.0853 5396 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
18:33:52.0868 5396 pci - ok
18:33:52.0868 5396 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
18:33:52.0884 5396 pciide - ok
18:33:52.0915 5396 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:33:52.0946 5396 pcmcia - ok
18:33:52.0977 5396 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:33:52.0993 5396 pcw - ok
18:33:53.0040 5396 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:33:53.0133 5396 PEAUTH - ok
18:33:53.0227 5396 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:33:53.0274 5396 PerfHost - ok
18:33:53.0461 5396 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
18:33:53.0570 5396 pla - ok
18:33:53.0633 5396 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
18:33:53.0711 5396 PlugPlay - ok
18:33:53.0726 5396 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:33:53.0757 5396 PNRPAutoReg - ok
18:33:53.0804 5396 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:33:53.0835 5396 PNRPsvc - ok
18:33:53.0898 5396 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
18:33:53.0991 5396 PolicyAgent - ok
18:33:54.0038 5396 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:33:54.0101 5396 Power - ok
18:33:54.0179 5396 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
18:33:54.0272 5396 PptpMiniport - ok
18:33:54.0303 5396 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:33:54.0319 5396 Processor - ok
18:33:54.0366 5396 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
18:33:54.0444 5396 ProfSvc - ok
18:33:54.0491 5396 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:33:54.0491 5396 ProtectedStorage - ok
18:33:54.0537 5396 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
18:33:54.0615 5396 Psched - ok
18:33:54.0756 5396 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:33:54.0818 5396 ql2300 - ok
18:33:54.0927 5396 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:33:54.0959 5396 ql40xx - ok
18:33:54.0990 5396 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:33:55.0037 5396 QWAVE - ok
18:33:55.0052 5396 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:33:55.0083 5396 QWAVEdrv - ok
18:33:55.0099 5396 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:33:55.0130 5396 RasAcd - ok
18:33:55.0177 5396 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:33:55.0271 5396 RasAgileVpn - ok
18:33:55.0317 5396 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:33:55.0395 5396 RasAuto - ok
18:33:55.0442 5396 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:33:55.0551 5396 Rasl2tp - ok
18:33:55.0598 5396 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
18:33:55.0692 5396 RasMan - ok
18:33:55.0692 5396 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:33:55.0739 5396 RasPppoe - ok
18:33:55.0754 5396 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:33:55.0801 5396 RasSstp - ok
18:33:55.0832 5396 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
18:33:55.0941 5396 rdbss - ok
18:33:55.0973 5396 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:33:55.0988 5396 rdpbus - ok
18:33:56.0019 5396 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:33:56.0066 5396 RDPCDD - ok
18:33:56.0082 5396 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:33:56.0129 5396 RDPENCDD - ok
18:33:56.0160 5396 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:33:56.0207 5396 RDPREFMP - ok
18:33:56.0238 5396 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
18:33:56.0300 5396 RDPWD - ok
18:33:56.0316 5396 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
18:33:56.0347 5396 rdyboost - ok
18:33:56.0378 5396 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:33:56.0456 5396 RemoteAccess - ok
18:33:56.0487 5396 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:33:56.0550 5396 RemoteRegistry - ok
18:33:56.0659 5396 RichVideo (498eb62a160674e793fa40fd65390625) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
18:33:56.0675 5396 RichVideo - ok
18:33:56.0706 5396 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:33:56.0753 5396 RpcEptMapper - ok
18:33:56.0768 5396 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:33:56.0799 5396 RpcLocator - ok
18:33:56.0862 5396 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
18:33:56.0909 5396 RpcSs - ok
18:33:56.0955 5396 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:33:57.0002 5396 rspndr - ok
18:33:57.0080 5396 RSUSBSTOR (483df0b58ca532e5240e59dc41f30aa2) C:\Windows\system32\Drivers\RtsUStor.sys
18:33:57.0127 5396 RSUSBSTOR - ok
18:33:57.0205 5396 RTL8167 (fe61b0b4aa58c3bd3dfa6279131f7f53) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:33:57.0252 5396 RTL8167 - ok
18:33:57.0267 5396 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:33:57.0283 5396 SamSs - ok
18:33:57.0314 5396 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
18:33:57.0345 5396 sbp2port - ok
18:33:57.0361 5396 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:33:57.0455 5396 SCardSvr - ok
18:33:57.0470 5396 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
18:33:57.0548 5396 scfilter - ok
18:33:57.0673 5396 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
18:33:57.0767 5396 Schedule - ok
18:33:57.0798 5396 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
18:33:57.0845 5396 SCPolicySvc - ok
18:33:57.0891 5396 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
18:33:57.0938 5396 sdbus - ok
18:33:57.0969 5396 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
18:33:58.0047 5396 SDRSVC - ok
18:33:58.0079 5396 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:33:58.0172 5396 secdrv - ok
18:33:58.0188 5396 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
18:33:58.0235 5396 seclogon - ok
18:33:58.0281 5396 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
18:33:58.0375 5396 SENS - ok
18:33:58.0422 5396 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:33:58.0469 5396 SensrSvc - ok
18:33:58.0515 5396 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:33:58.0547 5396 Serenum - ok
18:33:58.0578 5396 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:33:58.0593 5396 Serial - ok
18:33:58.0609 5396 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:33:58.0640 5396 sermouse - ok
18:33:58.0671 5396 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
18:33:58.0749 5396 SessionEnv - ok
18:33:58.0843 5396 sesvc (4c99e251d89c95dcaaa26f9243747c99) C:\Program Files (x86)\ShadowExplorer\sesvc.exe
18:33:58.0859 5396 sesvc ( UnsignedFile.Multi.Generic ) - warning
18:33:58.0859 5396 sesvc - detected UnsignedFile.Multi.Generic (1)
18:33:58.0890 5396 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
18:33:58.0937 5396 sffdisk - ok
18:33:58.0952 5396 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
18:33:58.0999 5396 sffp_mmc - ok
18:33:59.0015 5396 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
18:33:59.0030 5396 sffp_sd - ok
18:33:59.0093 5396 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:33:59.0124 5396 sfloppy - ok
18:33:59.0186 5396 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:33:59.0264 5396 SharedAccess - ok
18:33:59.0311 5396 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
18:33:59.0373 5396 ShellHWDetection - ok
18:33:59.0420 5396 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:33:59.0436 5396 SiSRaid2 - ok
18:33:59.0451 5396 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:33:59.0467 5396 SiSRaid4 - ok
18:33:59.0561 5396 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
18:33:59.0592 5396 SkypeUpdate - ok
18:33:59.0623 5396 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:33:59.0701 5396 Smb - ok
18:33:59.0732 5396 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:33:59.0763 5396 SNMPTRAP - ok
18:33:59.0779 5396 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:33:59.0795 5396 spldr - ok
18:33:59.0857 5396 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
18:33:59.0919 5396 Spooler - ok
18:34:00.0200 5396 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
18:34:00.0309 5396 sppsvc - ok
18:34:00.0403 5396 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:34:00.0497 5396 sppuinotify - ok
18:34:00.0575 5396 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
18:34:00.0653 5396 srv - ok
18:34:00.0699 5396 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
18:34:00.0746 5396 srv2 - ok
18:34:00.0824 5396 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
18:34:00.0840 5396 SrvHsfHDA - ok
18:34:00.0965 5396 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
18:34:01.0027 5396 SrvHsfV92 - ok
18:34:01.0183 5396 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
18:34:01.0230 5396 SrvHsfWinac - ok
18:34:01.0261 5396 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
18:34:01.0308 5396 srvnet - ok
18:34:01.0355 5396 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:34:01.0448 5396 SSDPSRV - ok
18:34:01.0464 5396 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:34:01.0511 5396 SstpSvc - ok
18:34:01.0542 5396 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:34:01.0542 5396 stexstor - ok
18:34:01.0604 5396 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
18:34:01.0635 5396 stisvc - ok
18:34:01.0651 5396 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
18:34:01.0667 5396 swenum - ok
18:34:01.0745 5396 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:34:01.0838 5396 swprv - ok
18:34:01.0916 5396 SynTP (f95f19757f19962b90576af0919375c4) C:\Windows\system32\DRIVERS\SynTP.sys
18:34:01.0947 5396 SynTP - ok
18:34:02.0103 5396 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
18:34:02.0181 5396 SysMain - ok
18:34:02.0275 5396 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
18:34:02.0337 5396 TabletInputService - ok
18:34:02.0369 5396 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
18:34:02.0431 5396 TapiSrv - ok
18:34:02.0462 5396 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:34:02.0493 5396 TBS - ok
18:34:02.0665 5396 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
18:34:02.0774 5396 Tcpip - ok
18:34:03.0008 5396 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
18:34:03.0055 5396 TCPIP6 - ok
18:34:03.0117 5396 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
18:34:03.0180 5396 tcpipreg - ok
18:34:03.0195 5396 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:34:03.0242 5396 TDPIPE - ok
18:34:03.0273 5396 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
18:34:03.0320 5396 TDTCP - ok
18:34:03.0351 5396 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
18:34:03.0429 5396 tdx - ok
18:34:03.0445 5396 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
18:34:03.0461 5396 TermDD - ok
18:34:03.0539 5396 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
18:34:03.0617 5396 TermService - ok
18:34:03.0632 5396 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:34:03.0679 5396 Themes - ok
18:34:03.0710 5396 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:34:03.0757 5396 THREADORDER - ok
18:34:03.0788 5396 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:34:03.0851 5396 TrkWks - ok
18:34:03.0913 5396 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
18:34:03.0960 5396 TrustedInstaller - ok
18:34:03.0991 5396 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:34:04.0069 5396 tssecsrv - ok
18:34:04.0100 5396 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
18:34:04.0178 5396 tunnel - ok
18:34:04.0209 5396 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:34:04.0209 5396 uagp35 - ok
18:34:04.0256 5396 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
18:34:04.0303 5396 udfs - ok
18:34:04.0319 5396 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:34:04.0350 5396 UI0Detect - ok
18:34:04.0381 5396 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
18:34:04.0397 5396 uliagpkx - ok
18:34:04.0443 5396 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
18:34:04.0475 5396 umbus - ok
18:34:04.0521 5396 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:34:04.0553 5396 UmPass - ok
18:34:04.0818 5396 UNS (765f2dd351ba064f657751d8d75e58c0) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
18:34:04.0880 5396 UNS - ok
18:34:04.0974 5396 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:34:05.0036 5396 upnphost - ok
18:34:05.0067 5396 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
18:34:05.0114 5396 usbccgp - ok
18:34:05.0145 5396 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
18:34:05.0208 5396 usbcir - ok
18:34:05.0239 5396 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
18:34:05.0270 5396 usbehci - ok
18:34:05.0317 5396 usbhub (7cc1c95896d60e868aa6dd2dd2f97ead) C:\Windows\system32\DRIVERS\usbhub.sys
18:34:05.0364 5396 usbhub - ok
18:34:05.0395 5396 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
18:34:05.0411 5396 usbohci - ok
18:34:05.0442 5396 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:34:05.0457 5396 usbprint - ok
18:34:05.0473 5396 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:34:05.0504 5396 USBSTOR - ok
18:34:05.0520 5396 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
18:34:05.0535 5396 usbuhci - ok
18:34:05.0582 5396 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
18:34:05.0598 5396 usbvideo - ok
18:34:05.0629 5396 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:34:05.0676 5396 UxSms - ok
18:34:05.0738 5396 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:34:05.0754 5396 VaultSvc - ok
18:34:05.0801 5396 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
18:34:05.0816 5396 vdrvroot - ok
18:34:05.0894 5396 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
18:34:05.0957 5396 vds - ok
18:34:06.0003 5396 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:34:06.0035 5396 vga - ok
18:34:06.0050 5396 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:34:06.0128 5396 VgaSave - ok
18:34:06.0175 5396 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
18:34:06.0237 5396 vhdmp - ok
18:34:06.0284 5396 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
18:34:06.0300 5396 viaide - ok
18:34:06.0331 5396 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
18:34:06.0347 5396 volmgr - ok
18:34:06.0393 5396 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
18:34:06.0425 5396 volmgrx - ok
18:34:06.0456 5396 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
18:34:06.0487 5396 volsnap - ok
18:34:06.0534 5396 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:34:06.0565 5396 vsmraid - ok
18:34:06.0690 5396 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
18:34:06.0768 5396 VSS - ok
18:34:06.0861 5396 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:34:06.0893 5396 vwifibus - ok
18:34:06.0924 5396 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:34:06.0971 5396 vwififlt - ok
18:34:07.0033 5396 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:34:07.0095 5396 W32Time - ok
18:34:07.0127 5396 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:34:07.0158 5396 WacomPen - ok
18:34:07.0173 5396 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
18:34:07.0236 5396 WANARP - ok
18:34:07.0251 5396 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
18:34:07.0298 5396 Wanarpv6 - ok
18:34:07.0423 5396 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
18:34:07.0548 5396 wbengine - ok
18:34:07.0641 5396 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:34:07.0688 5396 WbioSrvc - ok
18:34:07.0735 5396 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll
18:34:07.0766 5396 wcncsvc - ok
18:34:07.0782 5396 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:34:07.0813 5396 WcsPlugInService - ok
18:34:07.0844 5396 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:34:07.0860 5396 Wd - ok
18:34:07.0922 5396 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:34:07.0969 5396 Wdf01000 - ok
18:34:07.0985 5396 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:34:08.0031 5396 WdiServiceHost - ok
18:34:08.0031 5396 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:34:08.0063 5396 WdiSystemHost - ok
18:34:08.0094 5396 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll
18:34:08.0141 5396 WebClient - ok
18:34:08.0187 5396 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:34:08.0265 5396 Wecsvc - ok
18:34:08.0297 5396 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:34:08.0343 5396 wercplsupport - ok
18:34:08.0375 5396 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:34:08.0421 5396 WerSvc - ok
18:34:08.0453 5396 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:34:08.0499 5396 WfpLwf - ok
18:34:08.0499 5396 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:34:08.0515 5396 WIMMount - ok
18:34:08.0546 5396 WinDefend - ok
18:34:08.0562 5396 WinHttpAutoProxySvc - ok
18:34:08.0624 5396 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:34:08.0687 5396 Winmgmt - ok
18:34:08.0858 5396 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
18:34:08.0967 5396 WinRM - ok
18:34:09.0092 5396 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
18:34:09.0123 5396 WinUsb - ok
18:34:09.0217 5396 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:34:09.0311 5396 Wlansvc - ok
18:34:09.0326 5396 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:34:09.0357 5396 WmiAcpi - ok
18:34:09.0435 5396 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:34:09.0482 5396 wmiApSrv - ok
18:34:09.0529 5396 WMPNetworkSvc - ok
18:34:09.0560 5396 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:34:09.0591 5396 WPCSvc - ok
18:34:09.0607 5396 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
18:34:09.0638 5396 WPDBusEnum - ok
18:34:09.0654 5396 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:34:09.0701 5396 ws2ifsl - ok
18:34:09.0716 5396 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
18:34:09.0763 5396 wscsvc - ok
18:34:09.0779 5396 WSearch - ok
18:34:09.0997 5396 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
18:34:10.0075 5396 wuauserv - ok
18:34:10.0153 5396 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
18:34:10.0215 5396 WudfPf - ok
18:34:10.0231 5396 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:34:10.0262 5396 WUDFRd - ok
18:34:10.0278 5396 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
18:34:10.0340 5396 wudfsvc - ok
18:34:10.0371 5396 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:34:10.0434 5396 WwanSvc - ok
18:34:10.0481 5396 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
18:34:10.0527 5396 yukonw7 - ok
18:34:10.0559 5396 MBR (0x1B8) (13e5baefcf4f9bb3e1dda96e3e048676) \Device\Harddisk0\DR0
18:34:10.0886 5396 \Device\Harddisk0\DR0 - ok
18:34:10.0886 5396 Boot (0x1200) (d0fed7d21a3099521c4ff5c6682a4cef) \Device\Harddisk0\DR0\Partition0
18:34:10.0886 5396 \Device\Harddisk0\DR0\Partition0 - ok
18:34:10.0933 5396 Boot (0x1200) (cf9a32b7230680b94ee7d876cc159c7d) \Device\Harddisk0\DR0\Partition1
18:34:10.0933 5396 \Device\Harddisk0\DR0\Partition1 - ok
18:34:10.0949 5396 Boot (0x1200) (90b84ba4f085c92d1c88eca608e40930) \Device\Harddisk0\DR0\Partition2
18:34:10.0964 5396 \Device\Harddisk0\DR0\Partition2 - ok
18:34:10.0964 5396 Boot (0x1200) (905110eb241e63e0e57f91520142ba7f) \Device\Harddisk0\DR0\Partition3
18:34:10.0964 5396 \Device\Harddisk0\DR0\Partition3 - ok
18:34:10.0980 5396 ============================================================
18:34:10.0980 5396 Scan finished
18:34:10.0980 5396 ============================================================
18:34:10.0980 5244 Detected object count: 2
18:34:10.0980 5244 Actual detected object count: 2
18:34:28.0046 5244 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
18:34:28.0046 5244 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:34:28.0046 5244 sesvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:34:28.0046 5244 sesvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
24.06.2012, 17:49
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Entfernung des Ukash Trojaners und Dateiwiederherstellung Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.06.2012, 19:25
| #13 |
| | Entfernung des Ukash Trojaners und Dateiwiederherstellung Hat alles ohne Probleme funktioniert. Hier das Log: Code:
ATTFilter ComboFix 12-06-24.03 - Liz 24.06.2012 19:54:01.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3958.2591 [GMT 2:00]
ausgeführt von:: c:\users\Liz\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Liz\4.0
c:\users\Liz\Favorites\locked-Berufsinformationszentrum BIZ Halberstadt.url.rbzn
c:\users\Liz\Favorites\locked-Berufsprofiling.url.iinz
c:\users\Liz\Favorites\locked-Bildungsserver Sachsen-Anhalt.url.rnsn
c:\users\Liz\Favorites\locked-Das örtliche.url.vagv
c:\users\Liz\Favorites\locked-Evangelisch-Freikirchliche Gemeinde Wernigerode -.url.ckcc
c:\users\Liz\Favorites\locked-Facebook Lisa-Marie Hofmann.url.fkwm
c:\users\Liz\Favorites\locked-Ferienhaus Lychen, OT Kastaven Uckermark Haus Herta Ferienwohnung Unterkunft Urlaub.url.qqqq
c:\users\Liz\Favorites\locked-Ghg -WR.url.yyfc
c:\users\Liz\Favorites\locked-Google.url.ypmy
c:\users\Liz\Favorites\locked-H&M – Mode und Qualität zum besten Preis H&M DE.url.fypy
c:\users\Liz\Favorites\locked-http--www.d-bahn.de-.url.wycf
c:\users\Liz\Favorites\locked-ithemba.url.fddo
c:\users\Liz\Favorites\locked-Jugend für Christus Deutschland.url.fxxx
c:\users\Liz\Favorites\locked-kino-wr.url.vpve
c:\users\Liz\Favorites\locked-Mathe-Paradies.url.uulg
c:\users\Liz\Favorites\locked-Outbreakband.url.bhsz
c:\users\Liz\Favorites\locked-Overhill-Circle.url.tqfj
c:\users\Liz\Favorites\locked-Portal**Die IKK-Community.url.lrag
c:\users\Liz\Favorites\locked-spieletipps.de.url.zzsr
c:\users\Liz\Favorites\locked-Tierheim Derenburg.url.inlz
c:\users\Liz\Favorites\locked-wikipedia.de - Wikipedia, die freie Enzyklopädie.url.mywy
c:\users\Liz\Favorites\locked-YouTube - game one best of.url.ggpr
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-24 bis 2012-06-24 ))))))))))))))))))))))))))))))
.
.
2012-06-24 16:35 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EAD43476-38F8-46A9-A5A9-D7A53F035C66}\mpengine.dll
2012-06-22 17:56 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-22 17:46 . 2012-06-22 17:46 -------- d-----w- C:\_OTL
2012-06-21 15:08 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 15:08 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 15:08 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 15:08 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 15:07 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 15:07 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 15:07 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 15:07 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 15:07 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 15:39 . 2012-06-20 15:39 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-06-18 16:18 . 2012-06-18 16:18 -------- d-----w- c:\program files (x86)\ESET
2012-06-18 12:48 . 2012-06-18 12:48 -------- d-----w- c:\users\Liz\AppData\Roaming\Malwarebytes
2012-06-18 12:47 . 2012-06-18 12:47 -------- d-----w- c:\programdata\Malwarebytes
2012-06-18 12:47 . 2012-06-18 12:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-18 12:47 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-14 16:06 . 2012-06-14 16:06 -------- d-----w- c:\program files (x86)\7-Zip
2012-06-14 15:40 . 2012-06-14 15:40 -------- d-----w- c:\users\Liz\AppData\Roaming\www.shadowexplorer.com
2012-06-14 15:39 . 2012-06-14 15:39 -------- d-----w- c:\program files (x86)\ShadowExplorer
2012-06-14 07:59 . 2012-04-26 05:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 07:59 . 2012-04-26 05:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 07:59 . 2012-04-26 05:28 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 07:59 . 2012-05-04 10:52 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-14 07:59 . 2012-05-04 10:08 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-14 07:59 . 2012-05-04 10:08 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-14 07:59 . 2012-05-15 01:32 3144192 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 07:59 . 2012-04-28 03:50 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-12 18:23 . 2012-02-10 11:22 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4CFAB2F8-9ACE-4AFF-BDCC-D8EC0752722D}\gapaengine.dll
2012-05-29 14:58 . 2012-05-29 14:58 -------- d-----w- c:\users\Liz\AppData\Local\Sony
2012-05-29 14:34 . 2012-03-22 11:43 2557952 ----a-w- c:\windows\SysWow64\QtCore4.dll
2012-05-29 14:34 . 2012-03-06 13:43 80024 ----a-w- c:\windows\SysWow64\mfcm100u.dll
2012-05-29 14:34 . 2012-03-06 13:43 772248 ----a-w- c:\windows\SysWow64\msvcr100.dll
2012-05-29 14:34 . 2012-03-06 13:43 4421272 ----a-w- c:\windows\SysWow64\mfc100u.dll
2012-05-29 14:34 . 2012-03-06 13:43 419480 ----a-w- c:\windows\SysWow64\msvcp100.dll
2012-05-29 14:34 . 2012-03-06 13:43 136344 ----a-w- c:\windows\SysWow64\atl100.dll
2012-05-29 14:31 . 2012-05-29 14:31 -------- d-----w- c:\users\Liz\AppData\Local\APN
2012-05-29 14:31 . 2012-05-29 14:31 -------- d-----w- c:\programdata\Sony
2012-05-29 14:31 . 2012-05-29 14:31 -------- d-----w- c:\program files (x86)\Sony
2012-05-29 14:27 . 2012-06-07 13:15 -------- d-----w- c:\users\Liz\AppData\Roaming\Sony
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-30 11:09 . 2012-05-09 12:13 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-10-16 2363392]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-10 39408]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-24 98304]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"B Register c:\program files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll"="c:\windows\system32\rundll32.exe" [2009-07-14 44544]
.
c:\users\Liz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-10 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-10 136176]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 225280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 sesvc;ShadowExplorer Service;c:\program files (x86)\ShadowExplorer\sesvc.exe [2011-01-02 9216]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-10-16 11:49 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-10 13:20]
.
2012-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-10 13:20]
.
2012-05-29 c:\windows\Tasks\HPCeeScheduleForLIZ-PC$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 03:22]
.
2012-03-26 c:\windows\Tasks\Norton Security Scan for Liz.job
- c:\progra~2\NORTON~2\Engine\351~1.10\Nss.exe [2012-03-26 08:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2009-12-22 5977600]
"RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2009-10-13 995840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-24 172032]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.ghgwr.de/
uLocal Page = c:\windows\system32\blank.htm
mStart Page =
mLocal Page =
uInternet Settings,ProxyOverride = <local>
IE: Free YouTube Download - c:\users\Liz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Liz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Web-Suche - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-ICQ - ~c:\program files (x86)\ICQ7.2\ICQ.exe
Wow6432Node-HKLM-Run-Easybits Recovery - c:\program files (x86)\EasyBits For Kids\ezRecover.exe
WebBrowser-{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - (no file)
WebBrowser-{C424171E-592A-415A-9EB1-DFD6D95D3530} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-1&1 Mail & Media GmbH 1und1Softwareaktualisierung - c:\program files (x86)\1und1Softwareaktualisierung\uninst.exe
AddRemove-Audio Recorder for Free_is1 - c:\program files (x86)\Audio Recorder for Free\unins000.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-Fraps - c:\fraps\uninstall.exe
AddRemove-Free Screen To Video_is1 - c:\program files (x86)\Free Screen To Video\unins000.exe
AddRemove-Keepsake - c:\program files (x86)\Wicked Studios\Keepsake\uninstall.exe
AddRemove-MixPad - c:\program files (x86)\NCH Software\MixPad\uninst.exe
AddRemove-Softonic - c:\program files (x86)\Softonic\Softonic\1.5.21.0\uninstall.exe
AddRemove-WildTangent hp Master Uninstall - c:\program files (x86)\HP Games\Uninstall.exe
AddRemove-WildTangentGameProvider-hp-genres - c:\program files (x86)\HP Games\Game Explorer Categories - genres\Uninstall.exe
AddRemove-WildTangentGameProvider-hp-main - c:\program files (x86)\HP Games\Game Explorer Categories - main\Uninstall.exe
AddRemove-WT065226 - c:\program files (x86)\HP Games\Blasterball 3\Uninstall.exe
AddRemove-WT065277 - c:\program files (x86)\HP Games\Jewel Quest Solitaire 2\Uninstall.exe
AddRemove-WT065290 - c:\program files (x86)\HP Games\Mah Jong Medley\Uninstall.exe
AddRemove-WT065295 - c:\program files (x86)\HP Games\Polar Bowler\Uninstall.exe
AddRemove-WT065296 - c:\program files (x86)\HP Games\Polar Golfer\Uninstall.exe
AddRemove-WT065297 - c:\program files (x86)\HP Games\Super Collapse 3\Uninstall.exe
AddRemove-WT065305 - c:\program files (x86)\HP Games\Virtual Villagers - The Secret City\Uninstall.exe
AddRemove-WT065307 - c:\program files (x86)\HP Games\World of Goo\Uninstall.exe
AddRemove-WT065308 - c:\program files (x86)\HP Games\Dora's Carnival Adventure\Uninstall.exe
AddRemove-WT065414 - c:\program files (x86)\HP Games\Bejeweled 2 Deluxe\Uninstall.exe
AddRemove-WT065426 - c:\program files (x86)\HP Games\Chuzzle Deluxe\Uninstall.exe
AddRemove-WT065446 - c:\program files (x86)\HP Games\Peggle\Uninstall.exe
AddRemove-WT065454 - c:\program files (x86)\HP Games\Slingo Deluxe\Uninstall.exe
AddRemove-WT065459 - c:\program files (x86)\HP Games\Zuma Deluxe\Uninstall.exe
AddRemove-WT074389 - c:\program files (x86)\HP Games\Diner Dash\Uninstall.exe
AddRemove-WT074421 - c:\program files (x86)\HP Games\FATE\Uninstall.exe
AddRemove-WT074441 - c:\program files (x86)\HP Games\THE GAME OF LIFE\Uninstall.exe
AddRemove-WT074442 - c:\program files (x86)\HP Games\Virtual Families\Uninstall.exe
AddRemove-WT074585 - c:\program files (x86)\HP Games\Yahtzee\Uninstall.exe
AddRemove-WT075041 - c:\program files (x86)\HP Games\Farm Frenzy\Uninstall.exe
AddRemove-WT075046 - c:\program files (x86)\HP Games\StoneLoops of Jurassica\Uninstall.exe
AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files (x86)\Ask.com\Updater\Updater.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-24 20:17:25 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-06-24 18:17
.
Vor Suchlauf: 12 Verzeichnis(se), 95.548.841.984 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 95.728.467.968 Bytes frei
.
- - End Of File - - C91963C4F4C9BFAAAE55C3F91768FD51
|
|
25.06.2012, 09:58
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Entfernung des Ukash Trojaners und Dateiwiederherstellung Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.06.2012, 13:21
| #15 |
| | Entfernung des Ukash Trojaners und Dateiwiederherstellung Hat alles problemlos geklappt. Gmer meinte aber erst gar nichts gefährdetes/infizoertes ect. gefunden zu haben. Also habe ich hier bei "Show all" einfach mal rauskopiert was er angezeigt hat. Gmer: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-25 13:33:26
Windows 6.1.7600
Running: 4hee7lwb.exe
---- Services - GMER 1.0.15 ----
Service .NET CLR Data
Service .NET CLR Networking
Service .NET Data Provider for Oracle
Service .NET Data Provider for SqlServer
Service .NETFramework
Service system32\DRIVERS\1394ohci.sys (1394 OpenHCI Driver/Microsoft Corporation) [MANUAL] 1394ohci
Service system32\DRIVERS\ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation) [BOOT] ACPI
Service system32\DRIVERS\acpipmi.sys (ACPI Power Metering Driver/Microsoft Corporation) [MANUAL] AcpiPmi
Service C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Acrobat Update Service/Adobe Systems Incorporated) [AUTO] AdobeARMservice
Service system32\DRIVERS\adp94xx.sys (Adaptec Windows SAS/SATA Storport Driver/Adaptec, Inc.) [BOOT] adp94xx
Service system32\DRIVERS\adpahci.sys (Adaptec Windows SATA Storport Driver/Adaptec, Inc.) [BOOT] adpahci
Service system32\DRIVERS\adpu320.sys (Adaptec StorPort Ultra320 SCSI Driver (X64)/Adaptec, Inc.) [BOOT] adpu320
Service adsi
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] AeLookupSvc
Service C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea filters APO access service (64-bit)/Andrea Electronics Corporation) [AUTO] AERTFilters
Service system32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) [SYSTEM] AFD
Service system32\DRIVERS\agrsm64.sys (SoftModem Device Driver/LSI Corp) [MANUAL] AgereSoftModem
Service system32\DRIVERS\agp440.sys (440 NT AGP-Filter/Microsoft Corporation) [MANUAL] agp440
Service C:\Windows\System32\alg.exe (Gatewaydienst auf Anwendungsebene/Microsoft Corporation) [MANUAL] ALG
Service system32\DRIVERS\aliide.sys (ALi mini IDE Driver/Acer Laboratories Inc.) [BOOT] aliide
Service C:\Windows\system32\atiesrxx.exe (AMD External Events Service Module/AMD) [AUTO] AMD External Events Utility
Service system32\DRIVERS\amdide.sys (AMD-IDE-Treiber/Microsoft Corporation) [BOOT] amdide
Service system32\DRIVERS\amdk8.sys (Processor Device Driver/Microsoft Corporation) [MANUAL] AmdK8
Service system32\DRIVERS\amdppm.sys (Processor Device Driver/Microsoft Corporation) [MANUAL] AmdPPM
Service system32\DRIVERS\amdsata.sys (AHCI 1.2 Device Driver/Advanced Micro Devices) [BOOT] amdsata
Service system32\DRIVERS\amdsbs.sys (AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform/AMD Technologies Inc.) [BOOT] amdsbs
Service system32\DRIVERS\amdxata.sys (Storage Filter Driver/Advanced Micro Devices) [BOOT] amdxata
Service system32\drivers\appid.sys (AppID Driver/Microsoft Corporation) [MANUAL] AppID
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] AppIDSvc
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] Appinfo
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) AppMgmt
Service system32\DRIVERS\arc.sys (Adaptec RAID Storport Driver/Adaptec, Inc.) [BOOT] arc
Service system32\DRIVERS\arcsas.sys (Adaptec SAS RAID WS03 Driver/Adaptec, Inc.) [BOOT] arcsas
Service system32\DRIVERS\asyncmac.sys (MS Remote Access serial network driver/Microsoft Corporation) [MANUAL] AsyncMac
Service system32\DRIVERS\atapi.sys (ATAPI IDE Miniport Driver/Microsoft Corporation) [BOOT] atapi
Service system32\DRIVERS\athrx.sys (Atheros Extensible Wireless LAN device driver/Atheros Communications, Inc.) [MANUAL] athr
Service Atierecord
Service system32\drivers\AtiHdmi.sys (ATI High Definition Audio Function Driver/ATI Technologies, Inc.) [MANUAL] AtiHdmiService
Service system32\DRIVERS\atikmdag.sys (ATI Radeon Kernel Mode Driver/ATI Technologies Inc.) [MANUAL] atikmdag
Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] AudioEndpointBuilder
Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] AudioSrv
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] AxInstSV
Service system32\DRIVERS\bxvbda.sys (Broadcom NetXtreme II GigE VBD/Broadcom Corporation) [MANUAL] b06bdrv
Service system32\DRIVERS\b57nd60a.sys (Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver./Broadcom Corporation) [MANUAL] b57nd60a
Service (Battery Class Driver/Microsoft Corporation) BattC
Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] BDESVC
Service (BEEP Driver/Microsoft Corporation) [SYSTEM] Beep
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] BFE
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] BITS
Service system32\DRIVERS\blbdrive.sys (BLB Drive Driver/Microsoft Corporation) [SYSTEM] blbdrive
Service system32\DRIVERS\bowser.sys (NT Lan Manager Datagram Receiver Driver/Microsoft Corporation) [MANUAL] bowser
Service system32\DRIVERS\BrFiltLo.sys (Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver/Brother Industries, Ltd.) [MANUAL] BrFiltLo
Service system32\DRIVERS\BrFiltUp.sys (Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver/Brother Industries, Ltd.) [MANUAL] BrFiltUp
Service system32\DRIVERS\bridge.sys (MAC Bridge Driver/Microsoft Corporation) [MANUAL] BridgeMP
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] Browser
Service System32\Drivers\Brserid.sys (Brother Schnittstellentreiber (WDM) (seriell)/Brother Industries Ltd.) [MANUAL] Brserid
Service System32\Drivers\BrSerWdm.sys (Brother Serial driver (WDM version)/Brother Industries Ltd.) [MANUAL] BrSerWdm
Service System32\Drivers\BrUsbMdm.sys (Brother USB MDM Driver /Brother Industries Ltd.) [MANUAL] BrUsbMdm
Service System32\Drivers\BrUsbSer.sys (Brother USB Serial Driver/Brother Industries Ltd.) [MANUAL] BrUsbSer
Service system32\DRIVERS\bthmodem.sys (Bluetooth Communications Driver/Microsoft Corporation) [MANUAL] BTHMODEM
Service BTHPORT
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] bthserv
Service C:\ComboFix\catchme.sys [MANUAL] catchme
Service system32\DRIVERS\cdfs.sys (CD-ROM File System Driver/Microsoft Corporation) [DISABLED] cdfs
Service system32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) [SYSTEM] cdrom
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] CertPropSvc
Service system32\DRIVERS\circlass.sys (Consumer IR Class Driver for eHome/Microsoft Corporation) [MANUAL] circlass
Service System32\CLFS.sys (Common Log File System Driver/Microsoft Corporation) [BOOT] CLFS
Service C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation) [MANUAL] clr_optimization_v2.0.50727_32
Service C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation) [MANUAL] clr_optimization_v2.0.50727_64
Service system32\DRIVERS\CmBatt.sys (Control Method Battery Driver/Microsoft Corporation) [MANUAL] CmBatt
Service system32\DRIVERS\cmdide.sys (CMD PCI IDE Bus Driver/CMD Technology, Inc.) [BOOT] cmdide
Service System32\Drivers\cng.sys (Kernel Cryptography, Next Generation/Microsoft Corporation) [BOOT] CNG
Service C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Com for QLB application/Hewlett-Packard Development Company, L.P.) [MANUAL] Com4QLBEx
Service system32\DRIVERS\compbatt.sys (Composite Battery Driver/Microsoft Corporation) [BOOT] Compbatt
Service system32\DRIVERS\CompositeBus.sys (Multi-Transport Composite Bus Enumerator/Microsoft Corporation) [MANUAL] CompositeBus
Service C:\Windows\system32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] COMSysApp
Service system32\DRIVERS\crcdisk.sys (Disk Block Verification Filter Driver/Microsoft Corporation) [DISABLED] crcdisk
Service crypt32
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] CryptSvc
Service DCLocator
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] DcomLaunch
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] defragsvc
Service System32\Drivers\dfsc.sys (DFS Namespace Client Driver/Microsoft Corporation) [SYSTEM] DfsC
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] Dhcp
Service System32\drivers\discache.sys (System Indexer/Cache Driver/Microsoft Corporation) [SYSTEM] discache
Service system32\DRIVERS\disk.sys (PnP Disk Driver/Microsoft Corporation) [BOOT] Disk
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] Dnscache
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] dot3svc
Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] DPS
Service system32\drivers\drmkaud.sys (Microsoft Trusted Audio Drivers/Microsoft Corporation) [MANUAL] drmkaud
Service System32\drivers\dxgkrnl.sys (DirectX Graphics Kernel/Microsoft Corporation) [MANUAL] DXGKrnl
Service [DISABLED] eabfiltr
Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] EapHost
Service system32\DRIVERS\evbda.sys (Broadcom NetXtreme II 10 GigE VBD/Broadcom Corporation) [MANUAL] ebdrv
Service C:\Windows\System32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] EFS
Service C:\Windows\ehome\ehRecvr.exe (Windows Media Center-Empfängerdienst/Microsoft Corporation) [MANUAL] ehRecvr
Service C:\Windows\ehome\ehsched.exe (Windows Media Center-Planerdienst/Microsoft Corporation) [MANUAL] ehSched
Service system32\DRIVERS\elxstor.sys (Storport Miniport Driver for LightPulse HBAs/Emulex) [BOOT] elxstor
Service system32\DRIVERS\errdev.sys (Error Device Driver/Microsoft Corporation) [MANUAL] ErrDev
Service ESENT
Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] eventlog
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] EventSystem
Service (Microsoft Extended FAT File System/Microsoft Corporation) [MANUAL] exfat
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] ezSharedSvc
Service (Fast FAT File System Driver/Microsoft Corporation) [MANUAL] fastfat
Service C:\Windows\system32\fxssvc.exe (Fax Service/Microsoft Corporation) [MANUAL] Fax
Service system32\DRIVERS\fdc.sys (Floppy Disk Controller Driver/Microsoft Corporation) [MANUAL] fdc
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] fdPHost
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] FDResPub
Service system32\drivers\fileinfo.sys (FileInfo Filter Driver/Microsoft Corporation) [BOOT] FileInfo
Service system32\drivers\filetrace.sys (File Trace Filter Driver/Microsoft Corporation) [MANUAL] Filetrace
Service system32\DRIVERS\flpydisk.sys (Floppy Driver/Microsoft Corporation) [MANUAL] flpydisk
Service system32\drivers\fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation) [BOOT] FltMgr
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] FontCache
Service C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (PresentationFontCache.exe/Microsoft Corporation) [MANUAL] FontCache3.0.0.0
Service System32\drivers\FsDepends.sys (File System Dependency Manager Mini Filter Driver/Microsoft Corporation) [MANUAL] FsDepends
Service (File System Recognizer Driver/Microsoft Corporation) [BOOT] Fs_Rec
Service System32\DRIVERS\fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) [BOOT] fvevol
Service system32\DRIVERS\gagp30kx.sys (MS Generischer AGPv3.0 Filter für K8/9-Prozessorplattformen/Microsoft Corporation) [MANUAL] gagp30kx
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] gpsvc
Service C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Installer/Google Inc.) [AUTO] gupdate
Service C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Installer/Google Inc.) [MANUAL] gupdatem
Service C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe (gusvc/Google) [MANUAL] gusvc
Service system32\drivers\hcw85cir.sys (Hauppauge WinTV 885 Consumer IR Driver for eHome/Hauppauge Computer Works, Inc.) [MANUAL] hcw85cir
Service system32\drivers\HdAudio.sys (High Definition Audio Function Driver/Microsoft Corporation) [MANUAL] HdAudAddService
Service system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver/Microsoft Corporation) [MANUAL] HDAudBus
Service system32\DRIVERS\HECIx64.sys (Intel(R) Management Engine Interface/Intel Corporation) [MANUAL] HECIx64
Service system32\DRIVERS\HidBatt.sys (Hid Battery Driver/Microsoft Corporation) [MANUAL] HidBatt
Service system32\DRIVERS\hidbth.sys (Bluetooth-Miniporttreiber für HID-Geräte/Microsoft Corporation) [MANUAL] HidBth
Service system32\DRIVERS\hidir.sys (Infrared Miniport Driver for Input Devices/Microsoft Corporation) [MANUAL] HidIr
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] hidserv
Service system32\DRIVERS\hidusb.sys (USB Miniport Driver for Input Devices/Microsoft Corporation) [MANUAL] HidUsb
Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] hkmsvc
Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] HomeGroupListener
Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] HomeGroupProvider
Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (HP Support Assistant Service/Hewlett-Packard Company) [AUTO] HP Support Assistant Service
Service C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (HP Quick Synchronization Service/Hewlett-Packard Company) [AUTO] HPDrvMntSvc.exe
Service system32\DRIVERS\HpqKbFiltr.sys (HpqKbFiltr Keyboard Filter Driver/Hewlett-Packard Development Company, L.P.) [MANUAL] HpqKbFiltr
Service C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (hpqwmiex Module/Hewlett-Packard Company) [MANUAL] hpqwmiex
Service system32\DRIVERS\HpSAMD.sys (Smart Array SAS/SATA Controller Media Driver/Hewlett-Packard Company) [BOOT] HpSAMD
Service system32\drivers\HTTP.sys (HTTP-Protokollstapel/Microsoft Corporation) [MANUAL] HTTP
Service System32\drivers\hwpolicy.sys (Hardware Policy Driver/Microsoft Corporation) [BOOT] hwpolicy
Service system32\DRIVERS\i8042prt.sys (i8042-Anschlusstreiber/Microsoft Corporation) [MANUAL] i8042prt
Service system32\DRIVERS\iaStor.sys (Intel Matrix Storage Manager driver - x64/Intel Corporation) [BOOT] iaStor
Service system32\DRIVERS\iaStorV.sys (Intel Matrix Storage Manager driver - x64/Intel Corporation) [BOOT] iaStorV
Service C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe (Windows CardSpace/Microsoft Corporation) [MANUAL] idsvc
Service system32\DRIVERS\igdkmd64.sys (Intel Graphics Kernel Mode Driver/Intel Corporation) [MANUAL] igfx
Service system32\DRIVERS\iirsp.sys (Intel/ICP Raid Storport Driver/Intel Corp./ICP vortex GmbH) [BOOT] iirsp
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] IKEEXT
Service inetaccs
Service system32\drivers\RTKVHD64.sys (Realtek(r) High Definition Audio Function Driver/Realtek Semiconductor Corp.) [MANUAL] IntcAzAudAddService
Service system32\DRIVERS\intelide.sys (Intel PCI IDE Driver/Microsoft Corporation) [BOOT] intelide
Service system32\DRIVERS\intelppm.sys (Processor Device Driver/Microsoft Corporation) [MANUAL] intelppm
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] IPBusEnum
Service system32\DRIVERS\ipfltdrv.sys (IP FILTER DRIVER/Microsoft Corporation) [MANUAL] IpFilterDriver
Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] iphlpsvc
Service system32\DRIVERS\IPMIDrv.sys (WMI IPMI-TREIBER/Microsoft Corporation) [MANUAL] IPMIDRV
Service System32\drivers\ipnat.sys (IP Network Address Translator/Microsoft Corporation) [MANUAL] IPNAT
Service system32\drivers\irenum.sys (Infra-Red Bus Enumerator/Microsoft Corporation) [MANUAL] IRENUM
Service system32\DRIVERS\isapnp.sys (PNP-ISA-Bustreiber/Microsoft Corporation) [BOOT] isapnp
Service system32\DRIVERS\msiscsi.sys (Microsoft iSCSI Initiator Driver/Microsoft Corporation) [MANUAL] iScsiPrt
Service system32\DRIVERS\kbdclass.sys (Tastaturklassentreiber/Microsoft Corporation) [MANUAL] kbdclass
Service system32\DRIVERS\kbdhid.sys (HID-Tastaturfiltertreiber/Microsoft Corporation) [MANUAL] kbdhid
Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] KeyIso
Service System32\Drivers\ksecdd.sys (Kernel Security Support Provider Interface/Microsoft Corporation) [BOOT] KSecDD
Service System32\Drivers\ksecpkg.sys (Kernel Security Support Provider Interface Packages/Microsoft Corporation) [BOOT] KSecPkg
Service system32\drivers\ksthunk.sys (Kernel Streaming WOW Thunk Service/Microsoft Corporation) [MANUAL] ksthunk
Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] KtmRm
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] LanmanServer
Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] LanmanWorkstation
Service ldap
Service C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (LightScribe Service/Hewlett-Packard Company) [AUTO] LightScribeService
Service system32\DRIVERS\lltdio.sys (Link-Layer Topology Mapper I/O Driver/Microsoft Corporation) [AUTO] lltdio
Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] lltdsvc
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] lmhosts
Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Local Manageability Service/Intel Corporation) [AUTO] LMS
Service Lsa
Service system32\DRIVERS\lsi_fc.sys (LSI Fusion-MPT FC Driver (StorPort)/LSI Corporation) [BOOT] LSI_FC
Service system32\DRIVERS\lsi_sas.sys (LSI Fusion-MPT SAS Driver (StorPort)/LSI Corporation) [BOOT] LSI_SAS
Service system32\DRIVERS\lsi_sas2.sys (LSI SAS Gen2 Driver (StorPort)/LSI Corporation) [BOOT] LSI_SAS2
Service system32\DRIVERS\lsi_scsi.sys (LSI Fusion-MPT SCSI Driver (StorPort)/LSI Corporation) [BOOT] LSI_SCSI
Service system32\drivers\luafv.sys (LUA-Filtertreiber zur Dateivirtualisierung/Microsoft Corporation) [AUTO] luafv
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [DISABLED] Mcx2Svc
Service system32\DRIVERS\megasas.sys (MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64/LSI Corporation) [BOOT] megasas
Service system32\DRIVERS\MegaSR.sys (LSI MegaRAID Software RAID Driver/LSI Corporation, Inc.) [BOOT] MegaSR
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] MMCSS
Service system32\drivers\modem.sys (Modemgerätetreiber/Microsoft Corporation) [MANUAL] Modem
Service system32\DRIVERS\monitor.sys (Monitor Driver/Microsoft Corporation) [MANUAL] monitor
Service system32\DRIVERS\mouclass.sys (Mausklassentreiber/Microsoft Corporation) [MANUAL] mouclass
Service system32\DRIVERS\mouhid.sys (HID-Mausfiltertreiber/Microsoft Corporation) [MANUAL] mouhid
Service System32\drivers\mountmgr.sys (Bereitstellungspunkt-Manager/Microsoft Corporation) [BOOT] mountmgr
Service system32\DRIVERS\MpFilter.sys (Microsoft antimalware file system filter driver/Microsoft Corporation) [BOOT] MpFilter
Service system32\DRIVERS\mpio.sys (Multipfad-Supportbustreiber/Microsoft Corporation) [BOOT] mpio
Service System32\drivers\mpsdrv.sys (Microsoft Protection Service Driver/Microsoft Corporation) [MANUAL] mpsdrv
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] MpsSvc
Service system32\drivers\mrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation) [MANUAL] MRxDAV
Service system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) [MANUAL] mrxsmb
Service system32\DRIVERS\mrxsmb10.sys (Longhorn SMB Downlevel SubRdr/Microsoft Corporation) [MANUAL] mrxsmb10
Service system32\DRIVERS\mrxsmb20.sys (Longhorn SMB 2.0 Redirector/Microsoft Corporation) [MANUAL] mrxsmb20
Service system32\DRIVERS\msahci.sys (MS AHCI 1.0 Standard Driver/Microsoft Corporation) [BOOT] msahci
Service system32\DRIVERS\msdsm.sys (Gerätespezifisches Modul von Microsoft/Microsoft Corporation) [BOOT] msdsm
Service C:\Windows\System32\msdtc.exe (Microsoft Distributed Transaction Coordinator-Dienst/Microsoft Corporation) [MANUAL] MSDTC
Service MSDTC Bridge 3.0.0.0
Service (Mailslot driver/Microsoft Corporation) [SYSTEM] Msfs
Service System32\drivers\mshidkmdf.sys (Pass-through HID to KMDF Filter Driver/Microsoft Corporation) [MANUAL] mshidkmdf
Service system32\DRIVERS\msisadrv.sys (ISA Driver/Microsoft Corporation) [BOOT] msisadrv
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] MSiSCSI
Service C:\Windows\system32\msiexec.exe (Windows® Installer/Microsoft Corporation) [MANUAL] msiserver
Service system32\drivers\MSKSSRV.sys (MS KS Server/Microsoft Corporation) [MANUAL] MSKSSRV
Service c:\Program Files\Microsoft Security Client\MsMpEng.exe (Antimalware Service Executable/Microsoft Corporation) [AUTO] MsMpSvc
Service system32\drivers\MSPCLOCK.sys (MS Proxy Clock/Microsoft Corporation) [MANUAL] MSPCLOCK
Service system32\drivers\MSPQM.sys (MS Proxy Quality Manager/Microsoft Corporation) [MANUAL] MSPQM
Service (Kernel Remote Procedure Call Provider/Microsoft Corporation) [MANUAL] MsRPC
Service MSSCNTRS
Service system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) [SYSTEM] mssmbios
Service system32\drivers\MSTEE.sys (WDM Tee/Communication Transform Filter /Microsoft Corporation) [MANUAL] MSTEE
Service system32\DRIVERS\MTConfig.sys (HID-Treiber für Mehrfingereingabe von Microsoft/Microsoft Corporation) [MANUAL] MTConfig
Service System32\Drivers\mup.sys (Multiple UNC Provider Driver/Microsoft Corporation) [BOOT] Mup
Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] napagent
Service system32\DRIVERS\nwifi.sys (Systemeigener WiFi-Miniporttreiber/Microsoft Corporation) [MANUAL] NativeWifiP
Service system32\drivers\ndis.sys (NDIS 6.20-Treiber/Microsoft Corporation) [BOOT] NDIS
Service system32\DRIVERS\ndiscap.sys (NDIS Packet Capture Filter Driver/Microsoft Corporation) [MANUAL] NdisCap
Service system32\DRIVERS\ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation) [MANUAL] NdisTapi
Service system32\DRIVERS\ndisuio.sys (E/A-Treiber für NDIS-Benutzermodus/Microsoft Corporation) [MANUAL] Ndisuio
Service system32\DRIVERS\ndiswan.sys (MS PPP Framing Driver (Strong Encryption)/Microsoft Corporation) [MANUAL] NdisWan
Service (NDIS Proxy/Microsoft Corporation) [MANUAL] NDProxy
Service system32\DRIVERS\netbios.sys (NetBIOS interface driver/Microsoft Corporation) [SYSTEM] NetBIOS
Service System32\DRIVERS\netbt.sys (MBT Transport driver/Microsoft Corporation) [SYSTEM] NetBT
Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] Netlogon
Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] Netman
Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] netprofm
Service C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe (SMSvcHost.exe/Microsoft Corporation) [DISABLED] NetTcpPortSharing
Service system32\DRIVERS\netw5v64.sys (Intel® Wireless WiFi Link Driver/Intel Corporation) [MANUAL] netw5v64
Service Network Inspection System
Service system32\DRIVERS\nfrd960.sys (IBM ServeRAID Controller Driver/IBM Corporation) [BOOT] nfrd960
Service system32\DRIVERS\NisDrvWFP.sys (Microsoft Network Inspection System Driver/Microsoft Corporation) [MANUAL] NisDrv
Service c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Network Inspection System/Microsoft Corporation) [MANUAL] NisSrv
Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] NlaSvc
Service (NPFS Driver/Microsoft Corporation) [SYSTEM] Npfs
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] nsi
Service system32\drivers\nsiproxy.sys (NSI Proxy/Microsoft Corporation) [SYSTEM] nsiproxy
Service NTDS
Service (NT-Dateisystemtreiber/Microsoft Corporation) [MANUAL] Ntfs
Service (NULL Driver/Microsoft Corporation) [SYSTEM] Null
Service system32\DRIVERS\nvraid.sys (NVIDIA® nForce(TM) RAID Driver/NVIDIA Corporation) [BOOT] nvraid
Service system32\DRIVERS\nvstor.sys (NVIDIA® nForce(TM) Sata Performance Driver/NVIDIA Corporation) [BOOT] nvstor
Service system32\DRIVERS\nv_agp.sys (NForce NT AGP-Filter/Microsoft Corporation) [MANUAL] nv_agp
Service C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Office Diagnostics/Microsoft Corporation) [MANUAL] odserv
Service system32\DRIVERS\ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation) [MANUAL] ohci1394
Service C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Office Source Engine/Microsoft Corporation) [MANUAL] ose
Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] p2pimsvc
Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] p2psvc
Service system32\DRIVERS\parport.sys (Treiber für parallelen Anschluss/Microsoft Corporation) [MANUAL] Parport
Service System32\drivers\partmgr.sys (Partition Management Driver/Microsoft Corporation) [BOOT] partmgr
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] PcaSvc
Service system32\DRIVERS\pci.sys (NT-Plug & Play PCI-Enumerator/Microsoft Corporation) [BOOT] pci
Service system32\DRIVERS\pciide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) [BOOT] pciide
Service system32\DRIVERS\pcmcia.sys (PCMCIA-Treiber/Microsoft Corporation) [MANUAL] pcmcia
Service System32\drivers\pcw.sys (Performance Counters for Windows Driver/Microsoft Corporation) [BOOT] pcw
Service system32\drivers\peauth.sys (Protected Environment Authentication and Authorization Export Driver/Microsoft Corporation) [AUTO] PEAUTH
Service PerfDisk
Service C:\Windows\SysWow64\perfhost.exe (x86-Leistungsindikatorhost/Microsoft Corporation) [MANUAL] PerfHost
Service PerfNet
Service PerfOS
Service PerfProc
Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] pla
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] PlugPlay
Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] PNRPAutoReg
Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] PNRPsvc
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] PolicyAgent
Service PortProxy
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] Power
Service system32\DRIVERS\raspptp.sys (Peer-to-Peer Tunneling Protocol/Microsoft Corporation) [MANUAL] PptpMiniport
Service system32\DRIVERS\processr.sys (Processor Device Driver/Microsoft Corporation) [MANUAL] Processor
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] ProfSvc
Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] ProtectedStorage
Service system32\DRIVERS\pacer.sys (QoS-Paketplaner/Microsoft Corporation) [SYSTEM] Psched
Service system32\DRIVERS\ql2300.sys (QLogic Fibre Channel Stor Miniport Driver/QLogic Corporation) [BOOT] ql2300
Service system32\DRIVERS\ql40xx.sys (QLogic iSCSI Storport Miniport Driver/QLogic Corporation) [BOOT] ql40xx
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] QWAVE
Service system32\drivers\qwavedrv.sys (Supporttreiber für verbessertes Microsoft-Audio/Video-Streaming (qWave)/Microsoft Corporation) [MANUAL] QWAVEdrv
Service System32\DRIVERS\rasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation) [MANUAL] RasAcd
Service system32\DRIVERS\AgileVpn.sys (RAS Agile Vpn Miniport Call Manager/Microsoft Corporation) [MANUAL] RasAgileVpn
Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] RasAuto
Service system32\DRIVERS\rasl2tp.sys (RAS L2TP mini-port/call-manager driver/Microsoft Corporation) [MANUAL] Rasl2tp
Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] RasMan
Service system32\DRIVERS\raspppoe.sys (RAS PPPoE mini-port/call-manager driver/Microsoft Corporation) [MANUAL] RasPppoe
Service system32\DRIVERS\rassstp.sys (RAS SSTP Miniport Call Manager/Microsoft Corporation) [MANUAL] RasSstp
Service system32\DRIVERS\rdbss.sys (Subsystemtreiber für Pufferung des umgeleiteten Laufwerks/Microsoft Corporation) [SYSTEM] rdbss
Service system32\DRIVERS\rdpbus.sys (Microsoft RDP Bus Device driver/Microsoft Corporation) [MANUAL] rdpbus
Service System32\DRIVERS\RDPCDD.sys (RDP Miniport/Microsoft Corporation) [SYSTEM] RDPCDD
Service RDPDD
Service system32\drivers\rdpencdd.sys (RDP Encoder Miniport/Microsoft Corporation) [SYSTEM] RDPENCDD
Service RDPNP
Service system32\drivers\rdprefmp.sys (RDP Reflector Driver Miniport/Microsoft Corporation) [SYSTEM] RDPREFMP
Service (RDP Terminal Stack Driver/Microsoft Corporation) [MANUAL] RDPWD
Service System32\drivers\rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) [BOOT] rdyboost
Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [DISABLED] RemoteAccess
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] RemoteRegistry
Service C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [AUTO] RichVideo
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] RpcEptMapper
Service C:\Windows\system32\locator.exe (Rpc Locator/Microsoft Corporation) [MANUAL] RpcLocator
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] RpcSs
Service system32\DRIVERS\rspndr.sys (Link-Layer Topology Responder Driver for NDIS 6/Microsoft Corporation) [AUTO] rspndr
Service C:\Windows\System32\Drivers\RtsUStor.sys (Realtek USB Mass Storage Driver for 2K/XP/Vista/Win7/Realtek Semiconductor Corp.) [MANUAL] RSUSBSTOR
Service system32\DRIVERS\Rt64win7.sys (Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver /Realtek ) [MANUAL] RTL8167
Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [AUTO] SamSs
Service system32\DRIVERS\sbp2port.sys (SBP-2 Protocol Driver/Microsoft Corporation) [BOOT] sbp2port
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] SCardSvr
Service System32\DRIVERS\scfilter.sys (Filtertreiber für Smartcard-Leser von Microsoft/Microsoft Corporation) [MANUAL] scfilter
Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] Schedule
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] SCPolicySvc
Service system32\DRIVERS\sdbus.sys (SecureDigital Bus Driver/Microsoft Corporation) [MANUAL] sdbus
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] SDRSVC
Service (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [AUTO] secdrv
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] seclogon
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] SENS
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] SensrSvc
Service system32\DRIVERS\serenum.sys (Serial Port Enumerator/Microsoft Corporation) [MANUAL] Serenum
Service system32\DRIVERS\serial.sys (Serieller Gerätetreiber/Microsoft Corporation) [SYSTEM] Serial
Service system32\DRIVERS\sermouse.sys (Serieller Mausfiltertreiber/Microsoft Corporation) [MANUAL] sermouse
Service ServiceModelEndpoint 3.0.0.0
Service ServiceModelOperation 3.0.0.0
Service ServiceModelService 3.0.0.0
Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] SessionEnv
Service C:\Program Files (x86)\ShadowExplorer\sesvc.exe (ShadowExplorer/www.shadowexplorer.com) [AUTO] sesvc
Service system32\DRIVERS\sffdisk.sys (Small Form Factor Disk Driver/Microsoft Corporation) [MANUAL] sffdisk
Service system32\DRIVERS\sffp_mmc.sys (Small Form Factor MMC Protocol Driver/Microsoft Corporation) [MANUAL] sffp_mmc
Service system32\DRIVERS\sffp_sd.sys (Small Form Factor SD Protocol Driver/Microsoft Corporation) [MANUAL] sffp_sd
Service system32\DRIVERS\sfloppy.sys (SCSI Floppy Driver/Microsoft Corporation) [MANUAL] sfloppy
Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] SharedAccess
Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] ShellHWDetection
Service system32\DRIVERS\SiSRaid2.sys (SiS RAID Stor Miniport Driver/Silicon Integrated Systems Corp.) [BOOT] SiSRaid2
Service system32\DRIVERS\sisraid4.sys (SiS AHCI Stor-Miniport Driver/Silicon Integrated Systems) [BOOT] SiSRaid4
Service C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Updater Service/Skype Technologies) [AUTO] SkypeUpdate
Service system32\DRIVERS\smb.sys (SMB Transport driver/Microsoft Corporation) [MANUAL] Smb
Service SMSvcHost 3.0.0.0
Service C:\Windows\System32\snmptrap.exe (SNMP-Trap/Microsoft Corporation) [MANUAL] SNMPTRAP
Service (loader for security processor/Microsoft Corporation) [BOOT] spldr
Service C:\Windows\System32\spoolsv.exe (Spoolersubsystem-Anwendung/Microsoft Corporation) [AUTO] Spooler
Service C:\Windows\system32\sppsvc.exe (Softwareschutzplattform-Dienst von Microsoft/Microsoft Corporation) [AUTO] sppsvc
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] sppuinotify
Service System32\DRIVERS\srv.sys (Server driver/Microsoft Corporation) [MANUAL] srv
Service System32\DRIVERS\srv2.sys (Smb 2.0 Server driver/Microsoft Corporation) [MANUAL] srv2
Service system32\DRIVERS\VSTAZL6.SYS (HSF_HWAZL WDM driver/Conexant Systems, Inc.) [MANUAL] SrvHsfHDA
Service system32\DRIVERS\VSTDPV6.SYS (HSF_DP driver/Conexant Systems, Inc.) [MANUAL] SrvHsfV92
Service system32\DRIVERS\VSTCNXT6.SYS (HSF_CNXT driver/Conexant Systems, Inc.) [MANUAL] SrvHsfWinac
Service System32\DRIVERS\srvnet.sys (Server Network driver/Microsoft Corporation) [MANUAL] srvnet
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] SSDPSRV
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] SstpSvc
Service system32\DRIVERS\stexstor.sys (Promise SuperTrak EX Series Driver for Windows /Promise Technology) [BOOT] stexstor
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] stisvc
Service system32\DRIVERS\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation) [MANUAL] swenum
Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] swprv
Service system32\DRIVERS\SynTP.sys (Synaptics Touchpad Driver/Synaptics Incorporated) [MANUAL] SynTP
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] SysMain
Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] TabletInputService
Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] TapiSrv
Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] TBS
Service System32\drivers\tcpip.sys (TCP/IP-Treiber/Microsoft Corporation) [BOOT] Tcpip
Service system32\DRIVERS\tcpip.sys (TCP/IP-Treiber/Microsoft Corporation) [MANUAL] TCPIP6
Service TCPIP6TUNNEL
Service System32\drivers\tcpipreg.sys (TCP/IP Registry Compatibility Driver/Microsoft Corporation) [AUTO] tcpipreg
Service TCPIPTUNNEL
Service system32\drivers\tdpipe.sys (Named Pipe Transport Driver/Microsoft Corporation) [MANUAL] TDPIPE
Service system32\drivers\tdtcp.sys (TCP Transport Driver/Microsoft Corporation) [MANUAL] TDTCP
Service system32\DRIVERS\tdx.sys (TDI Translation Driver/Microsoft Corporation) [SYSTEM] tdx
Service system32\DRIVERS\termdd.sys (Remote Desktop Server Driver/Microsoft Corporation) [SYSTEM] TermDD
Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] TermService
Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] Themes
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] THREADORDER
Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] TrkWks
Service C:\Windows\servicing\TrustedInstaller.exe (Windows Modules Installer/Microsoft Corporation) [MANUAL] TrustedInstaller
Service TSDDD
Service System32\DRIVERS\tssecsrv.sys (TS Security Filter Driver/Microsoft Corporation) [MANUAL] tssecsrv
Service system32\DRIVERS\tunnel.sys (Microsoft-Tunnelschnittstellentreiber/Microsoft Corporation) [MANUAL] tunnel
Service system32\DRIVERS\uagp35.sys (MS AGPv3.5-Filter/Microsoft Corporation) [MANUAL] uagp35
Service system32\DRIVERS\udfs.sys (UDF File System Driver/Microsoft Corporation) [DISABLED] udfs
Service UGatherer
Service UGTHRSVC
Service C:\Windows\system32\UI0Detect.exe (Erkennung interaktiver Dienste/Microsoft Corporation) [MANUAL] UI0Detect
Service system32\DRIVERS\uliagpkx.sys (ULi AGPv3.0-Filter für K8/9-Prozessorplattformen/Microsoft Corporation) [MANUAL] uliagpkx
Service system32\DRIVERS\umbus.sys (User-Mode Bus Enumerator/Microsoft Corporation) [MANUAL] umbus
Service system32\DRIVERS\umpass.sys (Generic pass-through driver/Microsoft Corporation) [MANUAL] UmPass
Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (User Notification Service/Intel Corporation) [AUTO] UNS
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] upnphost
Service system32\DRIVERS\usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation) [MANUAL] usbccgp
Service system32\DRIVERS\usbcir.sys (USB Consumer IR Driver for eHome/Microsoft Corporation) [MANUAL] usbcir
Service system32\DRIVERS\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation) [MANUAL] usbehci
Service system32\DRIVERS\usbhub.sys (Default Hub Driver for USB/Microsoft Corporation) [MANUAL] usbhub
Service system32\DRIVERS\usbohci.sys (OHCI USB Miniport Driver/Microsoft Corporation) [MANUAL] usbohci
Service system32\DRIVERS\usbprint.sys (USB Printer driver/Microsoft Corporation) [MANUAL] usbprint
Service system32\DRIVERS\USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation) [MANUAL] USBSTOR
Service system32\DRIVERS\usbuhci.sys (UHCI USB Miniport Driver/Microsoft Corporation) [MANUAL] usbuhci
Service System32\Drivers\usbvideo.sys (USB Video Class Driver/Microsoft Corporation) [MANUAL] usbvideo
Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] UxSms
Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] VaultSvc
Service system32\DRIVERS\vdrvroot.sys (Stammenumerator für virtuelles Laufwerk/Microsoft Corporation) [BOOT] vdrvroot
Service C:\Windows\System32\vds.exe (Virtueller Datenträgerdienst/Microsoft Corporation) [MANUAL] vds
Service system32\DRIVERS\vgapnp.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [MANUAL] vga
Service System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [SYSTEM] VgaSave
Service system32\DRIVERS\vhdmp.sys (VHD Miniport Driver/Microsoft Corporation) [MANUAL] vhdmp
Service system32\DRIVERS\viaide.sys (VIA Generic PCI IDE Bus Driver/VIA Technologies, Inc.) [BOOT] viaide
Service system32\DRIVERS\volmgr.sys (Volume Manager Driver/Microsoft Corporation) [BOOT] volmgr
Service System32\drivers\volmgrx.sys (Treiber für Erweiterung des Volume-Managers/Microsoft Corporation) [BOOT] volmgrx
Service system32\DRIVERS\volsnap.sys (Volumeschattenkopie-Treiber/Microsoft Corporation) [BOOT] volsnap
Service system32\DRIVERS\vsmraid.sys (VIA RAID DRIVER FOR AMD-X86-64/VIA Technologies Inc.,Ltd) [BOOT] vsmraid
Service C:\Windows\system32\vssvc.exe (Microsoft® Volumeschattenkopie-Dienst/Microsoft Corporation) [MANUAL] VSS
Service system32\DRIVERS\vwifibus.sys (Virtueller WiFi-Bustreiber/Microsoft Corporation) [MANUAL] vwifibus
Service system32\DRIVERS\vwififlt.sys (Virtual WiFi Filter Driver/Microsoft Corporation) [SYSTEM] vwififlt
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] W32Time
Service W3SVC
Service system32\DRIVERS\wacompen.sys (Wacom Serial Pen Tablet HID Driver/Microsoft Corporation) [MANUAL] WacomPen
Service system32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) [MANUAL] WANARP
Service system32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) [SYSTEM] Wanarpv6
Service C:\Windows\system32\wbengine.exe (EXE-Datei für Microsoft®-Blockebenen-Sicherungsmodul/Microsoft Corporation) [MANUAL] wbengine
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] WbioSrvc
Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] wcncsvc
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] WcsPlugInService
Service system32\DRIVERS\wd.sys (Microsoft Watchdog Timer Driver/Microsoft Corporation) [BOOT] Wd
Service system32\drivers\Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation) [BOOT] Wdf01000
Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] WdiServiceHost
Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] WdiSystemHost
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] WebClient
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] Wecsvc
Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] wercplsupport
Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] WerSvc
Service system32\DRIVERS\wfplwf.sys (WFP NDIS 6.20 Lightweight Filter Driver/Microsoft Corporation) [SYSTEM] WfpLwf
Service C:\Windows\system32\drivers\wimmount.sys (Wim file system Driver/Microsoft Corporation) [MANUAL] WIMMount
Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] WinDefend
Service Windows Workflow Foundation 3.0.0.0
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] WinHttpAutoProxySvc
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] Winmgmt
Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] WinRM
Service [MANUAL] Winsock
Service WinSock2
Service system32\DRIVERS\WinUsb.sys (Windows USB Class Driver BETA/Microsoft Corporation) [MANUAL] WinUsb
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] Wlansvc
Service system32\DRIVERS\wmiacpi.sys (Windows Management Interface for ACPI/Microsoft Corporation) [MANUAL] WmiAcpi
Service WmiApRpl
Service C:\Windows\system32\wbem\WmiApSrv.exe (Adapter für den WMI-Leistungsreverseadapter/Microsoft Corporation) [MANUAL] wmiApSrv
Service C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe [AUTO] WMPNetworkSvc
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] WPCSvc
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] WPDBusEnum
Service system32\drivers\ws2ifsl.sys (Winsock2-IFS-Schicht/Microsoft Corporation) [SYSTEM] ws2ifsl
Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] wscsvc
Service C:\Windows\system32\SearchIndexer.exe (Microsoft Windows Search-Indexerstellung/Microsoft Corporation) [AUTO] WSearch
Service WSearchIdxPi
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] wuauserv
Service system32\drivers\WudfPf.sys (Windows Driver Foundation - User-mode Driver Framework Platform Driver/Microsoft Corporation) [MANUAL] WudfPf
Service system32\DRIVERS\WUDFRd.sys (Windows Driver Foundation - User-mode Driver Framework Reflector/Microsoft Corporation) [MANUAL] WUDFRd
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] wudfsvc
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] WwanSvc
Service xmlprov
Service system32\DRIVERS\yk62x64.sys (Miniport Driver for Marvell Yukon Ethernet Controller./Marvell) [MANUAL] yukonw7
Service {8DA24F72-EB71-4CC1-912A-E01DF83FDE24}
Service {BE7AC60A-6F36-452C-83E6-B7276A634670}
---- EOF - GMER 1.0.15 ----
Osam: Code:
ATTFilter OSAM Logfile: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-25 13:43:25
-----------------------------
13:43:25.264 OS Version: Windows x64 6.1.7600
13:43:25.264 Number of processors: 4 586 0x2502
13:43:25.264 ComputerName: LIZ-PC UserName: Liz
13:43:26.761 Initialize success
13:45:52.890 AVAST engine defs: 12062500
13:47:14.478 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:47:14.494 Disk 0 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 3
13:47:14.509 Disk 0 MBR read successfully
13:47:14.509 Disk 0 MBR scan
13:47:14.509 Disk 0 unknown MBR code
13:47:14.525 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
13:47:14.541 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 291736 MB offset 409600
13:47:14.572 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13205 MB offset 597884928
13:47:14.587 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768
13:47:14.619 Disk 0 scanning C:\Windows\system32\drivers
13:47:21.623 Service scanning
13:47:37.145 Modules scanning
13:47:37.161 Disk 0 trace - called modules:
13:47:37.707 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
13:47:37.707 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c18060]
13:47:37.722 3 CLASSPNP.SYS[fffff880011b943f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004975050]
13:47:39.906 AVAST engine scan C:\Windows
13:47:42.948 AVAST engine scan C:\Windows\system32
13:49:55.720 AVAST engine scan C:\Windows\system32\drivers
13:50:04.971 AVAST engine scan C:\Users\Liz
14:08:37.081 AVAST engine scan C:\ProgramData
14:12:15.934 Scan finished successfully
14:14:59.485 Disk 0 MBR has been saved successfully to "C:\Users\Liz\Desktop\MBR.dat"
14:14:59.485 The log file has been saved successfully to "C:\Users\Liz\Desktop\aswMBR.txt"
|
|
| Themen zu Entfernung des Ukash Trojaners und Dateiwiederherstellung |
| abgesicherten, aktualisierung, anhang, ausführung, bräuchte, datei, eingabe, entfernung, erledigt, essen, forum, gefundenen, konnte, microsoft, modus, programm, rechner, scan, security, starte, starten, troja, trojaner, trojaner - gesperrte dateien, trojaners, ukash bka gema, windows 7 64bit home |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
