| |
| |||||||
Log-Analyse und Auswertung: "Kanadische Version" des BKA-TrojanersWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
23.06.2012, 05:42
| #1 | ||
| |  "Kanadische Version" des BKA-Trojaners Hallo! Zuerst einmal bitte ich zu verzeihen, dass ich bereits auf eigene Faust einige Versuche unternommen habe (es hat mich etwas gedautert, dieses Forum zu finden) und hoffe, dass man mir trotzdem noch helfen kann. Heute nachmittag um ca. 2 Uhr Ortszeit, ich wollte gerade nach Öffnungzeiten des örtlichen Pubs suchen, öffnete sich plötzlich die schockierende Nachricht, natürlich auf Englisch und alles sehr schön, mit kanadischer Flagge, angeblicher Videoaufzeichnung und so weiter...ich denke, ihr kennt das. Im ersten Moment war ich geschockt und habe den Laptop heruntergefahren und als ich beim Neustart kurz nach Eingabe meine Passwortes wieder diesen Bildschirm zusehen bekam, wurde mir klar, dass das nur ein Virus sein könnte. Ich bemühte mich nun, im abgesicherten Modus einen Virenscan mit Avira (keine Funde, nur Warnungen über unvollständigen Dateien im Tempoären Ordner und Papierkorb) und auf Empfehlungen verschiedener Rechercheergebnisse auch Malwarebytes über das System laufen zu lassen. Dort wurde auch tatsächlich etwas gefunden, habe aber leider alles gleich löschen lassen. Hier der Log dazu. Zitat:
Zitat:
Nach Neustart des Laptops habe ich feststellen müssen, dass dies nichts gebracht hatte. Als nächstes habe ich den abgesicherten Modus ohne Netzwerkverbindungen gestartet, gleiche Prozedur noch mal, außer erneut Warnungen bei Avira nichts mehr gefunden. Habe dann wieder neugestartet, wieder der nette Bildschirm..habe dann erneut runtergefahren, jedoch kurz nach Verschwinden des "Problems" den Taskmanager aufgerufen und dank Skype, dass man ab und an mal zum Herunterfahren zwingen muss, den Shutdown kurzfristig verhindert. Somit verschwand das einzige Symptom meines Trojaners. Als nächstes habe ich dann die Gunst der Stunde genutzt und weitere Programme gedownloadet. Trojaner Remover von Chip.de sowie SpyBot Search & Destroy. Bevor ich allerdings beide Programme durchlaufen ließ, hatte ich schon eine Systemwiederherstellung gestartet, die den Rechner neustarten musste. Hatte mich schon auf meinen Trojanerbildschirm gefreut, aber er kam nicht!! Habe jetzt eben den Trojaner Remover und SpyBot durchlaufen lassen. Ersterer hat nix gefunden, zweiterer fand heraus, dass Babylon.Toolbar (ja, das hat sich wohl irgendwie mal mitinstalliert, fiel mir aber nicht auf, da ich Firefox-User bin und babylon nur mit dem I-Explorer verknüpft ist) die einzige Bedrohung sei.Das stellt mich ehrlich gesagt nicht sehr zufrieden. Ich habe das Gefühl, ich bin nur zeitweilig dem Bösen entkommen und beim nächsten Boot erwartet mich mein Gesicht durch die Webcam neben einer Bezahlforderung wegen was-weiß-ich.  Deshalb bin ich jetzt auch hier. Ich habe die Logdateien von OTL angehängt, der defogger hat keine Fehlermeldung ausgeworfen. Vielen Dank an diejenigen, die sich die Mühe machen und mir versuchen zu helfen! Ich hoffe, ich habe nichts kaputt gemacht! Dropbox, Facebookmessenger und SpyBot scheinen aufgeführt zu sein, ist mir beim Überfliegen aufgefallen, ich bitte dies zu entschuldigen und hoffe, dass es eure Arbeit nicht beeinträchtigt! |
|
26.06.2012, 10:00
| #2 |
| /// Malwareteam    | "Kanadische Version" des BKA-Trojaners Mein Name ist Marius und ich werde dir bei deinem Problem helfen. Eines vorneweg: Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist. Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
Vista und Win7 User Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten. Schritt 1: Scan mit TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
Schritt 2: aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
__________________ |
|
26.06.2012, 20:18
| #3 |
| | "Kanadische Version" des BKA-Trojaners Danke, dass du dich meiner annimmst und mir versuchst, zu helfen!
__________________ Ich habe die Anweisungen befolgt. Schritt 1 ergab folgenden Log: Code:
ATTFilter 20:05:42.0392 5752 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
20:05:43.0418 5752 ============================================================
20:05:43.0418 5752 Current date / time: 2012/06/26 20:05:43.0418
20:05:43.0418 5752 SystemInfo:
20:05:43.0419 5752
20:05:43.0419 5752 OS Version: 6.1.7601 ServicePack: 1.0
20:05:43.0419 5752 Product type: Workstation
20:05:43.0419 5752 ComputerName: VANIS-LAPTOP
20:05:43.0419 5752 UserName: Vani
20:05:43.0419 5752 Windows directory: C:\Windows
20:05:43.0419 5752 System windows directory: C:\Windows
20:05:43.0419 5752 Running under WOW64
20:05:43.0419 5752 Processor architecture: Intel x64
20:05:43.0419 5752 Number of processors: 4
20:05:43.0419 5752 Page size: 0x1000
20:05:43.0419 5752 Boot type: Normal boot
20:05:43.0419 5752 ============================================================
20:05:44.0070 5752 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:05:44.0077 5752 ============================================================
20:05:44.0077 5752 \Device\Harddisk0\DR0:
20:05:44.0078 5752 MBR partitions:
20:05:44.0093 5752 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x424000, BlocksNum 0x37A44000
20:05:44.0126 5752 ============================================================
20:05:44.0158 5752 C: <-> \Device\Harddisk0\DR0\Partition0
20:05:44.0158 5752 ============================================================
20:05:44.0158 5752 Initialize success
20:05:44.0158 5752 ============================================================
20:05:49.0600 5764 ============================================================
20:05:49.0600 5764 Scan started
20:05:49.0600 5764 Mode: Manual; TDLFS;
20:05:49.0600 5764 ============================================================
20:05:50.0000 5764 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:05:50.0004 5764 1394ohci - ok
20:05:50.0087 5764 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:05:50.0093 5764 ACPI - ok
20:05:50.0136 5764 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:05:50.0137 5764 AcpiPmi - ok
20:05:50.0272 5764 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
20:05:50.0280 5764 adp94xx - ok
20:05:50.0339 5764 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
20:05:50.0345 5764 adpahci - ok
20:05:50.0391 5764 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
20:05:50.0396 5764 adpu320 - ok
20:05:50.0433 5764 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:05:50.0435 5764 AeLookupSvc - ok
20:05:50.0532 5764 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:05:50.0541 5764 AFD - ok
20:05:50.0617 5764 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:05:50.0619 5764 agp440 - ok
20:05:50.0651 5764 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:05:50.0653 5764 ALG - ok
20:05:50.0713 5764 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:05:50.0714 5764 aliide - ok
20:05:50.0740 5764 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:05:50.0741 5764 amdide - ok
20:05:50.0809 5764 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
20:05:50.0811 5764 AmdK8 - ok
20:05:50.0827 5764 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
20:05:50.0831 5764 AmdPPM - ok
20:05:50.0900 5764 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:05:50.0903 5764 amdsata - ok
20:05:50.0943 5764 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
20:05:50.0948 5764 amdsbs - ok
20:05:50.0972 5764 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:05:50.0974 5764 amdxata - ok
20:05:51.0085 5764 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
20:05:51.0088 5764 AntiVirSchedulerService - ok
20:05:51.0168 5764 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
20:05:51.0171 5764 AntiVirService - ok
20:05:51.0231 5764 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:05:51.0232 5764 AppID - ok
20:05:51.0268 5764 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:05:51.0271 5764 AppIDSvc - ok
20:05:51.0301 5764 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:05:51.0304 5764 Appinfo - ok
20:05:51.0398 5764 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:05:51.0400 5764 Apple Mobile Device - ok
20:05:51.0483 5764 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
20:05:51.0488 5764 AppMgmt - ok
20:05:51.0547 5764 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
20:05:51.0549 5764 arc - ok
20:05:51.0580 5764 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
20:05:51.0584 5764 arcsas - ok
20:05:51.0710 5764 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:05:51.0712 5764 aspnet_state - ok
20:05:51.0765 5764 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:05:51.0768 5764 AsyncMac - ok
20:05:51.0816 5764 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:05:51.0818 5764 atapi - ok
20:05:51.0933 5764 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:05:51.0949 5764 AudioEndpointBuilder - ok
20:05:51.0982 5764 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:05:51.0997 5764 AudioSrv - ok
20:05:52.0063 5764 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
20:05:52.0065 5764 avgntflt - ok
20:05:52.0132 5764 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
20:05:52.0136 5764 avipbb - ok
20:05:52.0181 5764 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
20:05:52.0183 5764 avkmgr - ok
20:05:52.0248 5764 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:05:52.0250 5764 AxInstSV - ok
20:05:52.0361 5764 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
20:05:52.0368 5764 b06bdrv - ok
20:05:52.0442 5764 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:05:52.0449 5764 b57nd60a - ok
20:05:52.0515 5764 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:05:52.0518 5764 BDESVC - ok
20:05:52.0538 5764 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:05:52.0539 5764 Beep - ok
20:05:52.0629 5764 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
20:05:52.0643 5764 BFE - ok
20:05:52.0708 5764 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
20:05:52.0724 5764 BITS - ok
20:05:52.0786 5764 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
20:05:52.0788 5764 blbdrive - ok
20:05:52.0963 5764 Bluetooth Device Monitor (093b1b419ef25b15d3a1ca6953f41afb) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
20:05:52.0976 5764 Bluetooth Device Monitor - ok
20:05:53.0057 5764 Bluetooth Media Service (03a7341e94acd92e0831336d4f3ace92) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
20:05:53.0077 5764 Bluetooth Media Service - ok
20:05:53.0197 5764 Bluetooth OBEX Service (a2ebf384ed105fed7d05c5465500ef2e) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
20:05:53.0219 5764 Bluetooth OBEX Service - ok
20:05:53.0352 5764 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:05:53.0354 5764 bowser - ok
20:05:53.0407 5764 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
20:05:53.0408 5764 BrFiltLo - ok
20:05:53.0442 5764 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
20:05:53.0443 5764 BrFiltUp - ok
20:05:53.0493 5764 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:05:53.0497 5764 Browser - ok
20:05:53.0539 5764 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:05:53.0545 5764 Brserid - ok
20:05:53.0585 5764 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:05:53.0587 5764 BrSerWdm - ok
20:05:53.0617 5764 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:05:53.0618 5764 BrUsbMdm - ok
20:05:53.0687 5764 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:05:53.0688 5764 BrUsbSer - ok
20:05:53.0749 5764 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
20:05:53.0751 5764 BthEnum - ok
20:05:53.0805 5764 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
20:05:53.0807 5764 BTHMODEM - ok
20:05:53.0846 5764 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
20:05:53.0849 5764 BthPan - ok
20:05:53.0891 5764 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
20:05:53.0901 5764 BTHPORT - ok
20:05:53.0959 5764 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:05:53.0961 5764 bthserv - ok
20:05:54.0013 5764 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
20:05:54.0016 5764 BTHUSB - ok
20:05:54.0061 5764 btmaux (16c1bac9760c9fa85a30f3fa0fbb1b7a) C:\Windows\system32\DRIVERS\btmaux.sys
20:05:54.0063 5764 btmaux - ok
20:05:54.0100 5764 btmhsf (0c468d8da95be16bfdd380bb9de88259) C:\Windows\system32\DRIVERS\btmhsf.sys
20:05:54.0105 5764 btmhsf - ok
20:05:54.0163 5764 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:05:54.0166 5764 cdfs - ok
20:05:54.0237 5764 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
20:05:54.0241 5764 cdrom - ok
20:05:54.0313 5764 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:05:54.0316 5764 CertPropSvc - ok
20:05:54.0371 5764 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
20:05:54.0372 5764 circlass - ok
20:05:54.0416 5764 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:05:54.0423 5764 CLFS - ok
20:05:54.0474 5764 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:05:54.0476 5764 clr_optimization_v2.0.50727_32 - ok
20:05:54.0521 5764 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:05:54.0523 5764 clr_optimization_v2.0.50727_64 - ok
20:05:54.0602 5764 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:05:54.0605 5764 clr_optimization_v4.0.30319_32 - ok
20:05:54.0644 5764 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:05:54.0648 5764 clr_optimization_v4.0.30319_64 - ok
20:05:54.0717 5764 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
20:05:54.0719 5764 CmBatt - ok
20:05:54.0748 5764 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:05:54.0749 5764 cmdide - ok
20:05:54.0803 5764 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:05:54.0811 5764 CNG - ok
20:05:54.0863 5764 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
20:05:54.0864 5764 Compbatt - ok
20:05:54.0923 5764 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:05:54.0924 5764 CompositeBus - ok
20:05:54.0957 5764 COMSysApp - ok
20:05:55.0004 5764 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
20:05:55.0006 5764 crcdisk - ok
20:05:55.0073 5764 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
20:05:55.0078 5764 CryptSvc - ok
20:05:55.0168 5764 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
20:05:55.0178 5764 CSC - ok
20:05:55.0263 5764 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
20:05:55.0279 5764 CscService - ok
20:05:55.0452 5764 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
20:05:55.0465 5764 cvhsvc - ok
20:05:55.0597 5764 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:05:55.0609 5764 DcomLaunch - ok
20:05:55.0684 5764 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:05:55.0690 5764 defragsvc - ok
20:05:55.0762 5764 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:05:55.0764 5764 DfsC - ok
20:05:55.0848 5764 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:05:55.0855 5764 Dhcp - ok
20:05:55.0923 5764 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:05:55.0924 5764 discache - ok
20:05:55.0971 5764 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
20:05:55.0973 5764 Disk - ok
20:05:56.0073 5764 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
20:05:56.0074 5764 dmvsc - ok
20:05:56.0132 5764 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:05:56.0136 5764 Dnscache - ok
20:05:56.0215 5764 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:05:56.0221 5764 dot3svc - ok
20:05:56.0244 5764 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:05:56.0249 5764 DPS - ok
20:05:56.0302 5764 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:05:56.0303 5764 drmkaud - ok
20:05:56.0400 5764 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:05:56.0416 5764 DXGKrnl - ok
20:05:56.0482 5764 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:05:56.0487 5764 EapHost - ok
20:05:56.0672 5764 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
20:05:56.0728 5764 ebdrv - ok
20:05:56.0828 5764 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:05:56.0832 5764 EFS - ok
20:05:56.0918 5764 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
20:05:56.0931 5764 ehRecvr - ok
20:05:56.0952 5764 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:05:56.0955 5764 ehSched - ok
20:05:57.0030 5764 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
20:05:57.0039 5764 elxstor - ok
20:05:57.0071 5764 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:05:57.0072 5764 ErrDev - ok
20:05:57.0152 5764 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:05:57.0160 5764 EventSystem - ok
20:05:57.0341 5764 EvtEng (7ee9f35bc1dd0ce1a4976032f9ac5162) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
20:05:57.0364 5764 EvtEng - ok
20:05:57.0487 5764 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:05:57.0490 5764 exfat - ok
20:05:57.0519 5764 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:05:57.0524 5764 fastfat - ok
20:05:57.0617 5764 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:05:57.0630 5764 Fax - ok
20:05:57.0667 5764 FBIOSDRV (9955bf48fd2fa8d481848cd3024edd0b) C:\Windows\system32\Drivers\FBIOSDRV.sys
20:05:57.0669 5764 FBIOSDRV - ok
20:05:57.0718 5764 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
20:05:57.0719 5764 fdc - ok
20:05:57.0739 5764 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:05:57.0741 5764 fdPHost - ok
20:05:57.0765 5764 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:05:57.0768 5764 FDResPub - ok
20:05:57.0792 5764 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:05:57.0795 5764 FileInfo - ok
20:05:57.0823 5764 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:05:57.0824 5764 Filetrace - ok
20:05:57.0861 5764 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
20:05:57.0863 5764 flpydisk - ok
20:05:57.0947 5764 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:05:57.0953 5764 FltMgr - ok
20:05:58.0034 5764 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
20:05:58.0057 5764 FontCache - ok
20:05:58.0118 5764 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:05:58.0120 5764 FontCache3.0.0.0 - ok
20:05:58.0149 5764 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:05:58.0151 5764 FsDepends - ok
20:05:58.0189 5764 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
20:05:58.0191 5764 Fs_Rec - ok
20:05:58.0275 5764 FUJ02B1 (ba0c1ffda496d8bcbcac63f8d98d20e3) C:\Windows\system32\DRIVERS\FUJ02B1.sys
20:05:58.0276 5764 FUJ02B1 - ok
20:05:58.0339 5764 FUJ02E3 (7135030cbf87d724b6037bb023923730) C:\Windows\system32\drivers\FUJ02E3.sys
20:05:58.0340 5764 FUJ02E3 - ok
20:05:58.0400 5764 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:05:58.0404 5764 fvevol - ok
20:05:58.0440 5764 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
20:05:58.0442 5764 gagp30kx - ok
20:05:58.0552 5764 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:05:58.0554 5764 GEARAspiWDM - ok
20:05:58.0630 5764 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:05:58.0648 5764 gpsvc - ok
20:05:58.0772 5764 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:05:58.0775 5764 gupdate - ok
20:05:58.0801 5764 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:05:58.0804 5764 gupdatem - ok
20:05:58.0845 5764 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:05:58.0848 5764 hcw85cir - ok
20:05:58.0905 5764 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:05:58.0911 5764 HdAudAddService - ok
20:05:58.0979 5764 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:05:58.0981 5764 HDAudBus - ok
20:05:59.0029 5764 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
20:05:59.0031 5764 HidBatt - ok
20:05:59.0053 5764 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
20:05:59.0056 5764 HidBth - ok
20:05:59.0073 5764 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
20:05:59.0075 5764 HidIr - ok
20:05:59.0103 5764 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
20:05:59.0105 5764 hidserv - ok
20:05:59.0205 5764 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:05:59.0208 5764 HidUsb - ok
20:05:59.0266 5764 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:05:59.0273 5764 hkmsvc - ok
20:05:59.0332 5764 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:05:59.0340 5764 HomeGroupListener - ok
20:05:59.0415 5764 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:05:59.0420 5764 HomeGroupProvider - ok
20:05:59.0485 5764 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:05:59.0486 5764 HpSAMD - ok
20:05:59.0547 5764 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:05:59.0557 5764 HTTP - ok
20:05:59.0578 5764 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:05:59.0579 5764 hwpolicy - ok
20:05:59.0659 5764 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
20:05:59.0661 5764 i8042prt - ok
20:05:59.0732 5764 iaStor (53cc5bf8b5a219119953c7abb19a7705) C:\Windows\system32\drivers\iaStor.sys
20:05:59.0739 5764 iaStor - ok
20:05:59.0822 5764 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:05:59.0828 5764 iaStorV - ok
20:05:59.0888 5764 iBtFltCoex (fc85972037815fa7b413e790b426acb2) C:\Windows\system32\DRIVERS\iBtFltCoex.sys
20:05:59.0890 5764 iBtFltCoex - ok
20:06:00.0010 5764 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:06:00.0026 5764 idsvc - ok
20:06:00.0754 5764 igfx (6383899c5f964d71b0f96b81fbe59bb8) C:\Windows\system32\DRIVERS\igdkmd64.sys
20:06:00.0934 5764 igfx - ok
20:06:01.0130 5764 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
20:06:01.0131 5764 iirsp - ok
20:06:01.0224 5764 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:06:01.0241 5764 IKEEXT - ok
20:06:01.0341 5764 intaud_WaveExtensible (caddf0927dac63edae48f5c35a61d87d) C:\Windows\system32\drivers\intelaud.sys
20:06:01.0342 5764 intaud_WaveExtensible - ok
20:06:01.0586 5764 IntcAzAudAddService (d492d3b5a8ddde1d6621a8c53855eabf) C:\Windows\system32\drivers\RTKVHD64.sys
20:06:01.0642 5764 IntcAzAudAddService - ok
20:06:01.0805 5764 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
20:06:01.0813 5764 IntcDAud - ok
20:06:01.0839 5764 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:06:01.0841 5764 intelide - ok
20:06:01.0891 5764 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:06:01.0893 5764 intelppm - ok
20:06:01.0949 5764 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:06:01.0955 5764 IPBusEnum - ok
20:06:02.0002 5764 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:06:02.0012 5764 IpFilterDriver - ok
20:06:02.0076 5764 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
20:06:02.0088 5764 iphlpsvc - ok
20:06:02.0122 5764 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:06:02.0124 5764 IPMIDRV - ok
20:06:02.0143 5764 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:06:02.0146 5764 IPNAT - ok
20:06:02.0324 5764 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
20:06:02.0342 5764 iPod Service - ok
20:06:02.0392 5764 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:06:02.0393 5764 IRENUM - ok
20:06:02.0459 5764 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:06:02.0461 5764 isapnp - ok
20:06:02.0501 5764 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:06:02.0505 5764 iScsiPrt - ok
20:06:02.0558 5764 iwdbus (716f66336f10885d935b08174dc54242) C:\Windows\system32\DRIVERS\iwdbus.sys
20:06:02.0559 5764 iwdbus - ok
20:06:02.0615 5764 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:06:02.0616 5764 kbdclass - ok
20:06:02.0693 5764 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
20:06:02.0694 5764 kbdhid - ok
20:06:02.0729 5764 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:06:02.0733 5764 KeyIso - ok
20:06:02.0764 5764 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:06:02.0766 5764 KSecDD - ok
20:06:02.0796 5764 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:06:02.0799 5764 KSecPkg - ok
20:06:02.0865 5764 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:06:02.0866 5764 ksthunk - ok
20:06:02.0897 5764 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:06:02.0904 5764 KtmRm - ok
20:06:02.0995 5764 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
20:06:03.0001 5764 LanmanServer - ok
20:06:03.0026 5764 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:06:03.0031 5764 LanmanWorkstation - ok
20:06:03.0082 5764 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:06:03.0083 5764 lltdio - ok
20:06:03.0124 5764 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:06:03.0131 5764 lltdsvc - ok
20:06:03.0154 5764 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:06:03.0157 5764 lmhosts - ok
20:06:03.0287 5764 LMS (50c7ce53ef461870410355f1f2e7d515) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
20:06:03.0295 5764 LMS - ok
20:06:03.0338 5764 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
20:06:03.0341 5764 LSI_FC - ok
20:06:03.0377 5764 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
20:06:03.0379 5764 LSI_SAS - ok
20:06:03.0410 5764 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
20:06:03.0412 5764 LSI_SAS2 - ok
20:06:03.0470 5764 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
20:06:03.0472 5764 LSI_SCSI - ok
20:06:03.0494 5764 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:06:03.0498 5764 luafv - ok
20:06:03.0542 5764 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
20:06:03.0547 5764 Mcx2Svc - ok
20:06:03.0584 5764 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
20:06:03.0585 5764 megasas - ok
20:06:03.0660 5764 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
20:06:03.0666 5764 MegaSR - ok
20:06:03.0724 5764 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
20:06:03.0726 5764 MEIx64 - ok
20:06:03.0753 5764 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:06:03.0757 5764 MMCSS - ok
20:06:03.0788 5764 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:06:03.0793 5764 Modem - ok
20:06:03.0842 5764 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:06:03.0844 5764 monitor - ok
20:06:03.0915 5764 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:06:03.0918 5764 mouclass - ok
20:06:03.0977 5764 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:06:03.0979 5764 mouhid - ok
20:06:04.0018 5764 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:06:04.0020 5764 mountmgr - ok
20:06:04.0153 5764 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:06:04.0155 5764 MozillaMaintenance - ok
20:06:04.0209 5764 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:06:04.0212 5764 mpio - ok
20:06:04.0241 5764 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:06:04.0243 5764 mpsdrv - ok
20:06:04.0350 5764 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
20:06:04.0365 5764 MpsSvc - ok
20:06:04.0381 5764 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:06:04.0384 5764 MRxDAV - ok
20:06:04.0421 5764 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:06:04.0424 5764 mrxsmb - ok
20:06:04.0467 5764 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:06:04.0475 5764 mrxsmb10 - ok
20:06:04.0503 5764 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:06:04.0506 5764 mrxsmb20 - ok
20:06:04.0540 5764 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:06:04.0542 5764 msahci - ok
20:06:04.0582 5764 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:06:04.0587 5764 msdsm - ok
20:06:04.0622 5764 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:06:04.0628 5764 MSDTC - ok
20:06:04.0681 5764 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:06:04.0683 5764 Msfs - ok
20:06:04.0736 5764 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:06:04.0737 5764 mshidkmdf - ok
20:06:04.0760 5764 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:06:04.0761 5764 msisadrv - ok
20:06:04.0788 5764 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:06:04.0793 5764 MSiSCSI - ok
20:06:04.0799 5764 msiserver - ok
20:06:04.0843 5764 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:06:04.0844 5764 MSKSSRV - ok
20:06:04.0888 5764 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:06:04.0889 5764 MSPCLOCK - ok
20:06:04.0895 5764 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:06:04.0896 5764 MSPQM - ok
20:06:04.0931 5764 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:06:04.0937 5764 MsRPC - ok
20:06:04.0974 5764 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:06:04.0977 5764 mssmbios - ok
20:06:05.0026 5764 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:06:05.0027 5764 MSTEE - ok
20:06:05.0052 5764 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
20:06:05.0054 5764 MTConfig - ok
20:06:05.0073 5764 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:06:05.0076 5764 Mup - ok
20:06:05.0198 5764 MyWiFiDHCPDNS (0cf5580f27918ffd2e165ecafa734103) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
20:06:05.0204 5764 MyWiFiDHCPDNS - ok
20:06:05.0269 5764 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:06:05.0280 5764 napagent - ok
20:06:05.0355 5764 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:06:05.0361 5764 NativeWifiP - ok
20:06:05.0480 5764 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
20:06:05.0499 5764 NDIS - ok
20:06:05.0570 5764 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:06:05.0572 5764 NdisCap - ok
20:06:05.0608 5764 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:06:05.0610 5764 NdisTapi - ok
20:06:05.0633 5764 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:06:05.0635 5764 Ndisuio - ok
20:06:05.0670 5764 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:06:05.0673 5764 NdisWan - ok
20:06:05.0699 5764 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:06:05.0701 5764 NDProxy - ok
20:06:05.0756 5764 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:06:05.0758 5764 NetBIOS - ok
20:06:05.0803 5764 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:06:05.0810 5764 NetBT - ok
20:06:05.0851 5764 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:06:05.0854 5764 Netlogon - ok
20:06:05.0938 5764 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:06:05.0951 5764 Netman - ok
20:06:06.0054 5764 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:06:06.0058 5764 NetMsmqActivator - ok
20:06:06.0080 5764 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:06:06.0083 5764 NetPipeActivator - ok
20:06:06.0152 5764 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:06:06.0162 5764 netprofm - ok
20:06:06.0171 5764 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:06:06.0174 5764 NetTcpActivator - ok
20:06:06.0196 5764 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:06:06.0201 5764 NetTcpPortSharing - ok
20:06:06.0679 5764 NETwNs64 (b9c587bdaa61a689883439d5ae6fe7f3) C:\Windows\system32\DRIVERS\NETwNs64.sys
20:06:06.0826 5764 NETwNs64 - ok
20:06:06.0957 5764 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
20:06:06.0959 5764 nfrd960 - ok
20:06:07.0025 5764 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:06:07.0033 5764 NlaSvc - ok
20:06:07.0057 5764 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:06:07.0058 5764 Npfs - ok
20:06:07.0068 5764 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:06:07.0073 5764 nsi - ok
20:06:07.0095 5764 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:06:07.0097 5764 nsiproxy - ok
20:06:07.0233 5764 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:06:07.0260 5764 Ntfs - ok
20:06:07.0368 5764 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:06:07.0369 5764 Null - ok
20:06:07.0413 5764 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:06:07.0417 5764 nvraid - ok
20:06:07.0448 5764 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:06:07.0454 5764 nvstor - ok
20:06:07.0491 5764 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:06:07.0494 5764 nv_agp - ok
20:06:07.0533 5764 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:06:07.0536 5764 ohci1394 - ok
20:06:07.0611 5764 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:06:07.0614 5764 ose - ok
20:06:07.0932 5764 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:06:08.0043 5764 osppsvc - ok
20:06:08.0159 5764 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:06:08.0173 5764 p2pimsvc - ok
20:06:08.0226 5764 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:06:08.0235 5764 p2psvc - ok
20:06:08.0288 5764 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
20:06:08.0290 5764 Parport - ok
20:06:08.0334 5764 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
20:06:08.0336 5764 partmgr - ok
20:06:08.0381 5764 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:06:08.0387 5764 PcaSvc - ok
20:06:08.0411 5764 pci (b26e102e0f54773119b162f56c9dd994) C:\Windows\system32\drivers\pci.sys
20:06:08.0415 5764 pci - ok
20:06:08.0451 5764 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:06:08.0453 5764 pciide - ok
20:06:08.0491 5764 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
20:06:08.0496 5764 pcmcia - ok
20:06:08.0516 5764 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:06:08.0518 5764 pcw - ok
20:06:08.0570 5764 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:06:08.0581 5764 PEAUTH - ok
20:06:08.0722 5764 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
20:06:08.0747 5764 PeerDistSvc - ok
20:06:08.0817 5764 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:06:08.0820 5764 PerfHost - ok
20:06:08.0987 5764 PFNService (6ce8bb00a615a4f3fa2f36fdb2ef4efa) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
20:06:08.0995 5764 PFNService - ok
20:06:09.0170 5764 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:06:09.0202 5764 pla - ok
20:06:09.0294 5764 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:06:09.0304 5764 PlugPlay - ok
20:06:09.0339 5764 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:06:09.0343 5764 PNRPAutoReg - ok
20:06:09.0395 5764 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:06:09.0404 5764 PNRPsvc - ok
20:06:09.0468 5764 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:06:09.0478 5764 PolicyAgent - ok
20:06:09.0519 5764 Power (a2cca4fb273e6050f17a0a416cff2fcd) C:\Windows\system32\umpo.dll
20:06:09.0528 5764 Power - ok
20:06:09.0616 5764 PowerSavingUtilityService (76ff4836efa78dbf3f39f612d88ca7e7) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
20:06:09.0618 5764 PowerSavingUtilityService - ok
20:06:09.0700 5764 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:06:09.0703 5764 PptpMiniport - ok
20:06:09.0736 5764 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
20:06:09.0739 5764 Processor - ok
20:06:09.0787 5764 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
20:06:09.0794 5764 ProfSvc - ok
20:06:09.0841 5764 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:06:09.0844 5764 ProtectedStorage - ok
20:06:09.0911 5764 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:06:09.0915 5764 Psched - ok
20:06:10.0043 5764 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
20:06:10.0068 5764 ql2300 - ok
20:06:10.0178 5764 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
20:06:10.0181 5764 ql40xx - ok
20:06:10.0238 5764 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:06:10.0245 5764 QWAVE - ok
20:06:10.0284 5764 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:06:10.0286 5764 QWAVEdrv - ok
20:06:10.0300 5764 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:06:10.0302 5764 RasAcd - ok
20:06:10.0368 5764 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:06:10.0370 5764 RasAgileVpn - ok
20:06:10.0394 5764 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:06:10.0399 5764 RasAuto - ok
20:06:10.0418 5764 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:06:10.0421 5764 Rasl2tp - ok
20:06:10.0465 5764 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:06:10.0477 5764 RasMan - ok
20:06:10.0522 5764 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:06:10.0525 5764 RasPppoe - ok
20:06:10.0552 5764 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:06:10.0554 5764 RasSstp - ok
20:06:10.0597 5764 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:06:10.0604 5764 rdbss - ok
20:06:10.0650 5764 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:06:10.0651 5764 rdpbus - ok
20:06:10.0671 5764 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:06:10.0673 5764 RDPCDD - ok
20:06:10.0727 5764 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
20:06:10.0731 5764 RDPDR - ok
20:06:10.0773 5764 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:06:10.0775 5764 RDPENCDD - ok
20:06:10.0803 5764 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:06:10.0804 5764 RDPREFMP - ok
20:06:10.0866 5764 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
20:06:10.0871 5764 RDPWD - ok
20:06:10.0902 5764 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:06:10.0906 5764 rdyboost - ok
20:06:11.0039 5764 RegSrvc (aa9fd849c028ccb441a78061b57db734) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
20:06:11.0053 5764 RegSrvc - ok
20:06:11.0098 5764 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:06:11.0103 5764 RemoteAccess - ok
20:06:11.0143 5764 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:06:11.0150 5764 RemoteRegistry - ok
20:06:11.0245 5764 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
20:06:11.0253 5764 RFCOMM - ok
20:06:11.0302 5764 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:06:11.0307 5764 RpcEptMapper - ok
20:06:11.0328 5764 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:06:11.0332 5764 RpcLocator - ok
20:06:11.0395 5764 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:06:11.0409 5764 RpcSs - ok
20:06:11.0447 5764 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:06:11.0450 5764 rspndr - ok
20:06:11.0525 5764 RSUSBSTOR (22d6b47d004a6568c500680be2972854) C:\Windows\System32\Drivers\RtsUStor.sys
20:06:11.0531 5764 RSUSBSTOR - ok
20:06:11.0584 5764 RTL8167 (afc12dfa4c7b089673ad67402ca19edb) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:06:11.0592 5764 RTL8167 - ok
20:06:11.0653 5764 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
20:06:11.0655 5764 s3cap - ok
20:06:11.0685 5764 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:06:11.0688 5764 SamSs - ok
20:06:11.0729 5764 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:06:11.0732 5764 sbp2port - ok
20:06:11.0901 5764 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
20:06:11.0920 5764 SBSDWSCService - ok
20:06:11.0968 5764 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:06:11.0974 5764 SCardSvr - ok
20:06:12.0013 5764 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:06:12.0014 5764 scfilter - ok
20:06:12.0097 5764 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:06:12.0118 5764 Schedule - ok
20:06:12.0149 5764 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:06:12.0152 5764 SCPolicySvc - ok
20:06:12.0194 5764 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:06:12.0201 5764 SDRSVC - ok
20:06:12.0279 5764 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:06:12.0280 5764 secdrv - ok
20:06:12.0308 5764 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:06:12.0313 5764 seclogon - ok
20:06:12.0357 5764 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
20:06:12.0362 5764 SENS - ok
20:06:12.0411 5764 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:06:12.0416 5764 SensrSvc - ok
20:06:12.0475 5764 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
20:06:12.0477 5764 Serenum - ok
20:06:12.0545 5764 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
20:06:12.0548 5764 Serial - ok
20:06:12.0591 5764 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
20:06:12.0592 5764 sermouse - ok
20:06:12.0657 5764 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:06:12.0664 5764 SessionEnv - ok
20:06:12.0698 5764 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:06:12.0699 5764 sffdisk - ok
20:06:12.0722 5764 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:06:12.0723 5764 sffp_mmc - ok
20:06:12.0744 5764 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:06:12.0745 5764 sffp_sd - ok
20:06:12.0777 5764 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
20:06:12.0778 5764 sfloppy - ok
20:06:12.0880 5764 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
20:06:12.0889 5764 Sftfs - ok
20:06:12.0990 5764 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
20:06:12.0997 5764 sftlist - ok
20:06:13.0020 5764 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
20:06:13.0024 5764 Sftplay - ok
20:06:13.0062 5764 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
20:06:13.0064 5764 Sftredir - ok
20:06:13.0088 5764 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
20:06:13.0089 5764 Sftvol - ok
20:06:13.0135 5764 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
20:06:13.0138 5764 sftvsa - ok
20:06:13.0180 5764 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:06:13.0189 5764 SharedAccess - ok
20:06:13.0237 5764 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:06:13.0247 5764 ShellHWDetection - ok
20:06:13.0276 5764 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
20:06:13.0278 5764 SiSRaid2 - ok
20:06:13.0313 5764 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
20:06:13.0315 5764 SiSRaid4 - ok
20:06:13.0402 5764 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
20:06:13.0405 5764 SkypeUpdate - ok
20:06:13.0438 5764 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:06:13.0441 5764 Smb - ok
20:06:13.0521 5764 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:06:13.0526 5764 SNMPTRAP - ok
20:06:13.0675 5764 SNP2UVC (9cd1c53490eb5601870a69a8e40f7b12) C:\Windows\system32\DRIVERS\snp2uvc.sys
20:06:13.0711 5764 SNP2UVC - ok
20:06:13.0837 5764 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:06:13.0840 5764 spldr - ok
20:06:13.0896 5764 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:06:13.0909 5764 Spooler - ok
20:06:14.0169 5764 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:06:14.0218 5764 sppsvc - ok
20:06:14.0315 5764 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:06:14.0319 5764 sppuinotify - ok
20:06:14.0390 5764 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:06:14.0396 5764 srv - ok
20:06:14.0440 5764 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:06:14.0450 5764 srv2 - ok
20:06:14.0481 5764 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:06:14.0484 5764 srvnet - ok
20:06:14.0557 5764 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:06:14.0564 5764 SSDPSRV - ok
20:06:14.0605 5764 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:06:14.0611 5764 SstpSvc - ok
20:06:14.0644 5764 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
20:06:14.0645 5764 stexstor - ok
20:06:14.0708 5764 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
20:06:14.0709 5764 StillCam - ok
20:06:14.0784 5764 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:06:14.0795 5764 stisvc - ok
20:06:14.0864 5764 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
20:06:14.0865 5764 storflt - ok
20:06:14.0901 5764 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
20:06:14.0909 5764 StorSvc - ok
20:06:14.0960 5764 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
20:06:14.0961 5764 storvsc - ok
20:06:14.0991 5764 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:06:14.0993 5764 swenum - ok
20:06:15.0045 5764 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:06:15.0056 5764 swprv - ok
20:06:15.0129 5764 SynTP (3c08fb2829a5304825f974b1631dedfa) C:\Windows\system32\DRIVERS\SynTP.sys
20:06:15.0134 5764 SynTP - ok
20:06:15.0234 5764 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:06:15.0260 5764 SysMain - ok
20:06:15.0377 5764 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:06:15.0385 5764 TabletInputService - ok
20:06:15.0426 5764 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:06:15.0433 5764 TapiSrv - ok
20:06:15.0458 5764 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:06:15.0465 5764 TBS - ok
20:06:15.0642 5764 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
20:06:15.0670 5764 Tcpip - ok
20:06:15.0883 5764 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
20:06:15.0922 5764 TCPIP6 - ok
20:06:16.0064 5764 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:06:16.0066 5764 tcpipreg - ok
20:06:16.0103 5764 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:06:16.0105 5764 TDPIPE - ok
20:06:16.0151 5764 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:06:16.0153 5764 TDTCP - ok
20:06:16.0192 5764 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:06:16.0195 5764 tdx - ok
20:06:16.0231 5764 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:06:16.0233 5764 TermDD - ok
20:06:16.0318 5764 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:06:16.0337 5764 TermService - ok
20:06:16.0357 5764 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:06:16.0362 5764 Themes - ok
20:06:16.0390 5764 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:06:16.0394 5764 THREADORDER - ok
20:06:16.0428 5764 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:06:16.0434 5764 TrkWks - ok
20:06:16.0503 5764 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:06:16.0507 5764 TrustedInstaller - ok
20:06:16.0552 5764 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:06:16.0555 5764 tssecsrv - ok
20:06:16.0599 5764 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:06:16.0601 5764 TsUsbFlt - ok
20:06:16.0640 5764 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
20:06:16.0642 5764 TsUsbGD - ok
20:06:16.0697 5764 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:06:16.0701 5764 tunnel - ok
20:06:16.0734 5764 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
20:06:16.0736 5764 uagp35 - ok
20:06:16.0768 5764 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:06:16.0776 5764 udfs - ok
20:06:16.0827 5764 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:06:16.0831 5764 UI0Detect - ok
20:06:16.0869 5764 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:06:16.0871 5764 uliagpkx - ok
20:06:16.0909 5764 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
20:06:16.0911 5764 umbus - ok
20:06:16.0937 5764 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
20:06:16.0939 5764 UmPass - ok
20:06:17.0012 5764 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
20:06:17.0020 5764 UmRdpService - ok
20:06:17.0287 5764 UNS (374ebda379a8f38e0cfc2211611e7167) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
20:06:17.0354 5764 UNS - ok
20:06:17.0481 5764 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:06:17.0491 5764 upnphost - ok
20:06:17.0570 5764 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
20:06:17.0571 5764 USBAAPL64 - ok
20:06:17.0614 5764 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys
20:06:17.0618 5764 usbccgp - ok
20:06:17.0679 5764 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:06:17.0682 5764 usbcir - ok
20:06:17.0712 5764 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
20:06:17.0714 5764 usbehci - ok
20:06:17.0782 5764 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:06:17.0789 5764 usbhub - ok
20:06:17.0804 5764 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
20:06:17.0806 5764 usbohci - ok
20:06:17.0843 5764 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
20:06:17.0847 5764 usbprint - ok
20:06:17.0877 5764 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:06:17.0880 5764 USBSTOR - ok
20:06:17.0924 5764 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
20:06:17.0927 5764 usbuhci - ok
20:06:18.0025 5764 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
20:06:18.0029 5764 usbvideo - ok
20:06:18.0066 5764 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:06:18.0070 5764 UxSms - ok
20:06:18.0108 5764 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:06:18.0112 5764 VaultSvc - ok
20:06:18.0147 5764 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:06:18.0148 5764 vdrvroot - ok
20:06:18.0196 5764 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:06:18.0210 5764 vds - ok
20:06:18.0263 5764 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:06:18.0265 5764 vga - ok
20:06:18.0291 5764 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:06:18.0293 5764 VgaSave - ok
20:06:18.0346 5764 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:06:18.0350 5764 vhdmp - ok
20:06:18.0388 5764 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:06:18.0389 5764 viaide - ok
20:06:18.0465 5764 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
20:06:18.0469 5764 vmbus - ok
20:06:18.0503 5764 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
20:06:18.0504 5764 VMBusHID - ok
20:06:18.0539 5764 volmgr (071e1b172d49154ee1d23a2acc472efb) C:\Windows\system32\drivers\volmgr.sys
20:06:18.0541 5764 volmgr - ok
20:06:18.0589 5764 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:06:18.0599 5764 volmgrx - ok
20:06:18.0659 5764 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\Windows\system32\drivers\volsnap.sys
20:06:18.0665 5764 volsnap - ok
20:06:18.0685 5764 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
20:06:18.0689 5764 vsmraid - ok
20:06:18.0811 5764 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:06:18.0854 5764 VSS - ok
20:06:18.0959 5764 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:06:18.0961 5764 vwifibus - ok
20:06:18.0996 5764 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:06:18.0999 5764 vwififlt - ok
20:06:19.0044 5764 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
20:06:19.0046 5764 vwifimp - ok
20:06:19.0100 5764 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:06:19.0119 5764 W32Time - ok
20:06:19.0163 5764 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
20:06:19.0166 5764 WacomPen - ok
20:06:19.0224 5764 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:06:19.0228 5764 WANARP - ok
20:06:19.0244 5764 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:06:19.0247 5764 Wanarpv6 - ok
20:06:19.0384 5764 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
20:06:19.0406 5764 WatAdminSvc - ok
20:06:19.0521 5764 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:06:19.0550 5764 wbengine - ok
20:06:19.0667 5764 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:06:19.0677 5764 WbioSrvc - ok
20:06:19.0720 5764 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:06:19.0731 5764 wcncsvc - ok
20:06:19.0750 5764 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:06:19.0755 5764 WcsPlugInService - ok
20:06:19.0803 5764 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
20:06:19.0805 5764 Wd - ok
20:06:19.0867 5764 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:06:19.0878 5764 Wdf01000 - ok
20:06:19.0929 5764 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:06:19.0938 5764 WdiServiceHost - ok
20:06:19.0958 5764 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:06:19.0965 5764 WdiSystemHost - ok
20:06:19.0997 5764 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:06:20.0006 5764 WebClient - ok
20:06:20.0036 5764 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:06:20.0046 5764 Wecsvc - ok
20:06:20.0089 5764 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:06:20.0096 5764 wercplsupport - ok
20:06:20.0159 5764 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:06:20.0163 5764 WerSvc - ok
20:06:20.0204 5764 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:06:20.0206 5764 WfpLwf - ok
20:06:20.0221 5764 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:06:20.0223 5764 WIMMount - ok
20:06:20.0261 5764 WinDefend - ok
20:06:20.0275 5764 WinHttpAutoProxySvc - ok
20:06:20.0340 5764 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:06:20.0345 5764 Winmgmt - ok
20:06:20.0487 5764 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:06:20.0524 5764 WinRM - ok
20:06:20.0692 5764 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:06:20.0694 5764 WinUsb - ok
20:06:20.0784 5764 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:06:20.0803 5764 Wlansvc - ok
20:06:20.0882 5764 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:06:20.0884 5764 wlcrasvc - ok
20:06:21.0047 5764 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:06:21.0087 5764 wlidsvc - ok
20:06:21.0185 5764 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:06:21.0187 5764 WmiAcpi - ok
20:06:21.0250 5764 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:06:21.0254 5764 wmiApSrv - ok
20:06:21.0315 5764 WMPNetworkSvc - ok
20:06:21.0353 5764 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:06:21.0358 5764 WPCSvc - ok
20:06:21.0390 5764 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:06:21.0396 5764 WPDBusEnum - ok
20:06:21.0428 5764 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:06:21.0430 5764 ws2ifsl - ok
20:06:21.0459 5764 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
20:06:21.0468 5764 wscsvc - ok
20:06:21.0474 5764 WSearch - ok
20:06:21.0649 5764 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
20:06:21.0694 5764 wuauserv - ok
20:06:21.0819 5764 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:06:21.0824 5764 WudfPf - ok
20:06:21.0860 5764 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:06:21.0864 5764 WUDFRd - ok
20:06:21.0909 5764 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:06:21.0918 5764 wudfsvc - ok
20:06:21.0964 5764 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:06:21.0976 5764 WwanSvc - ok
20:06:22.0085 5764 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:06:23.0157 5764 \Device\Harddisk0\DR0 - ok
20:06:23.0186 5764 Boot (0x1200) (144ac2c02f311de95c68102f9a1fe83e) \Device\Harddisk0\DR0\Partition0
20:06:23.0189 5764 \Device\Harddisk0\DR0\Partition0 - ok
20:06:23.0191 5764 ============================================================
20:06:23.0191 5764 Scan finished
20:06:23.0191 5764 ============================================================
20:06:23.0217 1436 Detected object count: 0
20:06:23.0217 1436 Actual detected object count: 0
20:07:07.0340 3008 Deinitialize success
Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-26 20:31:23
-----------------------------
20:31:23.471 OS Version: Windows x64 6.1.7601 Service Pack 1
20:31:23.471 Number of processors: 4 586 0x2A07
20:31:23.473 ComputerName: VANIS-LAPTOP UserName: Vani
20:31:24.688 Initialize success
20:31:37.096 AVAST engine defs: 12062600
20:31:58.540 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:31:58.552 Disk 0 Vendor: TOSHIBA_ GS00 Size: 476940MB BusType: 3
20:31:58.574 Disk 0 MBR read successfully
20:31:58.583 Disk 0 MBR scan
20:31:58.595 Disk 0 Windows 7 default MBR code
20:31:58.611 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 2117 MB offset 2048
20:31:58.627 Disk 0 Partition - 00 0F Extended LBA 474820 MB offset 4339712
20:31:58.659 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 455816 MB offset 4341760
20:31:58.675 Disk 0 Partition - 00 05 Extended 5001 MB offset 937852928
20:31:58.729 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 5000 MB offset 937854976
20:31:58.747 Disk 0 Partition - 00 05 Extended 14001 MB offset 1881610240
20:31:58.780 Disk 0 Partition 4 00 27 Hidden NTFS WinRE NTFS 14000 MB offset 948099072
20:31:58.832 Disk 0 scanning C:\Windows\system32\drivers
20:32:17.511 Service scanning
20:33:16.201 Modules scanning
20:33:16.258 Disk 0 trace - called modules:
20:33:16.276 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
20:33:16.287 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005ff0060]
20:33:16.297 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004277050]
20:33:17.656 AVAST engine scan C:\Windows
20:33:22.512 AVAST engine scan C:\Windows\system32
20:40:03.497 AVAST engine scan C:\Windows\system32\drivers
20:40:26.171 AVAST engine scan C:\Users\Vani
20:57:52.794 AVAST engine scan C:\ProgramData
21:00:23.163 Scan finished successfully
21:14:23.400 Disk 0 MBR has been saved successfully to "C:\Users\Vani\Downloads\MBR.dat"
21:14:23.424 The log file has been saved successfully to "C:\Users\Vani\Downloads\aswMBR.txt"
Zweiter Scan wurde durch einen merkwürdigen Blue Screen unterbrochen. Liebe Grüße und vielen Dank! |
|
27.06.2012, 12:38
| #4 | |
| /// Malwareteam | "Kanadische Version" des BKA-Trojaners Combofix Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ Kein Asylrecht für Trojaner!  Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
29.06.2012, 02:48
| #5 |
| | "Kanadische Version" des BKA-Trojaners Hier die nächste Logfile. Nach dem Neustarten wegen der Registrierungsschlüsselmeldung hat sich Spybot gemeldet. Code:
ATTFilter ComboFix 12-06-28.03 - Vani 29.06.2012 3:27.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4009.2323 [GMT 2:00]
ausgeführt von:: c:\users\Vani\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\programdata\Roaming
c:\users\Vani\_MG_1439.JPG~RF17e916.TMP
c:\users\Vani\_MG_2157.JPG~RF24891c.TMP
c:\users\Vani\_MG_2172.JPG~RF24c89c.TMP
c:\users\Vani\_MG_2173.JPG~RF24d7d8.TMP
c:\users\Vani\_MG_2178.JPG~RF25694d.TMP
c:\users\Vani\_MG_2180.JPG~RF2580f2.TMP
c:\users\Vani\Documents\~WRL0003.tmp
c:\windows\SysWow64\DEBUG.log
.
Infizierte Kopie von c:\windows\system32\Services.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\erdnt\cache64\services.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-28 bis 2012-06-29 ))))))))))))))))))))))))))))))
.
.
2012-06-29 01:32 . 2012-06-29 01:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-28 18:20 . 2012-06-28 18:20 -------- d-----w- c:\windows\de
2012-06-28 18:19 . 2012-06-28 18:19 -------- d-----w- c:\windows\en
2012-06-28 18:19 . 2012-06-28 18:19 -------- d-----w- c:\windows\fr
2012-06-28 18:19 . 2012-06-28 18:19 -------- d-----w- c:\windows\es
2012-06-28 18:19 . 2012-06-28 18:19 -------- d-----w- c:\windows\it
2012-06-28 18:19 . 2012-06-28 18:19 -------- d-----w- c:\windows\nl
2012-06-28 18:15 . 2012-06-28 18:15 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-28 18:10 . 2012-06-28 18:10 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\54d8acac1cd555902\MeshBetaRemover.exe
2012-06-28 18:10 . 2012-06-28 18:10 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\53d25c651cd555901\DSETUP.dll
2012-06-28 18:10 . 2012-06-28 18:10 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\53d25c651cd555901\DXSETUP.exe
2012-06-28 18:10 . 2012-06-28 18:10 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\53d25c651cd555901\dsetup32.dll
2012-06-23 03:27 . 2012-06-23 04:09 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-23 03:27 . 2012-06-23 03:27 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-06-23 03:18 . 2002-03-05 22:00 75264 ----a-w- c:\windows\SysWow64\unacev2.dll
2012-06-23 03:18 . 2003-02-02 17:06 153088 ----a-w- c:\windows\SysWow64\UNRAR3.dll
2012-06-23 03:18 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-23 03:18 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-23 03:18 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-23 03:18 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-23 03:18 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-23 03:18 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-23 03:18 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-23 03:18 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-23 03:18 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-23 03:06 . 2012-06-23 03:20 -------- d-----w- c:\program files (x86)\Trojan Remover
2012-06-23 03:06 . 2012-06-23 03:06 -------- d-----w- c:\users\Vani\AppData\Roaming\Simply Super Software
2012-06-23 03:06 . 2012-06-23 03:06 -------- d-----w- c:\programdata\Simply Super Software
2012-06-13 21:08 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 21:08 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 21:08 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 21:05 . 2012-06-13 21:05 -------- d-----w- c:\users\Vani\AppData\Local\Macromedia
2012-06-07 16:50 . 2012-06-07 16:50 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-07 16:50 . 2012-06-07 16:50 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-13 21:04 . 2012-05-01 01:50 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-13 21:04 . 2011-12-29 13:28 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-09 04:54 . 2012-01-05 18:20 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-09 04:54 . 2012-01-05 18:20 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-04 18:25 . 2012-05-01 02:25 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-01 22:34 . 2012-01-03 15:48 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-04-01 22:33 . 2012-01-03 15:47 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-04-01 22:32 . 2012-01-03 15:47 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-29_01.12.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-29 01:32 . 2012-06-29 01:32 13306 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-06-28 19:25 . 2012-06-28 19:25 13306 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-06-29 00:44 . 2012-06-29 00:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-29 01:32 . 2012-06-29 01:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-29 00:44 . 2012-06-29 00:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-29 01:32 . 2012-06-29 01:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2012-06-29 01:32 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-28 19:25 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-12-29 13:44 . 2012-06-28 19:25 27364348 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1006263169-1334866135-308599736-1000-8192.dat
+ 2011-12-29 13:44 . 2012-06-29 01:32 27364348 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1006263169-1334866135-308599736-1000-8192.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Vani\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Vani\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Vani\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Installation Diagnostics"="c:\program files (x86)\Brother\Brmfl06d\Brinstck.exe" [2006-11-04 126976]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176]
"Facebook Update"="c:\users\Vani\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-04-18 137536]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [BU]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IndicatorUtility"="c:\program files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2010-09-30 48752]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2009-08-13 662016]
"DeskUpdateNotifier"="c:\fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe" [2010-10-13 97560]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"YouCam Mirror Tray icon"="c:\program files (x86)\CyberLink\YouCam\YouCamTray.exe" [2009-07-08 162912]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-05 630784]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2006-11-07 65536]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2012-06-23 1240848]
.
c:\users\Vani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Vani\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
Facebook Messenger.lnk - c:\users\Vani\AppData\Local\Facebook\Messenger\2.1.4554.0\FacebookMessenger.exe [2012-6-20 209920]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LaunchCenter.lnk - c:\program files\Fujitsu\LaunchCenter\LaunchCenter.exe [2011-4-12 375296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-17 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2010-11-03 1298496]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-17 136176]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-03-24 34200]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-01-05 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-18 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 FBIOSDRV;Fujitsu BIOS Driver;c:\windows\System32\Drivers\FBIOSDRV.sys [2009-06-24 21104]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-15 27760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-09 86224]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-11-03 897088]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2010-11-03 983104]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 PFNService;PFNService;c:\program files\Fujitsu\Plugfree NETWORK\PFNService.exe [2010-10-07 331776]
S2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe [2010-06-17 63336]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2010-11-04 58128]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2010-10-20 274432]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\FUJ02E3.sys [2006-11-01 7296]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2010-11-04 59904]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-03-24 25496]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-01-04 8507392]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-05-07 245792]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1006263169-1334866135-308599736-1000Core.job
- c:\users\Vani\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-18 20:48]
.
2012-06-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1006263169-1334866135-308599736-1000UA.job
- c:\users\Vani\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-18 20:48]
.
2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-17 01:34]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-17 01:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Vani\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Vani\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Vani\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Vani\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2010-11-03 10228224]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2010-06-08 45680]
"FDM7"="c:\program files\Fujitsu\FDM7\FdmDaemon.exe" [2009-11-26 164712]
"PSUTility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2010-11-13 199528]
"PfNet"="c:\program files\Fujitsu\Plugfree NETWORK\PfNet.exe" [2010-10-07 6311424]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-07 11663464]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 416024]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-05 1933584]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2009-08-13 662016]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2010-07-16 162416]
"LoadBtnHnd"="c:\program files\Fujitsu\Application Panel\BtnHnd.exe" [2010-07-09 21616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?affID=110819&tt=100512_4_&babsrc=HP_ss&mntrId=9c42c511000000000000bc7737227eab
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\Vani\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Vani\AppData\Roaming\Mozilla\Firefox\Profiles\vh618u4w.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=110819&tt=100512_4_&babsrc=KW_ss&mntrId=9c42c511000000000000bc7737227eab&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110819&tt=100512_4_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 9c42c511000000000000bc7737227eab
FF - user.js: extensions.BabylonToolbar_i.hardId - 9c42c511000000000000bc7737227eab
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15476
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:34
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-29 03:38:29 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-06-29 01:38
.
Vor Suchlauf: 12 Verzeichnis(se), 411.461.505.024 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 411.167.801.344 Bytes frei
.
- - End Of File - - 7BAC94298335C24CCBE3D5ED88928CCB
|
|
29.06.2012, 08:05
| #6 |
| /// Malwareteam | "Kanadische Version" des BKA-Trojaners Mit laufendem TeaTimer von Spybot Search&Destroy lässt sich keine Reinigung durchführen, da er alle gelöschten Einträge wiederherstellt. Der Teatimer muss also während der Reinigungsarbeiten abgestellt werden (lasse den Teatimer so lange ausgeschaltet, bis wir mit der Reinigung fertig sind): Starte Spybot S&D => stelle im Menü "Modus" den "Erweiterten Modus" ein => klicke dann links unten auf "Werkzeuge" => klicke auf "Resident" => das Häkchen entfernen bei Resident "TeaTimer" (Schutz aller Systemeinstellungen) => Spybot Search&Destroy schließen => Rechner neu starten. Bebilderte Anleitung. Scan mit adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ --> "Kanadische Version" des BKA-Trojaners |
|
30.06.2012, 04:29
| #7 |
| | "Kanadische Version" des BKA-Trojaners Ergebnis: Code:
ATTFilter # AdwCleaner v1.700 - Logfile created 06/30/2012 at 05:27:08
# Updated 26/06/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Vani - VANIS-LAPTOP
# Running from : C:\Users\Vani\Downloads\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
***** [Registry] *****
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
***** [Registre - GUID] *****
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=110819&tt=100512_4_&babsrc=HP_ss&mntrId=9c42c511000000000000bc7737227eab
-\\ Mozilla Firefox v13.0.1 (de)
Profile name : default
File : C:\Users\Vani\AppData\Roaming\Mozilla\Firefox\Profiles\vh618u4w.default\prefs.js
Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Found : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Found : user_pref("browser.search.order.1", "Search the web (Babylon)");
Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110819&tt=100512_4_");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "9c42c511000000000000bc7737227eab");
Found : user_pref("extensions.BabylonToolbar_i.id", "9c42c511000000000000bc7737227eab");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15476");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110819&tt=10051[...]
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1721:34:32");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Found : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=110819&tt=100512_4_&babsrc=KW_ss&mntrId=9[...]
*************************
AdwCleaner[R1].txt - [3473 octets] - [30/06/2012 05:27:08]
########## EOF - C:\AdwCleaner[R1].txt - [3601 octets] ##########
|
|
03.07.2012, 09:01
| #8 |
| /// Malwareteam | "Kanadische Version" des BKA-Trojaners Das sind zum Glück nur Reste davon! Machen wir sie platt... Schritt 1: Fix mit adwCleaner
Schritt 2: Neues OTL-Log Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
05.07.2012, 03:34
| #9 |
| | "Kanadische Version" des BKA-Trojaners Schritt 1 Auswertung: Code:
ATTFilter # AdwCleaner v1.700 - Logfile created 07/05/2012 at 03:49:51
# Updated 26/06/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Vani - VANIS-LAPTOP
# Running from : C:\Users\Vani\Downloads\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
***** [Registry] *****
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
***** [Registre - GUID] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=110819&tt=100512_4_&babsrc=HP_ss&mntrId=9c42c511000000000000bc7737227eab --> hxxp://www.google.com
-\\ Mozilla Firefox v13.0.1 (de)
Profile name : default
File : C:\Users\Vani\AppData\Roaming\Mozilla\Firefox\Profiles\vh618u4w.default\prefs.js
C:\Users\Vani\AppData\Roaming\Mozilla\Firefox\Profiles\vh618u4w.default\user.js ... Deleted !
Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110819&tt=100512_4_");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "9c42c511000000000000bc7737227eab");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "9c42c511000000000000bc7737227eab");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15476");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110819&tt=10051[...]
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1721:34:32");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=110819&tt=100512_4_&babsrc=KW_ss&mntrId=9[...]
*************************
AdwCleaner[R1].txt - [3592 octets] - [30/06/2012 05:27:08]
AdwCleaner[R2].txt - [3573 octets] - [30/06/2012 05:41:53]
AdwCleaner[S1].txt - [3311 octets] - [05/07/2012 03:49:51]
########## EOF - C:\AdwCleaner[S1].txt - [3439 octets] ##########
1. Code:
ATTFilter OTL logfile created on: 7/5/2012 3:56:53 AM - Run 2 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Vani\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.91 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 49.33% Memory free 7.83 Gb Paging File | 5.63 Gb Available in Paging File | 71.90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 445.13 Gb Total Space | 391.93 Gb Free Space | 88.05% Space Free | Partition Type: NTFS Drive E: | 973.88 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: VANIS-LAPTOP | User Name: Vani | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Vani\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\Vani\AppData\Local\Facebook\Messenger\2.1.4554.0\FacebookMessenger.exe (Facebook) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\Vani\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe (Fujitsu Technology Solutions) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe (Intel Corporation) PRC - C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED) PRC - C:\Windows\vsnp2uvc.exe (Sonix) PRC - C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\DeskUpdateNotifier\569ae0e6ae16143c894d71502549da74\DeskUpdateNotifier.ni.exe () MOD - C:\Users\Vani\AppData\Local\Facebook\Messenger\2.1.4554.0\CefSharp.dll () MOD - C:\Users\Vani\AppData\Local\Facebook\Messenger\2.1.4554.0\CefSharp.WinForms.dll () MOD - C:\Users\Vani\AppData\Local\Facebook\Messenger\2.1.4554.0\libcef.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\e3d2577e00aef6bc9b3e235eb83634f3\Microsoft.JScript.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\log4net\9ab326b1ab7ea0327be0f063a352f29c\log4net.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll () MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (EvtEng) Intel(R) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe () SRV:64bit: - (RegSrvc) Intel(R) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV:64bit: - (PFNService) -- C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe (FUJITSU LIMITED) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (PowerSavingUtilityService) -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe (FUJITSU LIMITED) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation) SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation) DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (NETwNs64) ___ Intel(R) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation) DRV:64bit: - (iBtFltCoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation) DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation) DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys () DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (FBIOSDRV) -- C:\Windows\SysNative\drivers\FBIOSDRV.sys (FUJITSU LIMITED) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (FUJ02E3) -- C:\Windows\SysNative\drivers\fuj02e3.sys (FUJITSU LIMITED) DRV:64bit: - (FUJ02B1) -- C:\Windows\SysNative\drivers\fuj02b1.sys (FUJITSU LIMITED) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {D798D56C-CA3C-46E5-8237-2F2664E0A6A3} IE:64bit: - HKLM\..\SearchScopes\{D798D56C-CA3C-46E5-8237-2F2664E0A6A3}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSF IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {D798D56C-CA3C-46E5-8237-2F2664E0A6A3} IE - HKLM\..\SearchScopes\{D798D56C-CA3C-46E5-8237-2F2664E0A6A3}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSF IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Vani\AppData\Local\Facebook\Messenger\2.1.4554.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/16 21:20:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/11 21:05:05 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/16 21:20:21 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/11 21:05:05 | 000,000,000 | ---D | M] [2011/12/29 14:19:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vani\AppData\Roaming\mozilla\Extensions [2012/07/05 03:25:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vani\AppData\Roaming\mozilla\Firefox\Profiles\vh618u4w.default\extensions [2012/01/27 20:00:10 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Vani\AppData\Roaming\mozilla\Firefox\Profiles\vh618u4w.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012/02/17 23:39:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012/02/29 03:55:02 | 000,258,567 | ---- | M] () (No name found) -- C:\USERS\VANI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VH618U4W.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI [2012/06/16 21:20:21 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/06/07 18:50:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/06/07 18:50:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/06/07 18:50:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012/06/07 18:50:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012/06/07 18:50:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012/06/07 18:50:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012/06/29 03:12:12 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:64bit: - HKLM..\Run: [FDM7] C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [PfNet] C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [PSUTility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [DeskUpdateNotifier] c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe (Fujitsu Technology Solutions) O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.) O4 - HKCU..\Run: [Facebook Update] C:\Users\Vani\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [Installation Diagnostics] C:\Program Files (x86)\Brother\Brmfl06d\Brinstck.exe (Brother Industries, Ltd.) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - Startup: C:\Users\Vani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Vani\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Vani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Vani\AppData\Local\Facebook\Messenger\2.1.4554.0\FacebookMessenger.exe (Facebook) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Vani\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Vani\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{67CD0FEF-168C-44B4-836C-97DBD995DF2F}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/01/12 07:31:08 | 000,000,000 | R--D | M] - E:\AutoRun -- [ UDF ] O32 - AutoRun File - [2008/01/12 07:40:28 | 000,703,552 | R--- | M] (Electronic Arts Inc.) - E:\AutoRun.exe -- [ UDF ] O32 - AutoRun File - [2008/01/11 17:17:04 | 000,662,592 | R--- | M] (Electronic Arts Inc.) - E:\AutoRunGUI.dll -- [ UDF ] O32 - AutoRun File - [2008/01/12 07:40:09 | 000,000,150 | R--- | M] () - E:\autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/06/30 05:49:58 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012/06/30 05:41:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/06/30 05:25:01 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/06/29 04:21:39 | 000,000,000 | ---D | C] -- C:\Users\Vani\AppData\Local\{E3FDFA34-1C66-43DC-903C-DB1289DA82A2} [2012/06/29 04:20:21 | 000,000,000 | ---D | C] -- C:\Users\Vani\AppData\Local\{FE31537A-A5DC-4D8A-ABC7-4F05C2AF32A5} [2012/06/29 02:59:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/06/29 02:59:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/06/29 02:59:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/06/29 02:56:58 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/06/29 02:56:38 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/06/28 20:20:49 | 000,000,000 | ---D | C] -- C:\Windows\de [2012/06/28 20:19:37 | 000,000,000 | ---D | C] -- C:\Windows\en [2012/06/28 20:19:31 | 000,000,000 | ---D | C] -- C:\Windows\fr [2012/06/28 20:19:27 | 000,000,000 | ---D | C] -- C:\Windows\es [2012/06/28 20:19:22 | 000,000,000 | ---D | C] -- C:\Windows\it [2012/06/28 20:19:16 | 000,000,000 | ---D | C] -- C:\Windows\nl [2012/06/28 20:16:43 | 000,000,000 | ---D | C] -- C:\Users\Vani\AppData\Local\{A81D51A2-71B4-434A-B8BD-FAA873F97F21} [2012/06/28 20:16:13 | 000,000,000 | ---D | C] -- C:\Users\Vani\AppData\Local\{CEC8B55F-C920-4EF9-B9E3-667991EE95D6} [2012/06/28 20:12:37 | 000,000,000 | ---D | C] -- C:\Users\Vani\AppData\Local\{7D1B5A12-E843-49F4-AC2E-6E391882B899} [2012/06/28 20:12:32 | 000,000,000 | ---D | C] -- C:\Users\Vani\AppData\Local\{2CBB340F-569F-4B6A-895A-AD0094F55180} [2012/06/28 20:11:08 | 000,000,000 | ---D | C] -- C:\Users\Vani\AppData\Local\{29B91CA6-8419-4EB3-AA95-08463F10FA03} [2012/06/28 20:11:01 | 000,000,000 | ---D | C] -- C:\Users\Vani\AppData\Local\{C8037A94-0A02-4BB6-99BE-FE98A6AB8C33} [2012/06/28 20:10:03 | 000,000,000 | ---D | C] -- C:\Users\Vani\AppData\Local\{FD3A55F1-DC83-481E-AA06-F630843C0B86} [2012/06/28 20:09:33 | 000,000,000 | ---D | C] -- C:\Users\Vani\AppData\Local\{0C04C998-C79B-4D75-B13C-8A97868E6E12} [2012/06/28 20:08:11 | 000,000,000 | ---D | C] -- C:\Users\Vani\AppData\Local\{35F32BD6-8315-4EAC-A5A9-6680965A4B4D} [2012/06/28 20:07:04 | 000,000,000 | ---D | C] -- C:\Users\Vani\AppData\Local\{FFFEA4E1-AC91-4441-B16D-E71692326D7F} [2012/06/28 20:06:30 | 000,000,000 | ---D | C] -- C:\Users\Vani\AppData\Local\{33E5578B-F737-4927-B7DC-6C7F74FF7BEE} [2012/06/28 19:13:23 | 000,000,000 | ---D | C] -- C:\Users\Vani\AppData\Local\{3739B807-F50F-42FC-A9E3-FBE15214019A} [2012/06/28 19:10:36 | 000,000,000 | ---D | C] -- C:\Users\Vani\AppData\Local\{01EFE46B-E359-4121-BB53-DADF5592CE8E} [2012/06/26 20:26:55 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012/06/23 20:02:30 | 000,000,000 | ---D | C] -- C:\Users\Vani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook [2012/06/23 20:02:26 | 000,000,000 | ---D | C] -- C:\Config.Msi [2012/06/23 05:27:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012/06/23 05:27:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012/06/23 05:27:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012/06/23 05:18:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover [2012/06/23 05:18:41 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012/06/23 05:18:41 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012/06/23 05:18:40 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012/06/23 05:18:20 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012/06/23 05:18:20 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012/06/23 05:18:20 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012/06/23 05:18:08 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012/06/23 05:18:08 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2012/06/23 05:06:44 | 000,000,000 | ---D | C] -- C:\Users\Vani\Documents\Simply Super Software [2012/06/23 05:06:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover [2012/06/23 05:06:33 | 000,000,000 | ---D | C] -- C:\Users\Vani\AppData\Roaming\Simply Super Software [2012/06/23 05:06:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2012/06/14 03:01:15 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/06/14 03:01:15 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/06/14 03:01:14 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/06/14 03:01:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/06/14 03:01:13 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/06/14 03:01:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/06/14 03:01:12 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/06/14 03:01:12 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/06/14 03:01:09 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/06/14 03:01:09 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/06/14 03:01:08 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/06/14 03:01:08 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/06/14 03:01:07 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/06/13 23:08:34 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012/06/13 23:08:34 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012/06/13 23:08:34 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012/06/13 23:07:40 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012/06/13 23:07:39 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012/06/13 23:07:39 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012/06/13 23:07:34 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll [2012/06/13 23:07:28 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012/06/13 23:07:27 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012/06/13 23:05:36 | 000,000,000 | ---D | C] -- C:\Users\Vani\AppData\Local\Macromedia [2012/06/12 04:08:52 | 000,000,000 | ---D | C] -- C:\Users\Vani\AppData\Local\{20DF3378-F27C-408D-8E4F-C31674B960D2} [2012/06/11 22:12:30 | 000,000,000 | ---D | C] -- C:\Users\Vani\AppData\Local\{FAC0DC63-7D73-4392-85CB-BD3A47A43A53} [2012/06/11 22:07:10 | 000,000,000 | ---D | C] -- C:\Users\Vani\AppData\Local\{7EFF47F9-09CB-497E-B0D9-905A5EE9D2DB} ========== Files - Modified Within 30 Days ========== [2012/07/05 03:59:00 | 000,020,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/07/05 03:59:00 | 000,020,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/07/05 03:51:21 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/07/05 03:51:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/07/05 03:50:53 | 3152,506,880 | -HS- | M] () -- C:\hiberfil.sys [2012/07/05 03:45:01 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/06/30 08:06:45 | 000,001,288 | ---- | M] () -- C:\Users\Vani\Documents\kalkus.rtf [2012/06/30 07:53:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1006263169-1334866135-308599736-1000UA.job [2012/06/30 07:25:45 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI [2012/06/29 03:12:12 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/06/27 22:53:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1006263169-1334866135-308599736-1000Core.job [2012/06/27 04:40:33 | 001,614,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/06/27 04:40:33 | 000,697,534 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012/06/27 04:40:33 | 000,652,812 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/06/27 04:40:33 | 000,148,540 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012/06/27 04:40:33 | 000,121,486 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/06/26 20:26:51 | 556,437,004 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012/06/26 19:16:41 | 000,000,162 | -H-- | M] () -- C:\Users\Vani\Documents\~$kalkus.rtf [2012/06/23 20:02:30 | 000,001,343 | ---- | M] () -- C:\Users\Vani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk [2012/06/23 05:36:25 | 000,000,000 | ---- | M] () -- C:\Users\Vani\defogger_reenable [2012/06/23 04:53:11 | 004,503,728 | ---- | M] () -- C:\ProgramData\loc_pyt_0_kroj.pad [2012/06/23 04:21:02 | 000,000,035 | ---- | M] () -- C:\Users\Vani\AppData\Roaming\mbam.context.scan [2012/06/14 02:45:45 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/06/13 23:04:14 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/06/13 23:04:14 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/06/11 05:11:08 | 000,000,662 | ---- | M] () -- C:\Users\Vani\Documents\rezept.rtf ========== Files Created - No Company Name ========== [2012/06/29 02:59:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/06/29 02:59:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/06/29 02:59:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/06/29 02:59:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/06/29 02:59:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/06/26 20:26:51 | 556,437,004 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012/06/26 19:16:41 | 000,000,162 | -H-- | C] () -- C:\Users\Vani\Documents\~$kalkus.rtf [2012/06/23 05:36:25 | 000,000,000 | ---- | C] () -- C:\Users\Vani\defogger_reenable [2012/06/23 05:18:47 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll [2012/06/23 05:18:46 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll [2012/06/23 04:21:02 | 000,000,035 | ---- | C] () -- C:\Users\Vani\AppData\Roaming\mbam.context.scan [2012/06/22 23:01:57 | 004,503,728 | ---- | C] () -- C:\ProgramData\loc_pyt_0_kroj.pad [2012/06/16 20:38:23 | 000,001,288 | ---- | C] () -- C:\Users\Vani\Documents\kalkus.rtf [2012/06/11 05:11:08 | 000,000,662 | ---- | C] () -- C:\Users\Vani\Documents\rezept.rtf [2011/12/31 14:31:11 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011/12/31 14:31:11 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2011/12/31 14:31:10 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\bd9840cd.dat [2011/12/31 14:30:02 | 000,000,235 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2011/12/31 14:30:02 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini [2011/12/31 14:27:15 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL [2011/12/31 14:27:15 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI [2011/12/31 14:27:14 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2011/12/31 14:27:13 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2011/12/31 14:27:12 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll [2011/12/29 21:41:05 | 000,245,760 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll [2011/12/29 21:41:05 | 000,024,576 | ---- | C] () -- C:\Windows\snuvcdsm.exe [2011/12/29 21:41:05 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2011/05/07 19:16:59 | 001,592,786 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/05/02 02:21:18 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011/05/02 02:21:15 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011/05/02 02:21:12 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2011/05/02 02:21:09 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011/05/02 02:21:06 | 013,359,616 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2010/11/25 06:43:32 | 000,040,448 | ---- | C] () -- C:\Windows\REGOBJ.DLL < End of report > Code:
ATTFilter OTL Extras logfile created on: 7/5/2012 3:56:53 AM - Run 2
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Vani\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.91 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 49.33% Memory free
7.83 Gb Paging File | 5.63 Gb Available in Paging File | 71.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 445.13 Gb Total Space | 391.93 Gb Free Space | 88.05% Space Free | Partition Type: NTFS
Drive E: | 973.88 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: VANIS-LAPTOP | User Name: Vani | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{011AA0F9-C8DF-4EEC-8752-6152DAA5DE70}" = rport=139 | protocol=6 | dir=out | app=system |
"{0194E714-8467-47AB-AD78-63284C73D3D6}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{06E89086-29C2-4D18-AC5D-25C083906403}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{0B1E56E4-04D3-4B4F-A0E2-8D7E5AF64C4C}" = rport=138 | protocol=17 | dir=out | app=system |
"{15E9B7CB-58D4-445A-9905-99A40C208E6D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1BD62B67-4683-4F77-A206-1A5B26E245AC}" = lport=138 | protocol=17 | dir=in | app=system |
"{39697303-8E2E-442C-8712-8113EC945DB9}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4F8A033F-60DD-4DCB-A346-61B229B128FA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{50268596-08D6-4C38-92F1-4B8B76B808C0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{540BCB69-DB41-4355-8D50-7B4495123C54}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6C1CC59F-45A5-4555-94DD-3422C0C778D7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6E657BCC-895D-4AE5-AB4E-FAB5FF3FA743}" = rport=445 | protocol=6 | dir=out | app=system |
"{703589E4-9490-4B2D-8077-89E7275187BE}" = lport=445 | protocol=6 | dir=in | app=system |
"{86015F23-BC63-4C00-BA63-37E2F98FE3FB}" = lport=137 | protocol=17 | dir=in | app=system |
"{8B23AC65-DA99-4C92-91D9-F286FCFC2912}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8E7D4F6B-CED0-45F7-91D4-06FF44D11073}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A55C06A5-0F15-46AA-961D-4620D73AED5C}" = rport=137 | protocol=17 | dir=out | app=system |
"{ADB7C8C4-576A-4B09-98DA-20BAE2C828F5}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BA8B99F0-FB49-4EE7-8BB8-281033402BC1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C0F997C5-80CA-4E84-9009-9A5B60E9485F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CCDB8269-FE87-4D73-9258-C279B5F09F03}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E6B7CBEF-E147-4DE3-B8A0-47E9E3D64083}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F6B8D16B-5656-4523-89DE-28EA33293F6F}" = lport=139 | protocol=6 | dir=in | app=system |
"{FBDED237-6D99-4815-8CB2-0431B0CEB954}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05582193-EA06-4F73-939E-EC4860ACFE38}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0834088C-B95F-418E-906F-F56A48215BA9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1C98B7B2-0A49-4B42-A720-DD864D7186A7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2C2E52F3-7895-49AD-8A22-D2E3E1802A28}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{377E4487-F224-4FF9-8047-B16BCD7B0BAD}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |
"{5089E91B-E800-46BB-9132-A89A5240B3A3}" = protocol=6 | dir=in | app=c:\users\vani\appdata\roaming\dropbox\bin\dropbox.exe |
"{52F041E3-03D3-494D-AF24-DA70A923BF1E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{58079FC9-9EDE-4176-A2E9-8D1877EDDB70}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5FAB87F0-787F-4277-84FC-A30BFA51848A}" = protocol=6 | dir=out | app=system |
"{6399AC6D-74BB-4BD3-8E56-0937267B18C5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{6D45461D-AFFD-46A8-88A6-3C36D3D90429}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{73FF8CAB-6DE7-48E2-B2DB-9D70C6BFA60A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{87A2AFA2-A4FD-4CC6-BAD2-F06BB24DBFC8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{88599510-3ABA-46CB-A734-C3A0624C8396}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{9EC6C9B1-4D86-43E9-866E-D59C65AB3D2E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A1B48F7D-C395-4443-A8DB-5372FB2EC312}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A398BEE3-2BBD-4C02-9E53-60E547098775}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A4B46166-F0EB-48A3-A3AF-530189E958A6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AD65A983-D11C-4AC7-8C06-1E32DCA1D09F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{B803339E-817A-4754-9B61-F55DB12F6D88}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C51B55B9-93BE-4776-A257-D982FCF0BA5B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D49B4309-69B6-4C60-987C-5F14CD624EFE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D6033302-C83F-4F6F-ACBD-C091A38705CB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DD718ADE-63C3-4557-8F75-FB85C277FF81}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E86B9B40-FB4C-44C5-B9A7-7C5B7F7839CF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E8C6A8A1-2DC1-4700-A05D-4C1FF6B92621}" = protocol=17 | dir=in | app=c:\users\vani\appdata\roaming\dropbox\bin\dropbox.exe |
"{F0FC29DE-2D62-4337-96C8-A95592CD8173}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{FFC1DF4A-563C-44EE-BC5C-B89DAE4035E2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{29C25CB6-7E1F-4286-927A-E76CFB3FA160}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe |
"TCP Query User{A63F9FBD-B029-4936-A64F-C75495A5DF64}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{C5458681-15EA-4C1A-94B6-E74A2999E1CA}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe" = protocol=6 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe |
"TCP Query User{F06B93A3-3DDF-4BB3-823E-9C4F3EF4D7E1}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{0592F5FA-8957-4094-82BB-FDFAEBA2AD79}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{3FA7B7FD-86A1-4017-81BB-C09C9CDA4154}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe |
"UDP Query User{7BFD42F9-4B35-4812-A7B0-B3782F745202}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{7D185F58-6ABE-49C3-BEFF-F73BF25E11F4}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe" = protocol=17 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}" = Intel(R) PROSet/Wireless WiFi Software
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{7BA64D21-EE46-4a9a-8145-52B0175C3F86}" = Plugfree NETWORK
"{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A5FADEAC-B0A9-4C27-A8B5-05381A339F4E}" = Plugfree NETWORK
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{25680C01-6753-4FE9-A891-7857F26457C1}" = Intel(R) WiDi
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = FJ Camera
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{49A588CF-5FD4-4774-BFBF-0764287DE82B}" = Power Saving Utility
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{549BF60D-FDDA-4E4C-ABE3-9E897BC09E79}" = Anytime USB Charge Utility
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = Die Sims™ 2 Freizeit-Spaß
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9983CD31-473F-4808-8317-5346119F0187}" = eBay
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8AF728F-2EE8-4322-96B3-656CAD1F7805}" = Facebook Messenger 2.1.4554.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1E035A6-F03E-426F-82F0-BAC56FF873DC}" = AIS Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C83FB11D-9EC6-49D7-99A7-DDDB2264883C}" = Brother MFL-Pro Suite
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C8E4B31D-337C-483D-822D-16F11441669B}" = Fujitsu Hotkey Utility
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = Die Sims™ 2 Vier Jahreszeiten
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIS Connect" = AIS Connect
"Avira AntiVir Desktop" = Avira Free Antivirus
"CEP - Colour Enable Packages_is1" = CEP (Color Enable Package) v.9.2 (beta)
"DeskUpdate_is1" = DeskUpdate 4.12
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.17.319
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager
"InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"InstallShield_{C8E4B31D-337C-483D-822D-16F11441669B}" = Fujitsu Hotkey Utility
"InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"MediaMonkey_is1" = MediaMonkey 4.0
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Scriptorium_for_TS2_is1" = Scriptorium for TS2
"SimPE_is1" = SimPE 0.68 (alpha)
"Sims2Pack Clean Installer" = Sims2Pack Clean Installer
"Trojan Remover_is1" = Trojan Remover 6.8.4
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 6/30/2012 1:25:27 AM | Computer Name = Vanis-Laptop | Source = Application Hang | ID = 1002
Description = Programm WINWORDC.EXE, Version 0.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1274 Startzeit:
01cd56805eebdf7b Endzeit: 43642 Anwendungspfad: Q:\140066.deu\Office14\WINWORDC.EXE
Berichts-ID:
cf1eb458-c273-11e1-b231-bc7737227eae
Error - 6/30/2012 11:24:11 AM | Computer Name = Vanis-Laptop | Source = WinMgmt | ID = 10
Description =
Error - 6/30/2012 11:27:56 AM | Computer Name = Vanis-Laptop | Source = CVHSVC | ID = 100
Description = Nur zur Information. Too many failures while downloading ranges: 2
Error - 6/30/2012 11:31:11 AM | Computer Name = Vanis-Laptop | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Stream product id=0x0066): Streaming Failed
Error - 7/4/2012 9:19:06 PM | Computer Name = Vanis-Laptop | Source = WinMgmt | ID = 10
Description =
Error - 7/4/2012 9:26:05 PM | Computer Name = Vanis-Laptop | Source = CVHSVC | ID = 100
Description = Nur zur Information. Too many failures while downloading ranges: 2
Error - 7/4/2012 9:27:01 PM | Computer Name = Vanis-Laptop | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Stream product id=0x0066): Streaming Failed
Error - 7/4/2012 9:51:23 PM | Computer Name = Vanis-Laptop | Source = WinMgmt | ID = 10
Description =
Error - 7/4/2012 9:56:22 PM | Computer Name = Vanis-Laptop | Source = CVHSVC | ID = 100
Description = Nur zur Information. Too many failures while downloading ranges: 2
Error - 7/4/2012 9:56:53 PM | Computer Name = Vanis-Laptop | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Stream product id=0x0066): Streaming Failed
[ Media Center Events ]
Error - 2/3/2012 5:27:34 PM | Computer Name = Vanis-Laptop | Source = MCUpdate | ID = 0
Description = 22:27:34 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde
liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
keine Vertrauensstellung hergestellt werden..)
Error - 2/29/2012 5:15:15 PM | Computer Name = Vanis-Laptop | Source = MCUpdate | ID = 0
Description = 22:15:15 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde
liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
keine Vertrauensstellung hergestellt werden..)
Error - 2/29/2012 5:15:17 PM | Computer Name = Vanis-Laptop | Source = MCUpdate | ID = 0
Description = 22:15:16 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
konnte keine Vertrauensstellung hergestellt werden..)
Error - 2/29/2012 5:15:21 PM | Computer Name = Vanis-Laptop | Source = MCUpdate | ID = 0
Description = 22:15:17 - Broadband konnte nicht abgerufen werden (Fehler: Die zugrunde
liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
keine Vertrauensstellung hergestellt werden..)
Error - 3/3/2012 2:19:05 PM | Computer Name = Vanis-Laptop | Source = MCUpdate | ID = 0
Description = 19:19:05 - Broadband konnte nicht abgerufen werden (Fehler: Die zugrunde
liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
keine Vertrauensstellung hergestellt werden..)
Error - 3/3/2012 3:20:11 PM | Computer Name = Vanis-Laptop | Source = MCUpdate | ID = 0
Description = 20:20:09 - Broadband konnte nicht abgerufen werden (Fehler: Die zugrunde
liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
keine Vertrauensstellung hergestellt werden..)
Error - 4/1/2012 5:31:36 PM | Computer Name = Vanis-Laptop | Source = MCUpdate | ID = 0
Description = 23:31:36 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde
liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
keine Vertrauensstellung hergestellt werden..)
Error - 4/1/2012 5:31:37 PM | Computer Name = Vanis-Laptop | Source = MCUpdate | ID = 0
Description = 23:31:37 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
konnte keine Vertrauensstellung hergestellt werden..)
Error - 4/1/2012 5:31:38 PM | Computer Name = Vanis-Laptop | Source = MCUpdate | ID = 0
Description = 23:31:38 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
konnte keine Vertrauensstellung hergestellt werden..)
Error - 4/1/2012 5:31:43 PM | Computer Name = Vanis-Laptop | Source = MCUpdate | ID = 0
Description = 23:31:39 - Broadband konnte nicht abgerufen werden (Fehler: Die zugrunde
liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
keine Vertrauensstellung hergestellt werden..)
[ System Events ]
Error - 4/11/2012 11:38:57 PM | Computer Name = Vanis-Laptop | Source = DCOM | ID = 10010
Description =
Error - 4/11/2012 11:38:59 PM | Computer Name = Vanis-Laptop | Source = DCOM | ID = 10010
Description =
Error - 4/11/2012 11:40:00 PM | Computer Name = Vanis-Laptop | Source = DCOM | ID = 10010
Description =
Error - 4/12/2012 11:31:24 AM | Computer Name = Vanis-Laptop | Source = DCOM | ID = 10010
Description =
Error - 4/17/2012 3:45:16 PM | Computer Name = Vanis-Laptop | Source = DCOM | ID = 10010
Description =
Error - 4/18/2012 12:47:24 PM | Computer Name = Vanis-Laptop | Source = DCOM | ID = 10010
Description =
Error - 4/19/2012 12:29:41 PM | Computer Name = Vanis-Laptop | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung empfangen: 40.
Error - 4/19/2012 12:30:07 PM | Computer Name = Vanis-Laptop | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung empfangen: 40.
Error - 4/19/2012 12:30:57 PM | Computer Name = Vanis-Laptop | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung empfangen: 40.
Error - 4/19/2012 10:43:48 PM | Computer Name = Vanis-Laptop | Source = DCOM | ID = 10010
Description =
< End of report >
|
|
05.07.2012, 06:11
| #10 |
| /// Malwareteam | "Kanadische Version" des BKA-Trojaners Sieht ganz gut aus - kontrollieren wir alles nochmal! Schritt 1: MBAM vollständig Downloade Dir bitte Malwarebytes
Schritt 2: ESET ESET Online Scanner
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
10.07.2012, 08:08
| #11 |
| /// Malwareteam | "Kanadische Version" des BKA-Trojaners Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
05.08.2012, 22:04
| #12 |
| /// Malwareteam | "Kanadische Version" des BKA-Trojaners Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
| Themen zu "Kanadische Version" des BKA-Trojaners |
| .dll, administrator, avira, bildschirm, chip.de, dateisystem, desktop, explorer, fehlermeldung, google, herunterfahren, heuristiks/extra, heuristiks/shuriken, kaputt, log, löschen, malwarebytes, microsoft, neustart, neustarten, nt.dll, ordner, programm, recycle.bin, registry, scan, shutdown, software, system, taskmanager, verweise, virus |
Linear-Darstellung
