| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Phishing Postbank, McAfee meldet unsichere Seite C:\users\...\appdata\roamin\azimcoz\cucilei.exeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.07.2012, 18:00
| #16 |
 |  Phishing Postbank, McAfee meldet unsichere Seite C:\users\...\appdata\roamin\azimcoz\cucilei.exe Hallo Arne, OTL Logfile: Code:
ATTFilter OTL logfile created on: 28.07.2012 18:30:07 - Run 2 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Ina\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 58,16% Memory free 8,22 Gb Paging File | 6,32 Gb Available in Paging File | 76,89% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 454,40 Gb Total Space | 162,32 Gb Free Space | 35,72% Space Free | Partition Type: NTFS Drive D: | 457,11 Gb Total Space | 356,18 Gb Free Space | 77,92% Space Free | Partition Type: NTFS Computer Name: PC-1 | User Name: Ina | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.28 18:21:42 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Ina\Desktop\OTL.exe PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.09.16 10:48:54 | 001,623,920 | ---- | M] (Lexware GmbH & Co. KG) -- C:\Program Files (x86)\Common Files\Lexware\LxWebAccess\LxWebAccess.exe PRC - [2011.07.31 14:07:18 | 000,189,808 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2011.05.24 22:48:46 | 000,569,344 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD.exe PRC - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe PRC - [2010.05.14 15:36:41 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe PRC - [2009.10.27 10:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe PRC - [2009.08.27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2008.07.29 18:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe PRC - [2008.07.29 18:52:56 | 000,454,704 | ---- | M] (Egis inc.) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe PRC - [2008.07.23 18:52:06 | 000,206,112 | ---- | M] () -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe PRC - [2008.07.01 10:38:18 | 000,270,422 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe PRC - [2007.06.18 15:10:32 | 000,271,360 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia PC Suite 6\LaunchApplication.exe ========== Modules (No Company Name) ========== MOD - [2012.06.24 16:05:12 | 013,197,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\54d61af44b1dedee6aea0d1bbc46b13a\System.Windows.Forms.ni.dll MOD - [2012.06.24 16:05:02 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4a668799513e369a54fdab8b3f74de92\System.Drawing.ni.dll MOD - [2012.05.13 20:56:33 | 000,194,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\f11d5fea7ded12068e8cdb8b2f1bdbd9\CustomMarshalers.ni.dll MOD - [2012.05.13 00:28:28 | 000,980,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0c8e950df17a0abec10888e8ad966cbe\System.Configuration.ni.dll MOD - [2012.05.13 00:28:22 | 005,618,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\5ee8bf77e7b3e25cdbff6e1c299574fe\System.Xml.ni.dll MOD - [2012.05.13 00:28:17 | 009,090,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f399163bb35597da7141ccdb7f39d16\System.ni.dll MOD - [2012.05.13 00:28:10 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2008.07.23 18:52:10 | 000,012,576 | ---- | M] () -- C:\Program Files (x86)\McAfee\SiteAdvisor\saHook.dll MOD - [2008.04.28 10:49:20 | 000,003,072 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2008.11.12 16:20:40 | 000,932,864 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility) SRV - [2012.07.13 18:26:16 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.06.24 16:17:45 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.08.27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.08.19 15:27:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2008.08.07 12:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2008.07.29 18:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008.07.23 18:52:06 | 000,206,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service) SRV - [2008.07.01 10:38:18 | 000,270,422 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2010.02.26 14:33:40 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64j.sys -- (UsbserFilt) DRV:64bit: - [2010.02.26 14:33:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2010.02.26 14:33:22 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64) DRV:64bit: - [2010.02.26 14:33:22 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64) DRV:64bit: - [2009.07.15 09:08:24 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TFsExDisk.sys -- (TFsExDisk) DRV:64bit: - [2009.04.11 07:39:37 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2008.11.12 17:42:22 | 004,999,680 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag) DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2008.08.05 06:29:26 | 000,056,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2008.07.29 18:53:50 | 000,060,976 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\PSDVdisk.sys -- (psdvdisk) DRV:64bit: - [2008.07.29 18:53:50 | 000,021,040 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\PSDNServ.sys -- (PSDNServ) DRV:64bit: - [2008.07.29 18:53:48 | 000,022,064 | ---- | M] (Egis Incorporated) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\psdfilter.sys -- (PSDFilter) DRV:64bit: - [2008.01.31 02:48:32 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2008.01.31 02:48:16 | 000,016,384 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2008.01.21 04:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2008.01.09 13:28:20 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\seehcri.sys -- (seehcri) DRV:64bit: - [2007.12.10 15:22:10 | 000,144,936 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s3017unic.sys -- (s3017unic) DRV:64bit: - [2007.12.10 15:22:06 | 000,125,480 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s3017obex.sys -- (s3017obex) DRV:64bit: - [2007.12.10 15:22:04 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s3017nd5.sys -- (s3017nd5) DRV:64bit: - [2007.12.10 15:22:02 | 000,130,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s3017mgmt.sys -- (s3017mgmt) DRV:64bit: - [2007.12.10 15:22:00 | 000,146,984 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s3017mdm.sys -- (s3017mdm) DRV:64bit: - [2007.12.10 15:22:00 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s3017mdfl.sys -- (s3017mdfl) DRV:64bit: - [2007.12.10 15:21:56 | 000,109,096 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s3017bus.sys -- (s3017bus) DRV:64bit: - [2007.07.03 17:04:44 | 000,142,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2007.07.03 17:04:16 | 000,016,040 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2007.07.03 17:02:12 | 000,105,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdbus.sys -- (sscdbus) DRV - [2010.05.14 15:37:29 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2008.08.19 15:23:00 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1006&m=aspire_x1700 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1006&m=aspire_x1700 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1006&m=aspire_x1700 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1006&m=aspire_x1700 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-198065357-2291745013-3740999017-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1006&m=aspire_x1700 IE - HKU\S-1-5-21-198065357-2291745013-3740999017-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKU\S-1-5-21-198065357-2291745013-3740999017-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-198065357-2291745013-3740999017-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-198065357-2291745013-3740999017-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-198065357-2291745013-3740999017-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-198065357-2291745013-3740999017-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 48 24 5B EB 36 CB 01 [binary data] IE - HKU\S-1-5-21-198065357-2291745013-3740999017-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-198065357-2291745013-3740999017-1000\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) IE - HKU\S-1-5-21-198065357-2291745013-3740999017-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-198065357-2291745013-3740999017-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-198065357-2291745013-3740999017-1000\..\SearchScopes\{0E6E26B1-5512-486A-A135-2FB865F75464}: "URL" = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin IE - HKU\S-1-5-21-198065357-2291745013-3740999017-1000\..\SearchScopes\{5470BADD-D016-4359-9F90-945785E08734}: "URL" = hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin IE - HKU\S-1-5-21-198065357-2291745013-3740999017-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7GPEA_de IE - HKU\S-1-5-21-198065357-2291745013-3740999017-1000\..\SearchScopes\{BFF14EFD-1230-4C0E-8F83-1E83D9468FC6}: "URL" = hxxp://go.gmx.net/suchbox/amazon/?keywords={searchTerms} IE - HKU\S-1-5-21-198065357-2291745013-3740999017-1000\..\SearchScopes\{E9262124-ADA0-4437-982D-B05FC0F59A18}: "URL" = hxxp://go.web.de/suchbox/smartshopping/?searchText={searchTerms}&mc=searchplugin@suche@msie.suche@preisvergleich IE - HKU\S-1-5-21-198065357-2291745013-3740999017-1000\..\SearchScopes\{F9EB9A7C-EA78-48A3-8E75-D62275DB6F65}: "URL" = hxxp://search.1und1.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin IE - HKU\S-1-5-21-198065357-2291745013-3740999017-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "GMX Suche" FF - prefs.js..browser.search.order.1: "GMX Suche" FF - prefs.js..browser.search.order.2: "WEB.DE Suche" FF - prefs.js..browser.search.order.3: "1und1 Suche" FF - prefs.js..browser.search.order.4: "amazon.de" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.web.de" FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8 FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c}:3.10.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:5.9 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files (x86)\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Ina\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2010.03.03 02:08:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.23 21:21:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.23 21:21:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.23 21:21:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.23 21:21:45 | 000,000,000 | ---D | M] [2009.06.02 21:33:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ina\AppData\Roaming\mozilla\Extensions [2012.07.20 15:46:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ina\AppData\Roaming\mozilla\Firefox\Profiles\iduohik7.default\extensions [2012.03.11 19:58:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ina\AppData\Roaming\mozilla\Firefox\Profiles\iduohik7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.09.14 22:04:14 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Ina\AppData\Roaming\mozilla\Firefox\Profiles\iduohik7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012.03.11 19:58:42 | 000,000,000 | ---D | M] (Softonic Deutsch Community Toolbar) -- C:\Users\Ina\AppData\Roaming\mozilla\Firefox\Profiles\iduohik7.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} [2010.08.04 00:05:27 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Ina\AppData\Roaming\mozilla\Firefox\Profiles\iduohik7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.03.11 19:58:43 | 000,000,000 | ---D | M] (Easy YouTube Video Downloader) -- C:\Users\Ina\AppData\Roaming\mozilla\Firefox\Profiles\iduohik7.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} [2010.01.30 22:36:18 | 000,005,591 | ---- | M] () -- C:\Users\Ina\AppData\Roaming\Mozilla\Firefox\Profiles\iduohik7.default\searchplugins\1und1-suche.xml [2010.01.30 22:36:16 | 000,001,371 | ---- | M] () -- C:\Users\Ina\AppData\Roaming\Mozilla\Firefox\Profiles\iduohik7.default\searchplugins\amazonde.xml [2010.03.03 22:22:46 | 000,002,077 | ---- | M] () -- C:\Users\Ina\AppData\Roaming\Mozilla\Firefox\Profiles\iduohik7.default\searchplugins\com-artikelsuche.xml [2010.01.30 22:36:17 | 000,010,605 | ---- | M] () -- C:\Users\Ina\AppData\Roaming\Mozilla\Firefox\Profiles\iduohik7.default\searchplugins\gmx-suche.xml [2010.01.30 22:36:18 | 000,005,588 | ---- | M] () -- C:\Users\Ina\AppData\Roaming\Mozilla\Firefox\Profiles\iduohik7.default\searchplugins\webde-suche.xml [2012.06.17 18:25:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.01.30 18:15:58 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Program Files (x86)\mozilla firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66} [2010.01.30 18:15:58 | 000,000,000 | ---D | M] (GMX Firefox Addon) -- C:\Program Files (x86)\mozilla firefox\extensions\{C473DC2B-895F-4E11-B8BF-FF28DFD62829} [2012.06.17 18:25:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.06.24 16:17:46 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.04.14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll [2012.06.24 16:17:42 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.24 16:17:42 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.24 16:17:42 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.09.28 18:14:06 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchstonicde.xml [2012.06.24 16:17:42 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.24 16:17:42 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.24 16:17:42 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found O2:64bit: - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll () O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll () O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll () O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll () O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O3:64bit: - HKU\S-1-5-21-198065357-2291745013-3740999017-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.) O3 - HKU\S-1-5-21-198065357-2291745013-3740999017-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3:64bit: - HKU\S-1-5-21-198065357-2291745013-3740999017-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\S-1-5-21-198065357-2291745013-3740999017-1000\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Programme\Acer\Empowering Technology\SysMonitor.exe () O4:64bit: - HKLM..\Run: [eDataSecurity Loader] C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe (Egis Incorporated) O4:64bit: - HKLM..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot File not found O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe () O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files (x86)\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] C:\Program Files (x86)\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.) O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] C:\Program Files (x86)\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-198065357-2291745013-3740999017-1000..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKU\S-1-5-21-198065357-2291745013-3740999017-1000..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found O4 - HKU\S-1-5-21-198065357-2291745013-3740999017-1000..\Run: [HydraVisionMDEngine] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD.exe (AMD) O4 - HKU\S-1-5-21-198065357-2291745013-3740999017-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Ina\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Ina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - D:\Programme\MicrosoftOffice\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Ina\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Ina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - D:\Programme\MicrosoftOffice\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programme\MicrosoftOffice\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-198065357-2291745013-3740999017-1000\..Trusted Domains: ([]msn in Computer) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37973EC7-0924-43DF-9D1C-B01596EF9382}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ipp - No CLSID value found O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll () O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll () O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Ina\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Ina\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{01482a7e-0439-11e0-a73c-00251110ea22}\Shell - "" = AutoRun O33 - MountPoints2\{01482a7e-0439-11e0-a73c-00251110ea22}\Shell\AutoRun\command - "" = H:\DPFMate.exe O33 - MountPoints2\{ad30ce25-b6fc-11de-872f-00251110ea22}\Shell\AutoRun\command - "" = G:\USBSuite.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: MCODS - Reg Error: Value error. SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MCODS - Reg Error: Value error. SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: MCODS - Reg Error: Value error. SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: MCODS - Reg Error: Value error. SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.mkdmp3enc - C:\PROGRA~2\ACERAR~1\ACERDV~1\Kernel\Burner\MKDMP3Enc.ACM File not found Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com) Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll () Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.07.23 21:25:16 | 000,208,896 | ---- | C] (FUJI PHOTO FILM CO., LTD.) -- C:\Windows\SysWow64\FFRafShellEx.dll [2012.07.23 21:25:06 | 000,233,472 | ---- | C] (FUJIFILM Corporation) -- C:\Windows\SysWow64\RFCLauncher.exe [2012.07.23 21:25:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RAF [2012.07.23 21:24:50 | 000,000,000 | ---D | C] -- C:\Users\Ina\AppData\Roaming\InstallShield [2012.07.23 21:24:50 | 000,000,000 | ---D | C] -- C:\Users\Ina\AppData\Local\FUJIFILM [2012.07.23 21:23:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FUJIFILM [2012.07.23 21:23:47 | 000,000,000 | ---D | C] -- C:\ProgramData\FUJIFILM [2012.07.23 21:23:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FUJIFILM [2012.07.23 21:21:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.07.23 21:20:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2012.07.23 21:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012.07.23 21:19:52 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.07.20 19:58:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webocton - Scriptly [2012.07.20 19:58:11 | 000,000,000 | ---D | C] -- C:\Users\Ina\AppData\Roaming\Webocton - Scriptly [2012.07.20 19:58:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Webocton - Scriptly [2012.07.19 15:45:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.07.08 19:19:14 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Ina\Desktop\esetsmartinstaller_enu.exe [2012.07.02 18:49:58 | 000,000,000 | ---D | C] -- C:\Users\Ina\AppData\Roaming\Malwarebytes [2012.07.02 18:49:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.02 18:49:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.02 18:49:33 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.02 18:49:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.07.02 18:06:47 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Ina\Desktop\OTL.exe [2012.06.30 02:19:35 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [1 C:\Users\Ina\Desktop\*.tmp files -> C:\Users\Ina\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.28 18:25:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.28 18:21:42 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Ina\Desktop\OTL.exe [2012.07.28 18:21:40 | 001,662,160 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.28 18:21:40 | 000,709,716 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.28 18:21:40 | 000,663,838 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.28 18:21:40 | 000,161,044 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.28 18:21:40 | 000,131,634 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.28 18:17:13 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.28 18:15:05 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml [2012.07.28 18:15:03 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.28 18:15:03 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.28 18:14:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.27 16:58:29 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.25 16:11:34 | 000,002,655 | ---- | M] () -- C:\Users\Ina\Desktop\Microsoft Office Word 2007.lnk [2012.07.23 21:23:53 | 000,001,021 | ---- | M] () -- C:\Users\Public\Desktop\MyFinePix Studio.lnk [2012.07.23 21:21:18 | 000,001,760 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.07.23 21:15:09 | 001,774,724 | ---- | M] () -- C:\Users\Ina\Desktop\fuji-bedienanleitung.pdf [2012.07.20 19:58:27 | 000,001,804 | ---- | M] () -- C:\Users\Ina\Desktop\Webocton - Scriptly.lnk [2012.07.20 00:16:26 | 000,624,883 | ---- | M] () -- C:\Users\Ina\Desktop\adwcleaner.exe [2012.07.19 15:42:10 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Ina\Desktop\esetsmartinstaller_enu.exe [2012.07.16 15:31:35 | 000,000,952 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.16 11:58:27 | 000,423,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.02 18:04:29 | 000,000,000 | ---- | M] () -- C:\Users\Ina\defogger_reenable [2012.07.02 17:58:34 | 000,050,477 | ---- | M] () -- C:\Users\Ina\Desktop\Defogger.exe [1 C:\Users\Ina\Desktop\*.tmp files -> C:\Users\Ina\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.23 21:23:53 | 000,001,021 | ---- | C] () -- C:\Users\Public\Desktop\MyFinePix Studio.lnk [2012.07.23 21:21:18 | 000,001,760 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.07.23 21:15:09 | 001,774,724 | ---- | C] () -- C:\Users\Ina\Desktop\fuji-bedienanleitung.pdf [2012.07.20 19:58:27 | 000,001,804 | ---- | C] () -- C:\Users\Ina\Desktop\Webocton - Scriptly.lnk [2012.07.20 00:15:41 | 000,624,883 | ---- | C] () -- C:\Users\Ina\Desktop\adwcleaner.exe [2012.07.02 18:49:45 | 000,000,952 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.02 18:04:29 | 000,000,000 | ---- | C] () -- C:\Users\Ina\defogger_reenable [2012.07.02 17:58:33 | 000,050,477 | ---- | C] () -- C:\Users\Ina\Desktop\Defogger.exe [2012.04.17 15:58:12 | 000,138,608 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvmc100.dll [2012.04.17 15:58:10 | 000,074,608 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvm100.dll [2012.04.17 15:58:08 | 000,309,616 | ---- | C] () -- C:\Windows\SysWow64\LxDNT100.dll [2012.02.27 10:41:52 | 000,202,240 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll [2011.06.08 18:45:07 | 000,393,256 | ---- | C] () -- C:\Windows\SysWow64\CNQ2414N.DAT [2011.03.29 18:26:37 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2011.03.29 18:26:36 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat [2011.03.29 18:26:36 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat [2011.03.29 18:26:36 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat [2011.03.29 18:26:36 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat [2011.03.29 18:26:36 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat [2011.03.29 18:26:36 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat [2011.03.29 18:26:36 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat [2011.03.29 18:26:36 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat [2011.03.29 18:26:36 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat [2011.03.29 18:26:36 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat [2011.03.29 18:26:36 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat [2011.03.29 18:26:36 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat [2011.03.29 18:26:36 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat [2011.03.29 18:26:36 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat [2011.03.29 18:26:36 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat [2011.03.29 18:26:36 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat [2011.03.29 18:26:36 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat [2011.03.29 18:26:36 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat [2010.12.28 13:33:18 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2010.10.21 15:18:46 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\dnt27VC8.dll [2010.10.21 15:16:58 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\dntvmc27VC8.dll [2010.10.21 15:16:34 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dntvm27VC8.dll [2010.08.03 21:26:02 | 000,000,000 | ---- | C] () -- C:\Users\Ina\AppData\Roaming\wklnhst.dat [2010.06.21 14:20:11 | 000,002,798 | ---- | C] () -- C:\Users\Ina\.recently-used.xbel [2010.02.16 18:56:24 | 000,031,049 | ---- | C] () -- C:\Users\Ina\AppData\Roaming\UserTile.png [2010.02.01 20:10:26 | 000,000,091 | ---- | C] () -- C:\Users\Ina\AppData\Local\fusioncache.dat [2010.01.22 16:56:44 | 000,000,732 | ---- | C] () -- C:\Users\Ina\AppData\Local\d3d9caps64.dat [2009.10.13 18:13:23 | 000,000,680 | ---- | C] () -- C:\Users\Ina\AppData\Local\d3d9caps.dat [2009.07.27 18:26:01 | 000,134,144 | ---- | C] () -- C:\Users\Ina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.07.09 19:08:43 | 000,127,460 | ---- | C] () -- C:\Users\Ina\AppData\Roaming\NMM-MetaData.db ========== LOP Check ========== [2008.10.31 21:05:47 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console [2008.10.31 21:05:47 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console [2009.06.02 20:42:58 | 000,000,000 | -HSD | M] -- C:\Users\Ina\AppData\Roaming\.# [2010.09.11 20:18:53 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\Acer Arcade Live [2008.10.31 21:05:47 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\Acer GameZone Console [2010.04.01 10:07:46 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\avidemux [2012.07.02 19:03:29 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\Azimcoz [2011.09.28 20:01:35 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\Canon [2010.03.28 16:22:48 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\CDZilla [2011.02.23 18:46:17 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\DVDVideoSoftIEHelpers [2010.02.28 13:46:05 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\EPSON [2009.06.02 20:41:25 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\eSobi [2010.06.14 18:35:27 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\Facebook [2009.12.05 23:36:25 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\fltk.org [2010.06.21 14:20:11 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\gtk-2.0 [2010.12.28 18:41:13 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\HamsterSoft [2012.07.02 17:54:33 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\Ided [2012.04.16 09:29:21 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\Lexware [2010.12.28 18:24:43 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\MAGIX [2010.01.22 16:59:49 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\MilkShape 3D 1.x.x [2009.07.09 19:08:43 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\Nokia [2009.06.26 21:14:31 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\Nokia Multimedia Player [2009.11.23 20:03:03 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\Notepad++ [2010.08.03 23:45:22 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\OpenOffice.org [2010.08.08 19:08:04 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\PC Suite [2010.02.16 18:56:23 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\PeerNetworking [2010.09.11 20:18:48 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\PowerCinema [2010.07.14 17:38:12 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\Publish Providers [2010.05.14 15:21:10 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\Samsung [2009.07.27 18:08:11 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\Sims 3 Package Explorer [2010.07.14 17:38:44 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\Sony [2010.08.03 21:26:01 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\Template [2012.07.20 19:58:23 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\Webocton - Scriptly [2012.07.27 17:23:24 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < : > < > < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2009.06.02 20:42:58 | 000,000,000 | -HSD | M] -- C:\Users\Ina\AppData\Roaming\.# [2010.09.11 20:18:53 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\Acer Arcade Live [2008.10.31 21:05:47 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\Acer GameZone Console [2010.01.22 14:40:14 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\Adobe [2009.06.02 18:51:37 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\ATI [2010.04.01 10:07:46 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\avidemux [2012.07.02 19:03:29 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\Azimcoz [2011.09.28 20:01:35 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\Canon [2010.03.28 16:22:48 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\CDZilla [2010.06.09 18:08:33 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\CyberLink [2010.07.03 11:55:57 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\DivX [2011.02.23 18:46:17 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\DVDVideoSoftIEHelpers [2010.02.28 13:46:05 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\EPSON [2009.06.02 20:41:25 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\eSobi [2010.06.14 18:35:27 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\Facebook [2009.12.05 23:36:25 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\fltk.org [2009.06.20 22:43:30 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\Google [2010.06.21 14:20:11 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\gtk-2.0 [2010.12.28 18:41:13 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\HamsterSoft [2012.07.02 17:54:33 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\Ided [2009.06.02 18:51:04 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\Identities [2012.07.23 21:24:50 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\InstallShield [2012.04.16 09:29:21 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\Lexware [2009.06.02 18:52:07 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\Macromedia [2010.12.28 18:24:43 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\MAGIX [2012.07.02 18:49:58 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\Malwarebytes [2006.11.02 17:07:25 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\Media Center Programs [2012.06.24 17:26:47 | 000,000,000 | --SD | M] -- C:\Users\Ina\AppData\Roaming\Microsoft [2010.05.03 20:12:49 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\Microsoft Web Folders [2010.01.22 16:59:49 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\MilkShape 3D 1.x.x [2009.06.02 21:33:29 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\Mozilla [2009.07.09 19:08:43 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\Nokia [2009.06.26 21:14:31 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\Nokia Multimedia Player [2009.11.23 20:03:03 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\Notepad++ [2010.08.03 23:45:22 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\OpenOffice.org [2010.08.08 19:08:04 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\PC Suite [2010.02.16 18:56:23 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\PeerNetworking [2010.09.11 20:18:48 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\PowerCinema [2010.07.14 17:38:12 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\Publish Providers [2010.05.14 15:21:10 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\Samsung [2009.07.27 18:08:11 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\Sims 3 Package Explorer [2010.07.14 17:38:44 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\Sony [2010.08.03 21:26:01 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\Template [2011.10.04 17:33:09 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\vlc [2012.07.20 19:58:23 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\Webocton - Scriptly [2010.07.06 23:07:36 | 000,000,000 | ---D | M] -- C:\Users\Ina\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2010.06.14 18:35:27 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Users\Ina\AppData\Roaming\Facebook\uninstall.exe [2010.12.12 11:40:01 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Ina\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2010.01.08 17:40:38 | 000,045,056 | R--- | M] () -- C:\Users\Ina\AppData\Roaming\Microsoft\Installer\{808266AF-BBAF-47B0-8F10-7D6E1B668B3D}\_66626A013E58_4E95_BA8E_704053676F64.exe [2010.01.08 18:05:00 | 000,061,440 | R--- | M] () -- C:\Users\Ina\AppData\Roaming\Microsoft\Installer\{BAE02E8D-9B2C-4C71-AB30-DADD141849D4}\_ECA67491467C_41F7_8351_3C94EF4B8225.exe [2009.06.20 22:37:12 | 000,010,134 | R--- | M] () -- C:\Users\Ina\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe [2010.05.14 15:34:53 | 089,280,248 | ---- | M] (Samsung Electronics Co., Ltd. ) -- C:\Users\Ina\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Setup_For_Full_Update_IH2_7.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys [2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys [2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys < MD5 for: AHCIX86S.SYS > [2007.08.08 06:55:08 | 000,122,880 | ---- | M] (Promise Technology, Inc.) MD5=4283A0F3A9557EB133D2BA8979747A77 -- C:\ACER\Preload\Autorun\DRV\ATI VGA PCI-E\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys < MD5 for: ATAPI.SYS > [2008.01.21 04:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys [2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys [2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll [2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2008.06.06 14:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll < MD5 for: IASTORV.SYS > [2008.01.21 04:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SysNative\drivers\iaStorV.sys [2008.01.21 04:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys < MD5 for: NETLOGON.DLL > [2008.01.21 04:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll [2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll [2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll [2008.01.21 04:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll < MD5 for: NVSTOR.SYS > [2008.01.21 04:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys [2008.01.21 04:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll [2008.01.21 04:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll [2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll [2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 04:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll [2008.01.21 04:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll [2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll [2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll [2009.04.11 09:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll [2009.04.11 09:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe [2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe [2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe [2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe [2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe [2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe [2008.01.21 04:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.01.21 04:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2008.01.21 04:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > ========== Alternate Data Streams ========== @Alternate Data Stream - 207 bytes -> C:\ProgramData\Temp:260575F1 @Alternate Data Stream - 194 bytes -> C:\ProgramData\Temp:C22674B6 < End of report > [/code] Danke und viele Grüße Ina |
|
29.07.2012, 00:55
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Phishing Postbank, McAfee meldet unsichere Seite C:\users\...\appdata\roamin\azimcoz\cucilei.exe Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL
IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-198065357-2291745013-3740999017-1000\..\SearchScopes\{0E6E26B1-5512-486A-A135-2FB865F75464}: "URL" = http://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
IE - HKU\S-1-5-21-198065357-2291745013-3740999017-1000\..\SearchScopes\{5470BADD-D016-4359-9F90-945785E08734}: "URL" = http://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
IE - HKU\S-1-5-21-198065357-2291745013-3740999017-1000\..\SearchScopes\{BFF14EFD-1230-4C0E-8F83-1E83D9468FC6}: "URL" = http://go.gmx.net/suchbox/amazon/?keywords={searchTerms}
IE - HKU\S-1-5-21-198065357-2291745013-3740999017-1000\..\SearchScopes\{E9262124-ADA0-4437-982D-B05FC0F59A18}: "URL" = http://go.web.de/suchbox/smartshopping/?searchText={searchTerms}&mc=searchplugin@suche@msie.suche@preisvergleich
IE - HKU\S-1-5-21-198065357-2291745013-3740999017-1000\..\SearchScopes\{F9EB9A7C-EA78-48A3-8E75-D62275DB6F65}: "URL" = http://search.1und1.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
FF - prefs.js..browser.search.defaultenginename: "GMX Suche"
FF - prefs.js..browser.search.order.1: "GMX Suche"
FF - prefs.js..browser.search.order.2: "WEB.DE Suche"
FF - prefs.js..browser.search.order.3: "1und1 Suche"
FF - prefs.js..browser.search.order.4: "amazon.de"
FF - user.js - File not found
[2010.09.14 22:04:14 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Ina\AppData\Roaming\mozilla\Firefox\Profiles\iduohik7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.03.11 19:58:42 | 000,000,000 | ---D | M] (Softonic Deutsch Community Toolbar) -- C:\Users\Ina\AppData\Roaming\mozilla\Firefox\Profiles\iduohik7.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}
[2010.08.04 00:05:27 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Ina\AppData\Roaming\mozilla\Firefox\Profiles\iduohik7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.11 19:58:43 | 000,000,000 | ---D | M] (Easy YouTube Video Downloader) -- C:\Users\Ina\AppData\Roaming\mozilla\Firefox\Profiles\iduohik7.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2010.01.30 22:36:18 | 000,005,591 | ---- | M] () -- C:\Users\Ina\AppData\Roaming\Mozilla\Firefox\Profiles\iduohik7.default\searchplugins\1und1-suche.xml
[2010.01.30 22:36:16 | 000,001,371 | ---- | M] () -- C:\Users\Ina\AppData\Roaming\Mozilla\Firefox\Profiles\iduohik7.default\searchplugins\amazonde.xml
[2010.03.03 22:22:46 | 000,002,077 | ---- | M] () -- C:\Users\Ina\AppData\Roaming\Mozilla\Firefox\Profiles\iduohik7.default\searchplugins\com-artikelsuche.xml
[2010.01.30 22:36:17 | 000,010,605 | ---- | M] () -- C:\Users\Ina\AppData\Roaming\Mozilla\Firefox\Profiles\iduohik7.default\searchplugins\gmx-suche.xml
[2010.01.30 22:36:18 | 000,005,588 | ---- | M] () -- C:\Users\Ina\AppData\Roaming\Mozilla\Firefox\Profiles\iduohik7.default\searchplugins\webde-suche.xml
[2010.09.28 18:14:06 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchstonicde.xml
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-198065357-2291745013-3740999017-1000\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O4 - HKU\S-1-5-21-198065357-2291745013-3740999017-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{01482a7e-0439-11e0-a73c-00251110ea22}\Shell - "" = AutoRun
O33 - MountPoints2\{01482a7e-0439-11e0-a73c-00251110ea22}\Shell\AutoRun\command - "" = H:\DPFMate.exe
O33 - MountPoints2\{ad30ce25-b6fc-11de-872f-00251110ea22}\Shell\AutoRun\command - "" = G:\USBSuite.exe
[2009.06.02 20:42:58 | 000,000,000 | -HSD | M] -- C:\Users\Ina\AppData\Roaming\.#
@Alternate Data Stream - 207 bytes -> C:\ProgramData\Temp:260575F1
@Alternate Data Stream - 194 bytes -> C:\ProgramData\Temp:C22674B6
:Files
C:\Program Files (x86)\Softonic_Deutsch
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ |
|
29.07.2012, 08:24
| #18 |
| | Phishing Postbank, McAfee meldet unsichere Seite C:\users\...\appdata\roamin\azimcoz\cucilei.exe Hallo Arne,
__________________Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ deleted successfully.
C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll moved successfully.
Registry key HKEY_USERS\S-1-5-21-198065357-2291745013-3740999017-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0E6E26B1-5512-486A-A135-2FB865F75464}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E6E26B1-5512-486A-A135-2FB865F75464}\ not found.
Registry key HKEY_USERS\S-1-5-21-198065357-2291745013-3740999017-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5470BADD-D016-4359-9F90-945785E08734}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5470BADD-D016-4359-9F90-945785E08734}\ not found.
Registry key HKEY_USERS\S-1-5-21-198065357-2291745013-3740999017-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BFF14EFD-1230-4C0E-8F83-1E83D9468FC6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFF14EFD-1230-4C0E-8F83-1E83D9468FC6}\ not found.
Registry key HKEY_USERS\S-1-5-21-198065357-2291745013-3740999017-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E9262124-ADA0-4437-982D-B05FC0F59A18}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9262124-ADA0-4437-982D-B05FC0F59A18}\ not found.
Registry key HKEY_USERS\S-1-5-21-198065357-2291745013-3740999017-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F9EB9A7C-EA78-48A3-8E75-D62275DB6F65}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9EB9A7C-EA78-48A3-8E75-D62275DB6F65}\ not found.
Prefs.js: "GMX Suche" removed from browser.search.defaultenginename
Prefs.js: "GMX Suche" removed from browser.search.order.1
Prefs.js: "WEB.DE Suche" removed from browser.search.order.2
Prefs.js: "1und1 Suche" removed from browser.search.order.3
Prefs.js: "amazon.de" removed from browser.search.order.4
C:\Users\Ina\AppData\Roaming\mozilla\Firefox\Profiles\iduohik7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.
C:\Users\Ina\AppData\Roaming\mozilla\Firefox\Profiles\iduohik7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences folder moved successfully.
C:\Users\Ina\AppData\Roaming\mozilla\Firefox\Profiles\iduohik7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully.
C:\Users\Ina\AppData\Roaming\mozilla\Firefox\Profiles\iduohik7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components folder moved successfully.
C:\Users\Ina\AppData\Roaming\mozilla\Firefox\Profiles\iduohik7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome folder moved successfully.
C:\Users\Ina\AppData\Roaming\mozilla\Firefox\Profiles\iduohik7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.
C:\Users\Ina\AppData\Roaming\mozilla\Firefox\Profiles\iduohik7.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\searchplugin folder moved successfully.
C:\Users\Ina\AppData\Roaming\mozilla\Firefox\Profiles\iduohik7.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\modules folder moved successfully.
C:\Users\Ina\AppData\Roaming\mozilla\Firefox\Profiles\iduohik7.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\META-INF folder moved successfully.
C:\Users\Ina\AppData\Roaming\mozilla\Firefox\Profiles\iduohik7.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\defaults folder moved successfully.
C:\Users\Ina\AppData\Roaming\mozilla\Firefox\Profiles\iduohik7.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\components folder moved successfully.
C:\Users\Ina\AppData\Roaming\mozilla\Firefox\Profiles\iduohik7.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\chrome folder moved successfully.
C:\Users\Ina\AppData\Roaming\mozilla\Firefox\Profiles\iduohik7.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} folder moved successfully.
C:\Users\Ina\AppData\Roaming\mozilla\Firefox\Profiles\iduohik7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\Ina\AppData\Roaming\mozilla\Firefox\Profiles\iduohik7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Users\Ina\AppData\Roaming\mozilla\Firefox\Profiles\iduohik7.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}\skin folder moved successfully.
C:\Users\Ina\AppData\Roaming\mozilla\Firefox\Profiles\iduohik7.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}\resource folder moved successfully.
C:\Users\Ina\AppData\Roaming\mozilla\Firefox\Profiles\iduohik7.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}\defaults\preferences folder moved successfully.
C:\Users\Ina\AppData\Roaming\mozilla\Firefox\Profiles\iduohik7.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}\defaults folder moved successfully.
C:\Users\Ina\AppData\Roaming\mozilla\Firefox\Profiles\iduohik7.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}\chrome\content folder moved successfully.
C:\Users\Ina\AppData\Roaming\mozilla\Firefox\Profiles\iduohik7.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}\chrome folder moved successfully.
C:\Users\Ina\AppData\Roaming\mozilla\Firefox\Profiles\iduohik7.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} folder moved successfully.
C:\Users\Ina\AppData\Roaming\Mozilla\Firefox\Profiles\iduohik7.default\searchplugins\1und1-suche.xml moved successfully.
C:\Users\Ina\AppData\Roaming\Mozilla\Firefox\Profiles\iduohik7.default\searchplugins\amazonde.xml moved successfully.
C:\Users\Ina\AppData\Roaming\Mozilla\Firefox\Profiles\iduohik7.default\searchplugins\com-artikelsuche.xml moved successfully.
C:\Users\Ina\AppData\Roaming\Mozilla\Firefox\Profiles\iduohik7.default\searchplugins\gmx-suche.xml moved successfully.
C:\Users\Ina\AppData\Roaming\Mozilla\Firefox\Profiles\iduohik7.default\searchplugins\webde-suche.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchstonicde.xml moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found.
File C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found.
File C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll not found.
Registry value HKEY_USERS\S-1-5-21-198065357-2291745013-3740999017-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}\ not found.
File C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll not found.
Registry value HKEY_USERS\S-1-5-21-198065357-2291745013-3740999017-1000\Software\Microsoft\Windows\CurrentVersion\Run\\WMPNSCFG deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01482a7e-0439-11e0-a73c-00251110ea22}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01482a7e-0439-11e0-a73c-00251110ea22}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01482a7e-0439-11e0-a73c-00251110ea22}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01482a7e-0439-11e0-a73c-00251110ea22}\ not found.
File H:\DPFMate.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad30ce25-b6fc-11de-872f-00251110ea22}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad30ce25-b6fc-11de-872f-00251110ea22}\ not found.
File G:\USBSuite.exe not found.
C:\Users\Ina\AppData\Roaming\.# folder moved successfully.
ADS C:\ProgramData\Temp:260575F1 deleted successfully.
ADS C:\ProgramData\Temp:C22674B6 deleted successfully.
========== FILES ==========
C:\Program Files (x86)\Softonic_Deutsch folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56545 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Ina
->Temp folder emptied: 616020272 bytes
->Temporary Internet Files folder emptied: 392625795 bytes
->Java cache emptied: 13378290 bytes
->FireFox cache emptied: 188683573 bytes
->Flash cache emptied: 123160 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 639651180 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33237 bytes
RecycleBin emptied: 25458443035 bytes
Total Files Cleaned = 26.044,00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Ina
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.55.0 log created on 07292012_090931
Files\Folders moved on Reboot...
C:\Windows\temp\sqlite_d9ft1Us9Q9qU4i3 moved successfully.
C:\Windows\temp\sqlite_KyTqQRrs8gBl57Y moved successfully.
C:\Windows\temp\sqlite_t9JXY24Vtk84v25 moved successfully.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
PendingFileRenameOperations files...
File C:\Windows\temp\sqlite_d9ft1Us9Q9qU4i3 not found!
File C:\Windows\temp\sqlite_KyTqQRrs8gBl57Y not found!
File C:\Windows\temp\sqlite_t9JXY24Vtk84v25 not found!
[2012.07.29 09:17:15 | 000,000,098 | ---- | M] () C:\Windows\System32\drivers\etc\Hosts : MD5=F9C056369E96130CEAD3623A430D925F
Registry entries deleted on Reboot...
Viele Grüße Ina |
|
29.07.2012, 16:56
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Phishing Postbank, McAfee meldet unsichere Seite C:\users\...\appdata\roamin\azimcoz\cucilei.exe Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C  nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.07.2012, 18:32
| #20 |
| | Phishing Postbank, McAfee meldet unsichere Seite C:\users\...\appdata\roamin\azimcoz\cucilei.exeCode:
ATTFilter 19:13:04.0903 0432 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
19:13:04.0950 0432 ============================================================
19:13:04.0950 0432 Current date / time: 2012/07/29 19:13:04.0950
19:13:04.0950 0432 SystemInfo:
19:13:04.0950 0432
19:13:04.0950 0432 OS Version: 6.0.6002 ServicePack: 2.0
19:13:04.0950 0432 Product type: Workstation
19:13:04.0950 0432 ComputerName: PC-1
19:13:04.0950 0432 UserName: Ina
19:13:04.0950 0432 Windows directory: C:\Windows
19:13:04.0950 0432 System windows directory: C:\Windows
19:13:04.0950 0432 Running under WOW64
19:13:04.0950 0432 Processor architecture: Intel x64
19:13:04.0950 0432 Number of processors: 4
19:13:04.0950 0432 Page size: 0x1000
19:13:04.0950 0432 Boot type: Normal boot
19:13:04.0950 0432 ============================================================
19:13:05.0355 0432 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:13:05.0355 0432 Drive \Device\Harddisk3\DR5 - Size: 0xFBD00000 (3.93 Gb), SectorSize: 0x200, Cylinders: 0x201, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:13:05.0355 0432 ============================================================
19:13:05.0355 0432 \Device\Harddisk0\DR0:
19:13:05.0355 0432 MBR partitions:
19:13:05.0355 0432 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2800800, BlocksNum 0x38CCC000
19:13:05.0355 0432 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3B4CC804, BlocksNum 0x392391BD
19:13:05.0355 0432 \Device\Harddisk3\DR5:
19:13:05.0355 0432 MBR partitions:
19:13:05.0355 0432 \Device\Harddisk3\DR5\Partition0: MBR, Type 0xB, StartLBA 0x40, BlocksNum 0x7DE7C0
19:13:05.0355 0432 ============================================================
19:13:05.0387 0432 C: <-> \Device\Harddisk0\DR0\Partition0
19:13:05.0433 0432 D: <-> \Device\Harddisk0\DR0\Partition1
19:13:05.0433 0432 ============================================================
19:13:05.0433 0432 Initialize success
19:13:05.0433 0432 ============================================================
19:14:17.0225 3212 ============================================================
19:14:17.0225 3212 Scan started
19:14:17.0225 3212 Mode: Manual; SigCheck; TDLFS;
19:14:17.0225 3212 ============================================================
19:14:17.0552 3212 Acer HomeMedia Connect Service (f98879b41bf584b30f35941e21da904c) C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
19:14:17.0661 3212 Acer HomeMedia Connect Service ( UnsignedFile.Multi.Generic ) - warning
19:14:17.0661 3212 Acer HomeMedia Connect Service - detected UnsignedFile.Multi.Generic (1)
19:14:17.0771 3212 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
19:14:17.0817 3212 ACPI - ok
19:14:17.0927 3212 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:14:17.0942 3212 AdobeFlashPlayerUpdateSvc - ok
19:14:18.0020 3212 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
19:14:18.0067 3212 adp94xx - ok
19:14:18.0114 3212 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
19:14:18.0145 3212 adpahci - ok
19:14:18.0161 3212 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
19:14:18.0176 3212 adpu160m - ok
19:14:18.0192 3212 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
19:14:18.0223 3212 adpu320 - ok
19:14:18.0254 3212 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
19:14:18.0348 3212 AeLookupSvc - ok
19:14:18.0395 3212 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
19:14:18.0473 3212 AFD - ok
19:14:18.0504 3212 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
19:14:18.0519 3212 agp440 - ok
19:14:18.0551 3212 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
19:14:18.0566 3212 aic78xx - ok
19:14:18.0582 3212 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
19:14:18.0738 3212 ALG - ok
19:14:18.0753 3212 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
19:14:18.0769 3212 aliide - ok
19:14:18.0800 3212 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
19:14:18.0816 3212 amdide - ok
19:14:18.0847 3212 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
19:14:18.0894 3212 AmdK8 - ok
19:14:18.0956 3212 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
19:14:18.0987 3212 Appinfo - ok
19:14:19.0003 3212 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
19:14:19.0019 3212 arc - ok
19:14:19.0034 3212 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
19:14:19.0050 3212 arcsas - ok
19:14:19.0112 3212 aspnet_state - ok
19:14:19.0128 3212 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
19:14:19.0175 3212 AsyncMac - ok
19:14:19.0190 3212 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
19:14:19.0206 3212 atapi - ok
19:14:19.0268 3212 Ati External Event Utility (81ac7567f476aa6d9ae7c84c4b3a5f81) C:\Windows\system32\Ati2evxx.exe
19:14:19.0362 3212 Ati External Event Utility - ok
19:14:19.0596 3212 atikmdag (8ea545f0f90e6388dcaca8f4f9404dc5) C:\Windows\system32\DRIVERS\atikmdag.sys
19:14:19.0830 3212 atikmdag - ok
19:14:19.0939 3212 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
19:14:19.0986 3212 AudioEndpointBuilder - ok
19:14:19.0986 3212 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
19:14:20.0017 3212 AudioSrv - ok
19:14:20.0079 3212 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
19:14:20.0126 3212 BFE - ok
19:14:20.0189 3212 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\System32\qmgr.dll
19:14:20.0313 3212 BITS - ok
19:14:20.0376 3212 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
19:14:20.0423 3212 blbdrive - ok
19:14:20.0438 3212 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
19:14:20.0485 3212 bowser - ok
19:14:20.0501 3212 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
19:14:20.0532 3212 BrFiltLo - ok
19:14:20.0547 3212 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
19:14:20.0579 3212 BrFiltUp - ok
19:14:20.0610 3212 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
19:14:20.0672 3212 Browser - ok
19:14:20.0688 3212 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
19:14:20.0828 3212 Brserid - ok
19:14:20.0844 3212 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
19:14:20.0906 3212 BrSerWdm - ok
19:14:20.0937 3212 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
19:14:21.0000 3212 BrUsbMdm - ok
19:14:21.0000 3212 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
19:14:21.0078 3212 BrUsbSer - ok
19:14:21.0093 3212 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
19:14:21.0156 3212 BTHMODEM - ok
19:14:21.0187 3212 BUNAgentSvc (09e6affae6c0e9158bf05c7d08d0107a) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
19:14:21.0203 3212 BUNAgentSvc ( UnsignedFile.Multi.Generic ) - warning
19:14:21.0203 3212 BUNAgentSvc - detected UnsignedFile.Multi.Generic (1)
19:14:21.0234 3212 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
19:14:21.0265 3212 cdfs - ok
19:14:21.0296 3212 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
19:14:21.0343 3212 cdrom - ok
19:14:21.0359 3212 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
19:14:21.0390 3212 CertPropSvc - ok
19:14:21.0405 3212 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
19:14:21.0452 3212 circlass - ok
19:14:21.0483 3212 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
19:14:21.0515 3212 CLFS - ok
19:14:21.0561 3212 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:14:21.0577 3212 clr_optimization_v2.0.50727_32 - ok
19:14:21.0608 3212 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:14:21.0624 3212 clr_optimization_v2.0.50727_64 - ok
19:14:21.0671 3212 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:14:21.0686 3212 clr_optimization_v4.0.30319_32 - ok
19:14:21.0717 3212 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:14:21.0717 3212 clr_optimization_v4.0.30319_64 - ok
19:14:21.0733 3212 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
19:14:21.0749 3212 cmdide - ok
19:14:21.0764 3212 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
19:14:21.0780 3212 Compbatt - ok
19:14:21.0780 3212 COMSysApp - ok
19:14:21.0795 3212 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
19:14:21.0811 3212 crcdisk - ok
19:14:21.0842 3212 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll
19:14:21.0889 3212 CryptSvc - ok
19:14:21.0936 3212 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
19:14:21.0983 3212 DcomLaunch - ok
19:14:22.0014 3212 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
19:14:22.0045 3212 DfsC - ok
19:14:22.0217 3212 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
19:14:22.0373 3212 DFSR - ok
19:14:22.0497 3212 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
19:14:22.0544 3212 Dhcp - ok
19:14:22.0575 3212 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
19:14:22.0591 3212 disk - ok
19:14:22.0607 3212 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
19:14:22.0638 3212 Dnscache - ok
19:14:22.0669 3212 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
19:14:22.0716 3212 dot3svc - ok
19:14:22.0778 3212 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
19:14:22.0825 3212 DPS - ok
19:14:22.0841 3212 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
19:14:22.0919 3212 drmkaud - ok
19:14:22.0981 3212 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
19:14:23.0028 3212 DXGKrnl - ok
19:14:23.0059 3212 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
19:14:23.0106 3212 E1G60 - ok
19:14:23.0137 3212 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
19:14:23.0184 3212 EapHost - ok
19:14:23.0215 3212 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
19:14:23.0231 3212 Ecache - ok
19:14:23.0277 3212 eDataSecurity Service (b1f2503e23425b386df0f3413b2596f3) C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
19:14:23.0309 3212 eDataSecurity Service - ok
19:14:23.0340 3212 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
19:14:23.0387 3212 ehRecvr - ok
19:14:23.0402 3212 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
19:14:23.0449 3212 ehSched - ok
19:14:23.0465 3212 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
19:14:23.0496 3212 ehstart - ok
19:14:23.0543 3212 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
19:14:23.0574 3212 elxstor - ok
19:14:23.0636 3212 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
19:14:23.0683 3212 EMDMgmt - ok
19:14:23.0699 3212 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
19:14:23.0745 3212 ErrDev - ok
19:14:23.0823 3212 ETService (c0fe39b8f686b7c70a666e716cc12b49) C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
19:14:23.0839 3212 ETService ( UnsignedFile.Multi.Generic ) - warning
19:14:23.0839 3212 ETService - detected UnsignedFile.Multi.Generic (1)
19:14:23.0886 3212 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
19:14:23.0948 3212 EventSystem - ok
19:14:23.0964 3212 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
19:14:24.0011 3212 exfat - ok
19:14:24.0073 3212 Fabs - ok
19:14:24.0104 3212 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
19:14:24.0167 3212 fastfat - ok
19:14:24.0198 3212 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
19:14:24.0229 3212 fdc - ok
19:14:24.0260 3212 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
19:14:24.0291 3212 fdPHost - ok
19:14:24.0307 3212 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
19:14:24.0369 3212 FDResPub - ok
19:14:24.0385 3212 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
19:14:24.0401 3212 FileInfo - ok
19:14:24.0416 3212 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
19:14:24.0447 3212 Filetrace - ok
19:14:24.0603 3212 FirebirdServerMAGIXInstance (fff1130f7c9fa01d093a1edfc5cce8fc) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
19:14:24.0744 3212 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
19:14:24.0744 3212 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
19:14:24.0837 3212 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:14:24.0869 3212 flpydisk - ok
19:14:24.0884 3212 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
19:14:24.0915 3212 FltMgr - ok
19:14:25.0009 3212 FontCache (de67b1afab1ddb6ca0bba89a776f26fa) C:\Windows\system32\FntCache.dll
19:14:25.0056 3212 FontCache - ok
19:14:25.0134 3212 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:14:25.0134 3212 FontCache3.0.0.0 - ok
19:14:25.0181 3212 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
19:14:25.0212 3212 Fs_Rec - ok
19:14:25.0227 3212 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
19:14:25.0243 3212 gagp30kx - ok
19:14:25.0290 3212 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
19:14:25.0352 3212 gpsvc - ok
19:14:25.0430 3212 gupdate1c9e48087aef821 (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:14:25.0446 3212 gupdate1c9e48087aef821 - ok
19:14:25.0461 3212 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:14:25.0477 3212 gupdatem - ok
19:14:25.0493 3212 gusvc (a452e9aae84ff0ad57d6bb6c18d338c7) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:14:25.0493 3212 gusvc - ok
19:14:25.0539 3212 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
19:14:25.0571 3212 HdAudAddService - ok
19:14:25.0633 3212 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:14:25.0680 3212 HDAudBus - ok
19:14:25.0695 3212 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
19:14:25.0773 3212 HidBth - ok
19:14:25.0773 3212 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
19:14:25.0836 3212 HidIr - ok
19:14:25.0883 3212 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll
19:14:25.0914 3212 hidserv - ok
19:14:25.0945 3212 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
19:14:25.0992 3212 HidUsb - ok
19:14:26.0007 3212 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
19:14:26.0039 3212 hkmsvc - ok
19:14:26.0070 3212 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
19:14:26.0085 3212 HpCISSs - ok
19:14:26.0117 3212 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
19:14:26.0195 3212 HTTP - ok
19:14:26.0210 3212 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
19:14:26.0226 3212 i2omp - ok
19:14:26.0241 3212 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
19:14:26.0288 3212 i8042prt - ok
19:14:26.0319 3212 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
19:14:26.0351 3212 iaStorV - ok
19:14:26.0444 3212 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:14:26.0507 3212 idsvc - ok
19:14:26.0553 3212 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
19:14:26.0569 3212 iirsp - ok
19:14:26.0600 3212 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
19:14:26.0678 3212 IKEEXT - ok
19:14:26.0756 3212 int15 (8c7fa71cb1ebcd3ede8958d27b1bf0b4) C:\Windows\SysWOW64\drivers\int15_64.sys
19:14:26.0756 3212 int15 - ok
19:14:26.0865 3212 IntcAzAudAddService (023eb98945069178c21b324b880ad787) C:\Windows\system32\drivers\RTKVHD64.sys
19:14:26.0959 3212 IntcAzAudAddService - ok
19:14:27.0068 3212 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
19:14:27.0068 3212 intelide - ok
19:14:27.0084 3212 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
19:14:27.0115 3212 intelppm - ok
19:14:27.0146 3212 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
19:14:27.0193 3212 IPBusEnum - ok
19:14:27.0209 3212 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:14:27.0240 3212 IpFilterDriver - ok
19:14:27.0271 3212 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
19:14:27.0333 3212 iphlpsvc - ok
19:14:27.0333 3212 IpInIp - ok
19:14:27.0365 3212 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
19:14:27.0411 3212 IPMIDRV - ok
19:14:27.0427 3212 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
19:14:27.0474 3212 IPNAT - ok
19:14:27.0489 3212 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
19:14:27.0536 3212 IRENUM - ok
19:14:27.0567 3212 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
19:14:27.0567 3212 isapnp - ok
19:14:27.0599 3212 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
19:14:27.0614 3212 iScsiPrt - ok
19:14:27.0630 3212 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
19:14:27.0645 3212 iteatapi - ok
19:14:27.0661 3212 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
19:14:27.0677 3212 iteraid - ok
19:14:27.0692 3212 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
19:14:27.0692 3212 kbdclass - ok
19:14:27.0708 3212 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
19:14:27.0755 3212 kbdhid - ok
19:14:27.0770 3212 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
19:14:27.0801 3212 KeyIso - ok
19:14:27.0848 3212 KSecDD (88956ad9fa510848ad176777a6c6c1f5) C:\Windows\system32\Drivers\ksecdd.sys
19:14:27.0879 3212 KSecDD - ok
19:14:27.0911 3212 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
19:14:27.0957 3212 ksthunk - ok
19:14:28.0004 3212 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
19:14:28.0098 3212 KtmRm - ok
19:14:28.0129 3212 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll
19:14:28.0176 3212 LanmanServer - ok
19:14:28.0207 3212 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
19:14:28.0254 3212 LanmanWorkstation - ok
19:14:28.0316 3212 LightScribeService (793ff718477345cd5d232c50bed1e452) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
19:14:28.0316 3212 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
19:14:28.0316 3212 LightScribeService - detected UnsignedFile.Multi.Generic (1)
19:14:28.0332 3212 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
19:14:28.0363 3212 lltdio - ok
19:14:28.0394 3212 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
19:14:28.0472 3212 lltdsvc - ok
19:14:28.0488 3212 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
19:14:28.0535 3212 lmhosts - ok
19:14:28.0550 3212 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
19:14:28.0566 3212 LSI_FC - ok
19:14:28.0597 3212 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
19:14:28.0613 3212 LSI_SAS - ok
19:14:28.0628 3212 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
19:14:28.0644 3212 LSI_SCSI - ok
19:14:28.0659 3212 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
19:14:28.0706 3212 luafv - ok
19:14:28.0722 3212 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
19:14:28.0737 3212 MBAMProtector - ok
19:14:28.0800 3212 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:14:28.0815 3212 MBAMService - ok
19:14:28.0862 3212 McAfee SiteAdvisor Service (4571b4e5d316ca688cedd3ab0f2563f1) C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
19:14:28.0878 3212 McAfee SiteAdvisor Service - ok
19:14:28.0909 3212 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
19:14:28.0925 3212 Mcx2Svc - ok
19:14:28.0956 3212 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
19:14:28.0956 3212 megasas - ok
19:14:29.0003 3212 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
19:14:29.0034 3212 MegaSR - ok
19:14:29.0049 3212 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
19:14:29.0081 3212 MMCSS - ok
19:14:29.0096 3212 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
19:14:29.0159 3212 Modem - ok
19:14:29.0174 3212 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
19:14:29.0221 3212 monitor - ok
19:14:29.0237 3212 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
19:14:29.0237 3212 mouclass - ok
19:14:29.0268 3212 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
19:14:29.0315 3212 mouhid - ok
19:14:29.0315 3212 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
19:14:29.0330 3212 MountMgr - ok
19:14:29.0377 3212 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:14:29.0393 3212 MozillaMaintenance - ok
19:14:29.0424 3212 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
19:14:29.0439 3212 mpio - ok
19:14:29.0455 3212 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
19:14:29.0502 3212 mpsdrv - ok
19:14:29.0533 3212 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
19:14:29.0580 3212 MpsSvc - ok
19:14:29.0611 3212 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
19:14:29.0627 3212 Mraid35x - ok
19:14:29.0658 3212 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
19:14:29.0689 3212 MRxDAV - ok
19:14:29.0720 3212 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:14:29.0736 3212 mrxsmb - ok
19:14:29.0767 3212 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:14:29.0798 3212 mrxsmb10 - ok
19:14:29.0814 3212 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:14:29.0845 3212 mrxsmb20 - ok
19:14:29.0861 3212 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
19:14:29.0876 3212 msahci - ok
19:14:29.0892 3212 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
19:14:29.0907 3212 msdsm - ok
19:14:29.0923 3212 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
19:14:29.0970 3212 MSDTC - ok
19:14:30.0001 3212 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
19:14:30.0032 3212 Msfs - ok
19:14:30.0048 3212 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
19:14:30.0063 3212 msisadrv - ok
19:14:30.0079 3212 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
19:14:30.0126 3212 MSiSCSI - ok
19:14:30.0141 3212 msiserver - ok
19:14:30.0157 3212 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
19:14:30.0204 3212 MSKSSRV - ok
19:14:30.0219 3212 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
19:14:30.0282 3212 MSPCLOCK - ok
19:14:30.0297 3212 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
19:14:30.0344 3212 MSPQM - ok
19:14:30.0375 3212 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
19:14:30.0407 3212 MsRPC - ok
19:14:30.0422 3212 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
19:14:30.0422 3212 mssmbios - ok
19:14:30.0453 3212 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
19:14:30.0500 3212 MSTEE - ok
19:14:30.0516 3212 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
19:14:30.0531 3212 Mup - ok
19:14:30.0563 3212 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
19:14:30.0609 3212 napagent - ok
19:14:30.0656 3212 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
19:14:30.0687 3212 NativeWifiP - ok
19:14:30.0734 3212 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
19:14:30.0765 3212 NDIS - ok
19:14:30.0797 3212 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
19:14:30.0843 3212 NdisTapi - ok
19:14:30.0843 3212 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
19:14:30.0890 3212 Ndisuio - ok
19:14:30.0921 3212 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
19:14:30.0968 3212 NdisWan - ok
19:14:30.0984 3212 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
19:14:31.0031 3212 NDProxy - ok
19:14:31.0046 3212 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
19:14:31.0093 3212 NetBIOS - ok
19:14:31.0140 3212 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
19:14:31.0187 3212 netbt - ok
19:14:31.0202 3212 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
19:14:31.0218 3212 Netlogon - ok
19:14:31.0249 3212 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
19:14:31.0280 3212 Netman - ok
19:14:31.0311 3212 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
19:14:31.0374 3212 netprofm - ok
19:14:31.0436 3212 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:14:31.0452 3212 NetTcpPortSharing - ok
19:14:31.0483 3212 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
19:14:31.0499 3212 nfrd960 - ok
19:14:31.0530 3212 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
19:14:31.0577 3212 NlaSvc - ok
19:14:31.0608 3212 nmwcdcx64 (2c761cc067acf0fb4ea13930b09bfeea) C:\Windows\system32\drivers\ccdcmbox64.sys
19:14:31.0639 3212 nmwcdcx64 - ok
19:14:31.0670 3212 nmwcdx64 (63051819d5cac0fa49c425fc5e1a2b5c) C:\Windows\system32\drivers\ccdcmbx64.sys
19:14:31.0701 3212 nmwcdx64 - ok
19:14:31.0717 3212 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
19:14:31.0764 3212 Npfs - ok
19:14:31.0779 3212 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
19:14:31.0826 3212 nsi - ok
19:14:31.0842 3212 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
19:14:31.0889 3212 nsiproxy - ok
19:14:31.0982 3212 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
19:14:32.0091 3212 Ntfs - ok
19:14:32.0138 3212 NTIBackupSvc (a2b6583a5652a385dff5e4f49ad48761) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
19:14:32.0154 3212 NTIBackupSvc ( UnsignedFile.Multi.Generic ) - warning
19:14:32.0154 3212 NTIBackupSvc - detected UnsignedFile.Multi.Generic (1)
19:14:32.0247 3212 NTIDrvr (7d397449aaf52b0e7c79b64f6ad4473e) C:\Windows\system32\Drivers\NTIDrvr.sys
19:14:32.0263 3212 NTIDrvr - ok
19:14:32.0279 3212 NTISchedulerSvc (40b87fe8a1a9a5ac9e5a91d96f212bcd) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
19:14:32.0279 3212 NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - warning
19:14:32.0279 3212 NTISchedulerSvc - detected UnsignedFile.Multi.Generic (1)
19:14:32.0294 3212 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
19:14:32.0357 3212 Null - ok
19:14:32.0435 3212 NVENETFD (98350606682594521d56eccb5d01ecf7) C:\Windows\system32\DRIVERS\nvmfdx64.sys
19:14:32.0497 3212 NVENETFD - ok
19:14:32.0591 3212 NVHDA (6e022d5f44cd8b029cf799807bb31269) C:\Windows\system32\drivers\nvhda64v.sys
19:14:32.0591 3212 NVHDA - ok
19:14:32.0996 3212 nvlddmkm (57903fa36945a692172f384eb96c8f0a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:14:33.0355 3212 nvlddmkm - ok
19:14:33.0449 3212 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
19:14:33.0464 3212 nvraid - ok
19:14:33.0480 3212 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
19:14:33.0495 3212 nvstor - ok
19:14:33.0511 3212 nvstor64 (581286807b5832503fd700a3217b589f) C:\Windows\system32\DRIVERS\nvstor64.sys
19:14:33.0511 3212 nvstor64 - ok
19:14:33.0558 3212 nvsvc (8b7ac24e9c299fb1c3f519df94e7e05f) C:\Windows\system32\nvvsvc.exe
19:14:33.0620 3212 nvsvc - ok
19:14:33.0636 3212 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
19:14:33.0651 3212 nv_agp - ok
19:14:33.0651 3212 NwlnkFlt - ok
19:14:33.0651 3212 NwlnkFwd - ok
19:14:33.0761 3212 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:14:33.0792 3212 odserv - ok
19:14:33.0823 3212 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
19:14:33.0854 3212 ohci1394 - ok
19:14:33.0885 3212 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:14:33.0885 3212 ose - ok
19:14:33.0963 3212 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
19:14:34.0057 3212 p2pimsvc - ok
19:14:34.0073 3212 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
19:14:34.0104 3212 p2psvc - ok
19:14:34.0135 3212 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
19:14:34.0182 3212 Parport - ok
19:14:34.0213 3212 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
19:14:34.0229 3212 partmgr - ok
19:14:34.0244 3212 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
19:14:34.0275 3212 PcaSvc - ok
19:14:34.0322 3212 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
19:14:34.0353 3212 pccsmcfd - ok
19:14:34.0369 3212 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
19:14:34.0385 3212 pci - ok
19:14:34.0416 3212 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
19:14:34.0431 3212 pciide - ok
19:14:34.0463 3212 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
19:14:34.0478 3212 pcmcia - ok
19:14:34.0525 3212 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
19:14:34.0619 3212 PEAUTH - ok
19:14:34.0681 3212 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
19:14:34.0712 3212 PerfHost - ok
19:14:34.0853 3212 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
19:14:34.0931 3212 pla - ok
19:14:34.0962 3212 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
19:14:34.0993 3212 PlugPlay - ok
19:14:35.0071 3212 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
19:14:35.0087 3212 PNRPAutoReg - ok
19:14:35.0102 3212 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
19:14:35.0149 3212 PNRPsvc - ok
19:14:35.0196 3212 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
19:14:35.0258 3212 PolicyAgent - ok
19:14:35.0305 3212 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
19:14:35.0336 3212 PptpMiniport - ok
19:14:35.0352 3212 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
19:14:35.0399 3212 Processor - ok
19:14:35.0430 3212 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
19:14:35.0461 3212 ProfSvc - ok
19:14:35.0492 3212 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
19:14:35.0508 3212 ProtectedStorage - ok
19:14:35.0539 3212 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
19:14:35.0570 3212 PSched - ok
19:14:35.0570 3212 PSDFilter (2cfd31d41cde75328acaeee2d4f4b836) C:\Windows\system32\DRIVERS\psdfilter.sys
19:14:35.0586 3212 PSDFilter - ok
19:14:35.0601 3212 PSDNServ (51a585f999672d8bb07f22ae12b40846) C:\Windows\system32\DRIVERS\PSDNServ.sys
19:14:35.0601 3212 PSDNServ - ok
19:14:35.0617 3212 psdvdisk (db50d3f5c31b1a848b04f7f2a6ff2709) C:\Windows\system32\DRIVERS\PSDVdisk.sys
19:14:35.0633 3212 psdvdisk - ok
19:14:35.0695 3212 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
19:14:35.0773 3212 ql2300 - ok
19:14:35.0789 3212 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
19:14:35.0804 3212 ql40xx - ok
19:14:35.0835 3212 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
19:14:35.0882 3212 QWAVE - ok
19:14:35.0898 3212 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
19:14:35.0913 3212 QWAVEdrv - ok
19:14:35.0929 3212 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
19:14:35.0976 3212 RasAcd - ok
19:14:35.0991 3212 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
19:14:36.0054 3212 RasAuto - ok
19:14:36.0069 3212 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:14:36.0116 3212 Rasl2tp - ok
19:14:36.0147 3212 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
19:14:36.0179 3212 RasMan - ok
19:14:36.0210 3212 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
19:14:36.0241 3212 RasPppoe - ok
19:14:36.0272 3212 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
19:14:36.0303 3212 RasSstp - ok
19:14:36.0350 3212 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
19:14:36.0381 3212 rdbss - ok
19:14:36.0397 3212 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:14:36.0444 3212 RDPCDD - ok
19:14:36.0459 3212 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
19:14:36.0522 3212 rdpdr - ok
19:14:36.0522 3212 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
19:14:36.0569 3212 RDPENCDD - ok
19:14:36.0615 3212 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys
19:14:36.0631 3212 RDPWD - ok
19:14:36.0662 3212 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
19:14:36.0709 3212 RemoteAccess - ok
19:14:36.0740 3212 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
19:14:36.0787 3212 RemoteRegistry - ok
19:14:36.0834 3212 RichVideo (a035a7bf5132682f53f1e7b955690ce7) C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
19:14:36.0849 3212 RichVideo ( UnsignedFile.Multi.Generic ) - warning
19:14:36.0849 3212 RichVideo - detected UnsignedFile.Multi.Generic (1)
19:14:36.0881 3212 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
19:14:36.0912 3212 RpcLocator - ok
19:14:36.0959 3212 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
19:14:37.0005 3212 RpcSs - ok
19:14:37.0037 3212 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
19:14:37.0068 3212 rspndr - ok
19:14:37.0099 3212 s3017bus (d6e1d780fe3fe014ccac83c2cf961067) C:\Windows\system32\DRIVERS\s3017bus.sys
19:14:37.0115 3212 s3017bus - ok
19:14:37.0130 3212 s3017mdfl (4005cb0f1798220eec624e2d588411b0) C:\Windows\system32\DRIVERS\s3017mdfl.sys
19:14:37.0146 3212 s3017mdfl - ok
19:14:37.0161 3212 s3017mdm (19467740bf06ab124061f59b2bc8d58d) C:\Windows\system32\DRIVERS\s3017mdm.sys
19:14:37.0177 3212 s3017mdm - ok
19:14:37.0193 3212 s3017mgmt (e659d5964aa8bd18e3a16f38ce471eda) C:\Windows\system32\DRIVERS\s3017mgmt.sys
19:14:37.0208 3212 s3017mgmt - ok
19:14:37.0224 3212 s3017nd5 (b030b78dd935ca8796857998bb973427) C:\Windows\system32\DRIVERS\s3017nd5.sys
19:14:37.0224 3212 s3017nd5 - ok
19:14:37.0255 3212 s3017obex (619de95f5e415fe5b44b2d6a4876e2a0) C:\Windows\system32\DRIVERS\s3017obex.sys
19:14:37.0271 3212 s3017obex - ok
19:14:37.0286 3212 s3017unic (a9c55d01b185106f9bee9967bf26e3af) C:\Windows\system32\DRIVERS\s3017unic.sys
19:14:37.0302 3212 s3017unic - ok
19:14:37.0317 3212 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
19:14:37.0333 3212 SamSs - ok
19:14:37.0364 3212 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
19:14:37.0364 3212 sbp2port - ok
19:14:37.0395 3212 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
19:14:37.0427 3212 SCardSvr - ok
19:14:37.0489 3212 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
19:14:37.0583 3212 Schedule - ok
19:14:37.0598 3212 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
19:14:37.0614 3212 SCPolicySvc - ok
19:14:37.0645 3212 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
19:14:37.0676 3212 SDRSVC - ok
19:14:37.0692 3212 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:14:37.0754 3212 secdrv - ok
19:14:37.0770 3212 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
19:14:37.0817 3212 seclogon - ok
19:14:37.0848 3212 seehcri (ede7a1d2715aac2190d51dc07afd44e3) C:\Windows\system32\DRIVERS\seehcri.sys
19:14:37.0879 3212 seehcri - ok
19:14:37.0895 3212 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
19:14:37.0941 3212 SENS - ok
19:14:37.0957 3212 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
19:14:38.0004 3212 Serenum - ok
19:14:38.0019 3212 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
19:14:38.0066 3212 Serial - ok
19:14:38.0082 3212 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
19:14:38.0113 3212 sermouse - ok
19:14:38.0191 3212 ServiceLayer (2d841b7b7f6dec32162edfcc69d61f42) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
19:14:38.0238 3212 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
19:14:38.0238 3212 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
19:14:38.0285 3212 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
19:14:38.0331 3212 SessionEnv - ok
19:14:38.0331 3212 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
19:14:38.0378 3212 sffdisk - ok
19:14:38.0394 3212 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
19:14:38.0425 3212 sffp_mmc - ok
19:14:38.0441 3212 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
19:14:38.0487 3212 sffp_sd - ok
19:14:38.0503 3212 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
19:14:38.0565 3212 sfloppy - ok
19:14:38.0597 3212 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
19:14:38.0659 3212 SharedAccess - ok
19:14:38.0690 3212 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
19:14:38.0737 3212 ShellHWDetection - ok
19:14:38.0753 3212 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
19:14:38.0753 3212 SiSRaid2 - ok
19:14:38.0784 3212 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
19:14:38.0799 3212 SiSRaid4 - ok
19:14:38.0955 3212 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
19:14:39.0049 3212 slsvc - ok
19:14:39.0143 3212 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
19:14:39.0189 3212 SLUINotify - ok
19:14:39.0236 3212 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
19:14:39.0283 3212 Smb - ok
19:14:39.0314 3212 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
19:14:39.0330 3212 SNMPTRAP - ok
19:14:39.0345 3212 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
19:14:39.0361 3212 spldr - ok
19:14:39.0392 3212 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
19:14:39.0455 3212 Spooler - ok
19:14:39.0486 3212 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
19:14:39.0548 3212 srv - ok
19:14:39.0579 3212 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
19:14:39.0642 3212 srv2 - ok
19:14:39.0673 3212 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
19:14:39.0704 3212 srvnet - ok
19:14:39.0720 3212 sscdbus (1612881760c9df7fbb09b6cf1d3ba0df) C:\Windows\system32\DRIVERS\sscdbus.sys
19:14:39.0735 3212 sscdbus - ok
19:14:39.0751 3212 sscdmdfl (d7803a687e85189ea2b525cc22093521) C:\Windows\system32\DRIVERS\sscdmdfl.sys
19:14:39.0798 3212 sscdmdfl - ok
19:14:39.0845 3212 sscdmdm (06db3d5eb2444083c7f5af7874765505) C:\Windows\system32\DRIVERS\sscdmdm.sys
19:14:39.0860 3212 sscdmdm - ok
19:14:39.0891 3212 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
19:14:39.0938 3212 SSDPSRV - ok
19:14:39.0969 3212 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
19:14:40.0001 3212 SstpSvc - ok
19:14:40.0032 3212 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
19:14:40.0079 3212 stisvc - ok
19:14:40.0094 3212 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
19:14:40.0094 3212 swenum - ok
19:14:40.0141 3212 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
19:14:40.0203 3212 swprv - ok
19:14:40.0219 3212 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
19:14:40.0235 3212 Symc8xx - ok
19:14:40.0250 3212 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
19:14:40.0250 3212 Sym_hi - ok
19:14:40.0266 3212 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
19:14:40.0281 3212 Sym_u3 - ok
19:14:40.0344 3212 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
19:14:40.0406 3212 SysMain - ok
19:14:40.0437 3212 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
19:14:40.0469 3212 TabletInputService - ok
19:14:40.0484 3212 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
19:14:40.0531 3212 TapiSrv - ok
19:14:40.0547 3212 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
19:14:40.0593 3212 TBS - ok
19:14:40.0718 3212 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys
19:14:40.0796 3212 Tcpip - ok
19:14:40.0952 3212 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys
19:14:40.0999 3212 Tcpip6 - ok
19:14:41.0077 3212 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
19:14:41.0108 3212 tcpipreg - ok
19:14:41.0124 3212 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
19:14:41.0155 3212 TDPIPE - ok
19:14:41.0171 3212 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
19:14:41.0217 3212 TDTCP - ok
19:14:41.0233 3212 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
19:14:41.0264 3212 tdx - ok
19:14:41.0280 3212 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
19:14:41.0295 3212 TermDD - ok
19:14:41.0342 3212 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
19:14:41.0405 3212 TermService - ok
19:14:41.0436 3212 TFsExDisk (ce4b6956e4e12492715a53076e58761f) C:\Windows\System32\Drivers\TFsExDisk.sys
19:14:41.0451 3212 TFsExDisk - ok
19:14:41.0483 3212 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
19:14:41.0498 3212 Themes - ok
19:14:41.0514 3212 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
19:14:41.0545 3212 THREADORDER - ok
19:14:41.0576 3212 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
19:14:41.0607 3212 TrkWks - ok
19:14:41.0639 3212 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
19:14:41.0685 3212 TrustedInstaller - ok
19:14:41.0701 3212 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:14:41.0748 3212 tssecsrv - ok
19:14:41.0763 3212 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
19:14:41.0795 3212 tunmp - ok
19:14:41.0826 3212 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
19:14:41.0857 3212 tunnel - ok
19:14:41.0873 3212 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
19:14:41.0888 3212 uagp35 - ok
19:14:41.0904 3212 UBHelper (00c8ce31657624a125fdb90efd554371) C:\Windows\system32\drivers\UBHelper.sys
19:14:41.0919 3212 UBHelper - ok
19:14:41.0935 3212 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
19:14:41.0997 3212 udfs - ok
19:14:42.0029 3212 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
19:14:42.0060 3212 UI0Detect - ok
19:14:42.0075 3212 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
19:14:42.0091 3212 uliagpkx - ok
19:14:42.0107 3212 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
19:14:42.0138 3212 uliahci - ok
19:14:42.0153 3212 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
19:14:42.0169 3212 UlSata - ok
19:14:42.0200 3212 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
19:14:42.0216 3212 ulsata2 - ok
19:14:42.0231 3212 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
19:14:42.0263 3212 umbus - ok
19:14:42.0309 3212 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
19:14:42.0372 3212 upnphost - ok
19:14:42.0403 3212 upperdev (bcd611d240604ceee7f90805361fab50) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
19:14:42.0450 3212 upperdev - ok
19:14:42.0481 3212 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
19:14:42.0512 3212 usbccgp - ok
19:14:42.0528 3212 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
19:14:42.0590 3212 usbcir - ok
19:14:42.0621 3212 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
19:14:42.0653 3212 usbehci - ok
19:14:42.0684 3212 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
19:14:42.0731 3212 usbhub - ok
19:14:42.0746 3212 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
19:14:42.0777 3212 usbohci - ok
19:14:42.0793 3212 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
19:14:42.0824 3212 usbprint - ok
19:14:42.0855 3212 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
19:14:42.0887 3212 usbscan - ok
19:14:42.0902 3212 usbser (f7386007fb19e7685fc7b298560aa81f) C:\Windows\system32\drivers\usbser.sys
19:14:42.0933 3212 usbser - ok
19:14:42.0949 3212 UsbserFilt (d91be2644b18b4e3c69982fe0e1e97d6) C:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys
19:14:42.0980 3212 UsbserFilt - ok
19:14:43.0011 3212 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:14:43.0043 3212 USBSTOR - ok
19:14:43.0058 3212 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
19:14:43.0089 3212 usbuhci - ok
19:14:43.0105 3212 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
19:14:43.0136 3212 UxSms - ok
19:14:43.0167 3212 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
19:14:43.0214 3212 vds - ok
19:14:43.0230 3212 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
19:14:43.0277 3212 vga - ok
19:14:43.0277 3212 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
19:14:43.0323 3212 VgaSave - ok
19:14:43.0339 3212 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
19:14:43.0355 3212 viaide - ok
19:14:43.0370 3212 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
19:14:43.0386 3212 volmgr - ok
19:14:43.0417 3212 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
19:14:43.0448 3212 volmgrx - ok
19:14:43.0479 3212 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
19:14:43.0511 3212 volsnap - ok
19:14:43.0526 3212 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
19:14:43.0542 3212 vsmraid - ok
19:14:43.0620 3212 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
19:14:43.0745 3212 VSS - ok
19:14:43.0838 3212 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
19:14:43.0885 3212 W32Time - ok
19:14:43.0916 3212 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
19:14:43.0994 3212 WacomPen - ok
19:14:44.0025 3212 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
19:14:44.0057 3212 Wanarp - ok
19:14:44.0072 3212 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
19:14:44.0088 3212 Wanarpv6 - ok
19:14:44.0119 3212 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
19:14:44.0213 3212 wcncsvc - ok
19:14:44.0259 3212 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
19:14:44.0291 3212 WcsPlugInService - ok
19:14:44.0322 3212 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
19:14:44.0337 3212 Wd - ok
19:14:44.0384 3212 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:14:44.0415 3212 Wdf01000 - ok
19:14:44.0431 3212 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
19:14:44.0478 3212 WdiServiceHost - ok
19:14:44.0478 3212 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
19:14:44.0525 3212 WdiSystemHost - ok
19:14:44.0556 3212 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
19:14:44.0587 3212 WebClient - ok
19:14:44.0603 3212 Wecsvc (bd9a749f36710ffa02e0e530f7451936) C:\Windows\system32\wecsvc.dll
19:14:44.0681 3212 Wecsvc - ok
19:14:44.0696 3212 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
19:14:44.0727 3212 wercplsupport - ok
19:14:44.0743 3212 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
19:14:44.0774 3212 WerSvc - ok
19:14:44.0805 3212 WinDefend - ok
19:14:44.0821 3212 WinHttpAutoProxySvc - ok
19:14:44.0852 3212 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
19:14:44.0899 3212 Winmgmt - ok
19:14:44.0961 3212 WinRM (42717db2be3a075d0f0cd5c927c27a43) C:\Windows\system32\WsmSvc.dll
19:14:45.0039 3212 WinRM - ok
19:14:45.0102 3212 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
19:14:45.0164 3212 Wlansvc - ok
19:14:45.0195 3212 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:14:45.0242 3212 WmiAcpi - ok
19:14:45.0289 3212 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
19:14:45.0320 3212 wmiApSrv - ok
19:14:45.0351 3212 WMPNetworkSvc - ok
19:14:45.0398 3212 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
19:14:45.0429 3212 WPCSvc - ok
19:14:45.0445 3212 WPDBusEnum (a27c8f92d84e2ddc151978e4692c978e) C:\Windows\system32\wpdbusenum.dll
19:14:45.0476 3212 WPDBusEnum - ok
19:14:45.0507 3212 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys
19:14:45.0554 3212 WpdUsb - ok
19:14:45.0663 3212 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:14:45.0695 3212 WPFFontCache_v0400 - ok
19:14:45.0726 3212 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
19:14:45.0773 3212 ws2ifsl - ok
19:14:45.0788 3212 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\System32\wscsvc.dll
19:14:45.0804 3212 wscsvc - ok
19:14:45.0804 3212 WSearch - ok
19:14:45.0929 3212 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
19:14:46.0038 3212 wuauserv - ok
19:14:46.0163 3212 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
19:14:46.0194 3212 WudfPf - ok
19:14:46.0209 3212 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:14:46.0241 3212 WUDFRd - ok
19:14:46.0256 3212 wudfsvc (3dcc7bf5afa921b479e622bd999121f3) C:\Windows\System32\WUDFSvc.dll
19:14:46.0287 3212 wudfsvc - ok
19:14:46.0319 3212 MBR (0x1B8) (ef932eaa6ef4c94e66a7f6ceec7eb422) \Device\Harddisk0\DR0
19:14:49.0033 3212 \Device\Harddisk0\DR0 - ok
19:14:49.0033 3212 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk3\DR5
19:14:52.0933 3212 \Device\Harddisk3\DR5 - ok
19:14:52.0949 3212 Boot (0x1200) (9cc8b69d30faf468985cdf1795be00c9) \Device\Harddisk0\DR0\Partition0
19:14:52.0949 3212 \Device\Harddisk0\DR0\Partition0 - ok
19:14:52.0964 3212 Boot (0x1200) (e3a77f3bcd675a0f409a4c80da8c667e) \Device\Harddisk0\DR0\Partition1
19:14:52.0964 3212 \Device\Harddisk0\DR0\Partition1 - ok
19:14:52.0964 3212 Boot (0x1200) (97d2e97a6532237df8839202da66cd95) \Device\Harddisk3\DR5\Partition0
19:14:52.0964 3212 \Device\Harddisk3\DR5\Partition0 - ok
19:14:52.0964 3212 ============================================================
19:14:52.0964 3212 Scan finished
19:14:52.0964 3212 ============================================================
19:14:52.0980 2704 Detected object count: 9
19:14:52.0980 2704 Actual detected object count: 9
19:15:50.0123 2704 Acer HomeMedia Connect Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:15:50.0123 2704 Acer HomeMedia Connect Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:15:50.0123 2704 BUNAgentSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:15:50.0123 2704 BUNAgentSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:15:50.0123 2704 ETService ( UnsignedFile.Multi.Generic ) - skipped by user
19:15:50.0123 2704 ETService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:15:50.0123 2704 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
19:15:50.0123 2704 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:15:50.0123 2704 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
19:15:50.0123 2704 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:15:50.0123 2704 NTIBackupSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:15:50.0123 2704 NTIBackupSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:15:50.0138 2704 NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:15:50.0138 2704 NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:15:50.0138 2704 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
19:15:50.0138 2704 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:15:50.0138 2704 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
19:15:50.0138 2704 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
29.07.2012, 20:02
| #21 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Phishing Postbank, McAfee meldet unsichere Seite C:\users\...\appdata\roamin\azimcoz\cucilei.exe Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ --> Phishing Postbank, McAfee meldet unsichere Seite C:\users\...\appdata\roamin\azimcoz\cucilei.exe |
|
31.07.2012, 20:03
| #22 |
| | Phishing Postbank, McAfee meldet unsichere Seite C:\users\...\appdata\roamin\azimcoz\cucilei.exe Hallo Arne, Code:
ATTFilter Combofix Logfile: Ina |
|
01.08.2012, 19:08
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Phishing Postbank, McAfee meldet unsichere Seite C:\users\...\appdata\roamin\azimcoz\cucilei.exe Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.08.2012, 16:53
| #24 |
| | Phishing Postbank, McAfee meldet unsichere Seite C:\users\...\appdata\roamin\azimcoz\cucilei.exe Hallo Arne, der Scan mit GMER hat geklappt, jedoch konnte ich nur Haken bei Service,Registry,Files machen. Nach dem Scan kam die Meldung, dass keine Funde vorhanden sind. Habe gerade OSAM Autorun Manger eingesetzt, auf "Save Log" geklickt, finde aber die log-datei nicht. Gruß Ina |
|
03.08.2012, 15:32
| #25 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Phishing Postbank, McAfee meldet unsichere Seite C:\users\...\appdata\roamin\azimcoz\cucilei.exeZitat:
 Wer sitzt direkt vor deinem Rechner, ich oder du?  
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.08.2012, 19:17
| #26 |
| | Phishing Postbank, McAfee meldet unsichere Seite C:\users\...\appdata\roamin\azimcoz\cucilei.exe gib mir doch nen Tipp, weiß nicht mehr wo ich suchen soll ...  |
|
03.08.2012, 20:56
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Phishing Postbank, McAfee meldet unsichere Seite C:\users\...\appdata\roamin\azimcoz\cucilei.exe Da ich nicht weiß was wo abgespeichert wurde würde ich mal den DESKTOP vermuten - bzw. den Ort wo auch die gmer.exe liegt Ansonsten einfach mal mal ausführen und aufmerksam sein
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.08.2012, 15:45
| #28 |
| | Phishing Postbank, McAfee meldet unsichere Seite C:\users\...\appdata\roamin\azimcoz\cucilei.exe Hallo Arne, die osam-log-datei finde ich nicht (werde den scan wiederholen), hier erst mal die die aswMBR.text Datei: Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-05 15:48:24
-----------------------------
15:48:24.731 OS Version: Windows x64 6.0.6002 Service Pack 2
15:48:24.731 Number of processors: 4 586 0x170A
15:48:24.731 ComputerName: PC-1 UserName: Ina
15:48:26.182 Initialize success
15:52:52.872 AVAST engine defs: 12080500
15:53:44.102 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000055
15:53:44.102 Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 3
15:53:44.118 Disk 0 MBR read successfully
15:53:44.118 Disk 0 MBR scan
15:53:44.133 Disk 0 unknown MBR code
15:53:44.149 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 20480 MB offset 2048
15:53:44.164 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 465304 MB offset 41945088
15:53:44.196 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 468082 MB offset 994887684
15:53:44.242 Disk 0 scanning C:\Windows\system32\drivers
15:53:54.086 Service scanning
15:54:13.118 Modules scanning
15:54:13.118 Disk 0 trace - called modules:
15:54:13.149 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys storport.sys hal.dll nvstor64.sys
15:54:13.664 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004e44110]
15:54:13.664 3 CLASSPNP.SYS[fffffa6001001c33] -> nt!IofCallDriver -> [0xfffffa8003c5ae40]
15:54:13.664 5 acpi.sys[fffffa60008bffde] -> nt!IofCallDriver -> \Device\00000055[0xfffffa80040fc060]
15:54:15.162 AVAST engine scan C:\Windows
15:54:19.904 AVAST engine scan C:\Windows\system32
15:57:54.373 AVAST engine scan C:\Windows\system32\drivers
15:58:16.650 AVAST engine scan C:\Users\Ina
16:22:54.750 AVAST engine scan C:\ProgramData
16:34:00.589 Scan finished successfully
16:35:55.857 Disk 0 MBR has been saved successfully to "C:\Users\Ina\Desktop\MBR.dat"
16:35:55.873 The log file has been saved successfully to "C:\Users\Ina\Desktop\aswMBR.txt"
Ina |
|
05.08.2012, 16:43
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Phishing Postbank, McAfee meldet unsichere Seite C:\users\...\appdata\roamin\azimcoz\cucilei.exe Ich brauch immer noch das OSAM Log Kann doch nicht so schwierig sein, sich den Pfad zu merken in dem man es abgespeichert hat Und zudem hat Windows auch eine Suchfunktion!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.08.2012, 16:51
| #30 |
| | Phishing Postbank, McAfee meldet unsichere Seite C:\users\...\appdata\roamin\azimcoz\cucilei.exe die Suchfunktion habe ich natürlich eingesetzt, nichts! Wenn ich auf den Button "save log" klicke passiert nichts, keine Möglichkeit einen Pfad einzugeben, ich glaube das log wird gar nicht gespeichert. Habe nochmals gescannt, wieder dasselbe, Gruß ina |
|
| Themen zu Phishing Postbank, McAfee meldet unsichere Seite C:\users\...\appdata\roamin\azimcoz\cucilei.exe |
| achtung, appdata, betriebssystem, dateien, geblockt, gefälschte, hochfahren, ide, internet, meldet, meldung, pcs, phishing, phishingversuch, pup.netcat, roaming, seite, software, tan, trojaner, verbindung, virus, vista |
Linear-Darstellung
